DEV Community: Marwa El mekkaoui The latest articles on DEV Community by Marwa El mekkaoui (@marwa_elmekkaoui_6b5facf). https://dev.to/marwa_elmekkaoui_6b5facf https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1498694%2F612a6019-f669-45d9-b70e-e69797822a6b.png DEV Community: Marwa El mekkaoui https://dev.to/marwa_elmekkaoui_6b5facf en LOGIN SYSTEM IN PHP AND MYSQL: User Authentication system. Marwa El mekkaoui Wed, 15 May 2024 14:41:18 +0000 https://dev.to/marwa_elmekkaoui_6b5facf/login-system-in-php-and-mysql-user-authentication-system-178b https://dev.to/marwa_elmekkaoui_6b5facf/login-system-in-php-and-mysql-user-authentication-system-178b <p><strong>hackathon - OFPPT</strong></p> <p>User <strong>authentication</strong> in web developemen is used to authorized and restrict users to certain pages in a web appplication.</p> <p>here are the github repository<br> <a href="https://github.com/salahghr4/hackathon">github</a></p> <h3> REGISTERATION SYSTEM </h3> <h4> DATABASE TABLE IN MYSQL </h4> <p>The database used is MySQL, so you'll need a MySQL database to run create the users table.<br> Run the <code>hackathon.sql</code> file in MySQL database to create users table.</p> <h3> CONFIGURATION FILE </h3> <p>The PHP script to connect to the database is in <code>config.php</code> directory.<br> Replace credentials to in <code>config.php</code> to match your server credentials.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;?php $host = 'localhost'; $db = 'Hackathon'; $user = 'root'; $pass = ''; $charset = 'UTF8'; $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; // set the PDO error mode to exception and the default fetch mode to associative arrays $options = [ PDO::ATTR_ERRMODE =&gt; PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE =&gt; PDO::FETCH_ASSOC, ]; try { $conn = new PDO($dsn, $user, $pass, $options); } catch (PDOException $e) { echo 'Connextion failed' . $e-&gt;getMessage(); } </code></pre> </div> <h3> REGISTERATION FORM AND SCRIPT </h3> <p>The <code>register.php</code> creates a web form that allows users to register themselves.<br> The script generates error if form input is empty and username is has been taking already by another user.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7ba1ef6lh985zihemg4o.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7ba1ef6lh985zihemg4o.jpg" alt="Image description" width="800" height="419"></a></p> <h2> LOGIN SYSTEM </h2> <h4> LOGIN FORM AND SCRIPT </h4> <p><code>login.php</code> is the login script.<br> When a user submit a form with the input of username and password, these inputs will be verified against the credentials data stored in the database, if there is a match then the user will be authorized and granted access to site or page.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhsdtuqv6bkb4t7c4s1d.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhsdtuqv6bkb4t7c4s1d.jpg" alt="Image description" width="800" height="433"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mlvbhvtg99e0u1gdsd2.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5mlvbhvtg99e0u1gdsd2.jpg" alt="Image description" width="800" height="462"></a></p> <h3> DASHBOARD PAGE </h3> <p>User is redirected to <code>dashboard.php</code> if login is successful.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7uvvcvotfw69s9scqj0.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7uvvcvotfw69s9scqj0.jpg" alt="Image description" width="800" height="414"></a></p> <h3> LOGIN OUT </h3> <p><code>logout.php</code> log out the user and destroy all his sessions.</p> <h3> SECURITY </h3> <ul> <li><p>always hash the password before stoke it in the database.<br> we use functions <strong>password_hash()</strong> for hashing<br> and <strong>password_verify()</strong> for check for the hashed password.</p></li> <li><p>we use the function <strong>filter_input()</strong> its similar to <strong>htmlspecialchar()</strong>, to validate variables from insecure sources, such as user input.</p></li> <li><p>use <strong>sessions</strong> to store and persist user-specific data across multipile pages.</p></li> </ul> webdev php mysql