DEV Community: ASASA The latest articles on DEV Community by ASASA (@asasa_1284cbd1a6d1a1c). https://dev.to/asasa_1284cbd1a6d1a1c https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3888530%2Fe1d19357-b346-44ef-95a9-5675eef3a0dd.png DEV Community: ASASA https://dev.to/asasa_1284cbd1a6d1a1c en php dev101 ASASA Tue, 21 Apr 2026 19:56:00 +0000 https://dev.to/asasa_1284cbd1a6d1a1c/php-dev101-4lb6 https://dev.to/asasa_1284cbd1a6d1a1c/php-dev101-4lb6 <h1> Secure PHP Authentication System (PDO + MySQL) </h1> <p>Hey everyone (:</p> <p>In this project, I built a <strong>secure authentication system</strong> using PHP and MySQL with PDO.<br> The goal was to understand how login systems work and how to make them more secure.</p> <h2> Project Idea </h2> <p>This application allows users to:</p> <ul> <li>Register an account</li> <li>Login securely</li> <li>Access a protected dashboard</li> <li>Logout</li> </ul> <h2> Database (phpMyAdmin) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpj4uweivtogtgznc2czz.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpj4uweivtogtgznc2czz.jpeg" alt=" " width="800" height="131"></a></p> <p>This is the <strong>users table</strong> in phpMyAdmin.</p> <p>It contains:</p> <ul> <li> <strong>id</strong> → primary key</li> <li> <strong>name</strong> → user name</li> <li> <strong>user_email</strong> → email address</li> <li> <strong>password</strong> → hashed password</li> <li> <strong>birthdate</strong>→ birthdate</li> </ul> <p>Passwords are stored using hashing for security.</p> <h2> Database Connection (PDO) </h2> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nv">$host</span> <span class="o">=</span> <span class="s2">"localhost"</span><span class="p">;</span> <span class="nv">$dbname</span> <span class="o">=</span> <span class="s2">"sport_db"</span><span class="p">;</span> <span class="nv">$username</span> <span class="o">=</span> <span class="s2">"root"</span><span class="p">;</span> <span class="nv">$password</span> <span class="o">=</span> <span class="s2">""</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$pdo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PDO</span><span class="p">(</span><span class="s2">"mysql:host=</span><span class="nv">$host</span><span class="s2">;dbname=</span><span class="nv">$dbname</span><span class="s2">;charset=utf8"</span><span class="p">,</span> <span class="nv">$username</span><span class="p">,</span> <span class="nv">$password</span><span class="p">);</span> <span class="nv">$pdo</span><span class="o">-&gt;</span><span class="nf">setAttribute</span><span class="p">(</span><span class="no">PDO</span><span class="o">::</span><span class="no">ATTR_ERRMODE</span><span class="p">,</span> <span class="no">PDO</span><span class="o">::</span><span class="no">ERRMODE_EXCEPTION</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nc">PDOException</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="k">die</span><span class="p">(</span><span class="s2">"Connection failed: "</span> <span class="mf">.</span> <span class="nv">$e</span><span class="o">-&gt;</span><span class="nf">getMessage</span><span class="p">());</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <h2> Registration System </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd3m5a8bx195xgnbeqhk6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd3m5a8bx195xgnbeqhk6.png" alt=" " width="800" height="380"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">require</span> <span class="s2">"config/database.php"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s2">"REQUEST_METHOD"</span><span class="p">]</span> <span class="o">===</span> <span class="s2">"POST"</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$name</span> <span class="o">=</span> <span class="nb">trim</span><span class="p">(</span><span class="nv">$_POST</span><span class="p">[</span><span class="s1">'name'</span><span class="p">]);</span> <span class="nv">$email</span> <span class="o">=</span> <span class="nb">trim</span><span class="p">(</span><span class="nv">$_POST</span><span class="p">[</span><span class="s1">'email'</span><span class="p">]);</span> <span class="nv">$password</span> <span class="o">=</span> <span class="nb">password_hash</span><span class="p">(</span><span class="nv">$_POST</span><span class="p">[</span><span class="s1">'password'</span><span class="p">],</span> <span class="no">PASSWORD_BCRYPT</span><span class="p">);</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="s2">"INSERT INTO users (name, user_email, password) VALUES (:name, :email, :password)"</span><span class="p">;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$pdo</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span> <span class="s1">':name'</span> <span class="o">=&gt;</span> <span class="nv">$name</span><span class="p">,</span> <span class="s1">':email'</span> <span class="o">=&gt;</span> <span class="nv">$email</span><span class="p">,</span> <span class="s1">':password'</span> <span class="o">=&gt;</span> <span class="nv">$password</span> <span class="p">]);</span> <span class="k">echo</span> <span class="s2">"Registration successful!"