PHP Login System Reloaded v1.1

Here’s an updated version of the PHP Login System. You can check the old version here. The following was added: 1. Registration fields: email confirmation password confirmation country recaptcha Email confirmation and password confirmation are configurable fields. By default they are shown, but if you wish to remove one or both of them you have […]

From our sponsor: Front-end developers, save time and convert designs into clean React, Vue and HTML code using Anima

PHP Login System

Here’s an updated version of the PHP Login System. You can check the old version here.

The following was added:

1. Registration fields:

  • email confirmation
  • password confirmation
  • country
  • recaptcha

Email confirmation and password confirmation are configurable fields. By default they are shown, but if you wish to remove one or both of them you have to set it in the file constants.php:


2. Table fields:

  • the user ip,
  • number of logins of a user,
  • flag is_admin
  • flag is_blocked
  • new table – Country table

3. dbcontroller class sanitizes user input data

4. Edit Account Area

5. Admin Area – incomplete (for next version)

For now just the list of users is shown and a world map indicating where the users come from.  You can delete Users and set them as Admins. If there are no users to list, no map is shown. Also the User seeing the panel is not shown.
Note that in the demo you will not be able to see the admin part – for admin reasons 🙂

6. New CSS

7. Some other small details in the php code.

For the next version I am planning to :

  • add all admin functions
  • improve and improve ….

To use the recaptcha you need to get a public/private key here . Then you need to define them in constants.php:


In order to use the demo for those who have registered in the previous version’s demo, you need to register again (in the demo login system), since I had to set up another database for it.

Hope you like it. Any suggestions or improvements are welcome!


Download the source code here

Tagged with:


Chadking is an absolute geek that rarely leaves the comfort of his 3-screen desk. He is a self taught programmer and is addicted to all possible legal drugs.

Stay up to date with the latest web design and development news and relevant updates from Codrops.

Feedback 287

Comments are closed.
  1. I love this script, I would like to get some help in regards to the Email verification, some how its not happening for me. Thank you and please keep up the good work in the name of those of us here trying to learn.

  2. I have created another field in the users database called ‘userid1? and set it to autoincrument.

    I would like to make this available to when the session starts so that I can track my users.

    how can I do that so it is available for me to see like their user name.

    cheers and thanks for your great work

  3. Hi Chad & All the others who got the script working !!!

    Please help….And since the day i came across this page and the DEMO Im in love with the script , But the sad part is its NOT working for me…

    Im facing a few probs here and there when i tried to use the script.
    (Through Xamp & on my webhost)

    And heres what i get mainly as an error when i load “public_index.php”

    “”Warning: require_once(//localhost/loginsystem11/php/core.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\loginsystem11\public_index.php on line 2

    Fatal error: require_once() [function.require]: Failed opening required ‘//localhost/loginsystem11/php/core.php’ (include_path=’.;
    C:\xampp\php\PEAR’) in C:\xampp\htdocs\loginsystem11\public_index.php on line 2 “”

    And to my suprise the “password_forget.php ” seems to work fine.

    Also pls take note of the below as well :

    * Ive already replaced all the <? tags with <?php

    ** Database USER / PWD /LOCATIONS / USER PRIVILEGES are configured properly.

    i wante help i dont know why but my recaptcha pic is not showing pls take a look and how can i login in as the admin

  5. hi,
    i would like to know the name of this “frame” on the login page. since i would like to customize it. i cant locate where its name is specified. somebody tell me how i can increase/reduce/edit its width. thks.

  6. Well i’ve figured out pretty much all of this – apart from the email has verification. As it seems chad has somehow disappeared feel free to email me and ask questions on this awesome script. My email is:

  7. nice script, but when i try to run it i get the following message:

    Fatal error: Call to undefined function mb_internal_encoding() in C:\Users\Wesley Sneijers\Desktop\netserver\www\loginsystem2\php\dbcontroller.php on line 13

  8. Great job, but there is a problem with country code, it will not display any drop down menu and I tried all the possible countries, nothing works
    Thanks for te support

