A secure PHP authentication system with user registration, login, and password management features.
- ✅ User Registration with email validation
- ✅ Secure Login with password hashing
- ✅ Password Change functionality
- ✅ Session Management
- ✅ Responsive Bootstrap UI
- ✅ MySQL Database Integration
- ✅ Input Validation and Security
- PHP 7.4 or higher
- MySQL 5.7 or higher
- Web server (Apache/Nginx)
-
Clone or download the project files to your web server directory
-
Create the database:
-- Run the SQL file in your MySQL database source database/schema.sql
-
Configure database connection: Edit
config/database.phpand update the database credentials:define('DB_HOST', 'localhost'); define('DB_USER', 'your_username'); define('DB_PASS', 'your_password'); define('DB_NAME', 'auth_system');
-
Set proper file permissions:
chmod 755 /path/to/PHPAuthSystem chmod 644 /path/to/PHPAuthSystem/config/database.php
-
Access the application: Open your web browser and navigate to your domain/path
- Visit
/auth/register.php - Fill in username, email, and password
- System validates email format and password strength
- Passwords are automatically hashed using
password_hash()
- Visit
/auth/login.php - Enter username/email and password
- System verifies credentials and creates session
- Redirects to dashboard on successful login
- Login and visit
/auth/change_password.php - Enter current password and new password
- System verifies current password before updating
- Click logout link or visit
/auth/logout.php - Destroys session and redirects to login
- Password Hashing: Uses PHP's
password_hash()with default algorithm - Input Validation: Server-side validation for all inputs
- SQL Injection Prevention: Uses PDO prepared statements
- Session Security: Proper session management and destruction
- Email Validation: Built-in email format validation
- XSS Protection: HTML special characters are escaped
PHPAuthSystem/
├── assets/
│ └── css/
│ └── style.css # Custom styles
├── auth/
│ ├── login.php # Login page
│ ├── register.php # Registration page
│ ├── logout.php # Logout handler
│ └── change_password.php # Password change page
├── classes/
│ └── User.php # User class with all methods
├── config/
│ └── database.php # Database configuration
├── database/
│ └── schema.sql # Database schema
├── index.php # Home page
├── dashboard.php # User dashboard
└── README.md # This file
The system uses a single users table:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);- Edit
assets/css/style.cssto customize the appearance - The system uses Bootstrap 5 for responsive design
- Modify
config/database.phpfor different database settings - Update
database/schema.sqlif you need additional fields
- Consider adding CSRF protection for forms
- Implement rate limiting for login attempts
- Add email verification for registration
-
Database Connection Error
- Check database credentials in
config/database.php - Ensure MySQL service is running
- Verify database exists
- Check database credentials in
-
Session Issues
- Check PHP session configuration
- Ensure proper file permissions
- Clear browser cookies
-
Password Hash Issues
- Ensure PHP version supports
password_hash() - Check if password_verify() is working correctly
- Ensure PHP version supports
This project is open source and available under the MIT License.
For support or questions, please check the code comments or create an issue in the project repository.