DEV Community

saoud aya
saoud aya

Posted on

Secure User Authentication System Using PHP & MySQL

#php #security #showdev #webdev

In this project, I built a simple authentication system inspired by Facebook.
The goal was to allow users to register, log in securely, and interact with a basic social interface.

Tech Stack

  • PHP

  • MySQL

  • HTML / CSS

  • XAMPP

Features

User registration with validation
Secure login system
Password hashing (password_hash)
Session management
Account confirmation step
Friend suggestion system (basic)
Responsive UI

Team Work

This project was developed as a team of five members.

We collaborated to design, build, and improve different parts of the application.
Working in a team helped me improve my communication, collaboration, and problem-solving skills.

Database Structure

The system uses a users table to store user information. Passwords are hashed using password_hash() for security.

sql
CREATE TABLEusers(
idint(11) NOT NULL AUTO_INCREMENT,
nomvarchar(100) NOT NULL,
prenomvarchar(100) NOT NULL,
contactvarchar(100) NOT NULL,
passwordvarchar(255) NOT NULL,
jourint(2) NOT NULL,
moisint(2) NOT NULL,
anneeint(4) NOT NULL,
genretinyint(1) NOT NULL,
created_attimestamp NOT NULL DEFAULT current_timestamp(),
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

Database Connection (PDO)

`<?php
$host = "localhost";
$dbname = "facebook";
$user = "root";
$pass = "";

try {
$pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Erreur DB: " . $e->getMessage());
}
?>`

Registration Page (Sign Up)

This page allows users to create an account. I also created helper functions to dynamically generate the date of birth (day, month, year).
`<?php

function getYears($selectedYear = 1970) {
for ($year = 2026; $year >= 1905; $year--) {
$selected = ($year == $selectedYear) ? "selected" : "";
echo "$year";
}
}

function getMonths() {
$months = ["JANVIER", "FÉVRIER", "MARS", "AVRIL", "MAI", "JUIN", "JUILLET", "AOÛT", "SEPTEMBRE", "OCTOBRE", "NOVEMBRE", "DÉCEMBRE"];
foreach ($months as $index => $m) {
$val = $index + 1;
echo "$m";
}
}

function getDays() {
for ($day = 1; $day <= 31; $day++) {
echo "$day";
}
}
?>
`

authentication

This is the login page. The PHP script checks if the contact and password fields are submitted. It queries the database for a user with the given contact, then uses password_verify() to check if the submitted password matches the stored hash. If successful, it stores the user data in $_SESSION['user'] and redirects to home.php.
`<?php
session_start();
require_once 'database.php';
$message = "";
if(isset($_POST['connecter'])){
$contact = $_POST['contact'];
$password = $_POST['password'];
if(empty($contact) || empty($password)){
$message = "Tous les champs sont obligatoires";
} else {
$sql = "SELECT * FROM users WHERE contact = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$contact]);

    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    if($user && password_verify($password, $user['password'])){

        $_SESSION['user'] = $user;

        header("Location: accueil.php");
       exit();
    } else {
        $message = "Mot de passe ou contact incorrect !";
    }
}
Enter fullscreen mode Exit fullscreen mode

}
?>`

home

This is a protected page. It starts by checking if $_SESSION['user'] exists; if not, it redirects to login.php. It displays the logged-in user's name and a list of other users as "friend suggestions". I used CSS Flexbox and Media Queries to make the layout responsive on mobile. The "Add Friend" button uses JavaScript fetch to call add_friend.php without reloading the page.
`<?php
session_start();
require_once "database.php";

if (!isset($_SESSION['user'])) {
header("Location: login.php");
exit();
}

$user = $_SESSION['user'];

$stmt = $pdo->prepare("SELECT * FROM users WHERE id != ?");
$stmt->execute([$user['id']]);
$friends = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>`

verify

This file performs the final verification. It uses password_verify() to compare the password entered in confirm.php with the hashed password stored in the session. If they match, it inserts the new user into the users table using a prepared statement for security. Finally, it clears the temporary session and redirects to the success page.
`<?php
session_start();
require_once 'database.php';

if(!isset($_SESSION['temp_user'])){
die("Session expirée");
}

if($_SERVER["REQUEST_METHOD"] == "POST") {

$input_password = $_POST['password'];
$user = $_SESSION['temp_user'];

if(password_verify($input_password, $user['password'])) {

    $sql = "INSERT INTO users (nom, prenom, contact, password, jour, mois, annee, genre)
            VALUES (:nom, :prenom, :contact, :password, :jour, :mois, :annee, :genre)";

    $stmt = $pdo->prepare($sql);

    $stmt->execute([
        ':nom' => $user['nom'],
        ':prenom' => $user['prenom'],
        ':contact' => $user['contact'],
        ':password' => $user['password'],
        ':jour' => $user['jour'],
        ':mois' => $user['mois'],
        ':annee' => $user['annee'],
        ':genre' => $user['genre']
    ]);

    unset($_SESSION['temp_user']);

    header("Location: succes.php");
    exit();

} else {

    header("Location: confirm.php");
    exit();
}
Enter fullscreen mode Exit fullscreen mode

}
?>`
This project helped me understand how authentication systems work using PHP and MySQL.

I learned how to create a registration and login system similar to real applications.

Project Source Code

You can find the full project on GitHub here:
https://github.com/Nouhailasemoud/login-system-php

Top comments (0)