  9. Hi,I’ll repeat Robert’s question which it already set at a forum.
    “If a user forgets his password and wants to request a new one, he will receive an email with a link (containing the hash key) to reset the password.
    He then clicks on the link, and is able to reset his password, which is great!
    But the url (which contains the hash key) can be accessed at a later time, allowing an unexpected user to change the password…
    Would it be possible to change the code so that this cannot happen ?”
    I have changed in core.php :
    public function confirmResetPasswordData($email,$hash){
    $email = urldecode($email);
    $retval = $this->dbcontroller->dbconfirmResetPasswordHash($email,$hash);
    We add some lines to update hashkey:
    $time = time();
    $hashupdt = sha1($email.supersecret_hash_padding.supersecret_hash_padding_2.$time);
    return $retval;
    It works, but you can make better 🙂
    Good luck !

  10. Vlad

    I’m not entirely sure what difference your solution makes to the original one in core.php. I’ll admit I’m somewhat of a noob when it comes to php (which is why having this script set and support forum is so helpful), but my understanding of your statement is that the hash created for the reset function is amended with the current time. But it is still static: it will sit in the user table until the next time the user resets the password (unless the user is deleted in the meantime)

    If that is the case (and please tell me if I am wrong), then is there any need to amend the hash in the first place? Wouldn’t it be better to record the date and time the reset password hash was last changed and set up a routine to go through the user table and overwrite any reset hash that is more than 72 hours old?

    Next question, as a noob, how would I do that? I’m trying to set up the activation and reset emails so that the email recipient is told what time the request was made and is given 72 hours to either activate the account or change the password (ideally, I’d also like to include the IP address that the request was made from too)

    Plus of course I’d like to add my thanks to Chad for all his efforts in getting v1.1 as far as it goes

  11. OK, so I gave my own problem a bit of thought (quite a bit of thought, the IP and registration date issue took a good couple of days to get the d*mn thing working) and came up with a couple of solutions (please excuse the length of this post, I thought it might be useful to other readers attempting something similar.

    For the activation email, I put the following code in mailer.php:
    $connect = new mysqli(DB_SERVER, DB_USER, DB_PASS,DB_NAME);
    $i = “SELECT usr_ip,DATE_FORMAT(`usr_signup_date`,\’%W %d %M %Y %T\’) AS showdate FROM users WHERE email = ‘$email'”;
    $res = $connect->query($i);
    $usrproc = $res->fetch_array(MYSQLI_ASSOC);

    with references to $usrproc[‘usr_ip’] and $usrproc[‘showdate’] in the email text

    and in admin.php and dbcontroller.php copied the code to get and display user data and amended it to show 2 tables: one for registered users and one for unconfirmed users. With an extra line or two of code to show the current server date as a comparison, this serves to allow the admin user the option to delete any unconfirmed user who hasn’t activated their registration within 72 hours or so.

    So far as the password reset hash is concerned, I think it is likely that this will be best achieved by creating another table in MySQL (I’m calling it usr_activity), linked to the user table by usr_userid – so EVERY user activity (login, logout, change user details, request a password reset hash etc) is logged and timestamped. OK, this is more data intensive (and will inevitably require regular clear-outs and backups by the admin user, depending on how active the login area is and how big your hosting provider will allow MySQL databases to be), but this will provide more of an audit trail – and should enable site admins to comply with any data protection and privacy policies or laws which may apply to them.

    By using a usr_activity table, it doesn’t matter if the password reset hash has expired, as it should now be possible to match the reset hash against the date it was generated and if that was too long ago, then bounce the user back to either the login page or the forgot password page in order to request a new one.

  12. Hi,

    I’m still learning the ropes of php and all.. I’ve corrected a couple of errors i saw mentioned here, but when I go to register, the page just sits there and does nothing..

  13. In all pages, I am getting the folling error: “Parse error: syntax error, unexpected T_OBJECT_OPERATOR…” and it usually occurs on the top of the php file around line 9 or line 22 depending on the file.

    For setup, I changed the 6 lines as noted in Also, I sucessfully create the table using the mySql. I am not sure what I am doing wrong. Can someone advise?

  14. When can we expect an update of this login system? Really looking forward to the admin functions. Also the guest function would be great (give every guest a temp ID, so we can count them too.

    How are the pw saved in the db? Are they incrypted? And how?

    Kind regards