</span><span class="p">;</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <h2> Login System </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjy2xmngnypgwahb95sdi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjy2xmngnypgwahb95sdi.png" alt=" " width="800" height="383"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nb">session_start</span><span class="p">();</span> <span class="k">require</span> <span class="s2">"config/database.php"</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s2">"REQUEST_METHOD"</span><span class="p">]</span> <span class="o">===</span> <span class="s2">"POST"</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$email</span> <span class="o">=</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'email'</span><span class="p">];</span> <span class="nv">$password</span> <span class="o">=</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'password'</span><span class="p">];</span> <span class="nv">$sql</span> <span class="o">=</span> <span class="s2">"SELECT * FROM users WHERE user_email = :email"</span><span class="p">;</span> <span class="nv">$stmt</span> <span class="o">=</span> <span class="nv">$pdo</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span><span class="nv">$sql</span><span class="p">);</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">execute</span><span class="p">([</span><span class="s1">':email'</span> <span class="o">=&gt;</span> <span class="nv">$email</span><span class="p">]);</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nv">$stmt</span><span class="o">-&gt;</span><span class="nf">fetch</span><span class="p">(</span><span class="no">PDO</span><span class="o">::</span><span class="no">FETCH_ASSOC</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$user</span> <span class="o">&amp;&amp;</span> <span class="nb">password_verify</span><span class="p">(</span><span class="nv">$password</span><span class="p">,</span> <span class="nv">$user</span><span class="p">[</span><span class="s1">'password'</span><span class="p">]))</span> <span class="p">{</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="nv">$user</span><span class="p">[</span><span class="s1">'id'</span><span class="p">];</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'name'</span><span class="p">]</span> <span class="o">=</span> <span class="nv">$user</span><span class="p">[</span><span class="s1">'name'</span><span class="p">];</span> <span class="nb">header</span><span class="p">(</span><span class="s2">"Location: dashboard.php"</span><span class="p">);</span> <span class="k">exit</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">echo</span> <span class="s2">"Invalid credentials!"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cp">?&gt;</span> </code></pre> </div> <h2> Dashboard (Protected Page) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgphmpvh8c2oou9lzzcr7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgphmpvh8c2oou9lzzcr7.png" alt=" " width="800" height="374"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nb">session_start</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">isset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'user_id'</span><span class="p">]))</span> <span class="p">{</span> <span class="nb">header</span><span class="p">(</span><span class="s2">"Location: login.php"</span><span class="p">);</span> <span class="k">exit</span><span class="p">;</span> <span class="p">}</span> <span class="cp">?&gt;</span> <span class="nt">&lt;h1&gt;</span>Welcome <span class="cp">&lt;?php</span> <span class="k">echo</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">'name'</span><span class="p">];</span> <span class="cp">?&gt;</span><span class="nt">&lt;/h1&gt;</span> </code></pre> </div> <h2> Logout </h2> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nb">session_start</span><span class="p">();</span> <span class="nb">session_destroy</span><span class="p">();</span> <span class="nb">header</span><span class="p">(</span><span class="s2">"Location: login.php"</span><span class="p">);</span> <span class="k">exit</span><span class="p">;</span> <span class="cp">?&gt;</span> </code></pre> </div> <h2> Security Features </h2> <ul> <li>Password hashing using <strong>bcrypt</strong> </li> <li>Secure queries with <strong>PDO prepared statements</strong> </li> <li>Session-based authentication</li> <li>Protection against SQL Injection</li> </ul> <h2> What I Learned </h2> <ul> <li>Building a secure authentication system</li> <li>Using PDO in PHP</li> <li>Managing sessions</li> <li>Structuring a real web project</li> </ul> <h2> Future Improvements </h2> <ul> <li>Add form validation</li> <li>Improve UI</li> <li>Add password reset</li> <li>Add user profile</li> </ul> <h2> Conclusion </h2> <p>This project helped me understand how authentication systems work in real applications and how to make them more secure.</p> <p>Feedback is welcome!</p> beginners php security tutorial