Entire User Registration and Login system with PHP and SQL


Here I created an entire user registration and login system using PHP and SQL. The system protects against SQL injections and encrypts user passwords before storing them in an SQL database. The process is quite useful for a variety of web sites including shopping and social media websites where we want users to register and be able to come back to their private accounts.

I started with creating a registration form with a username, email and password field. Current users can skip to the login page.

Next I created a login page for our returning users. Now they just need to enter a username and a password to log into their account.

This is where return visitors can login.

Next I included error validation on the registration form to make sure the new users are signing up with all the required information.

The error validation helps us get the proper information from new users who sign up.

If there are any errors or blank fields we echo back the user input that is valid so they don't have to start the whole form over again. This is just to have a better user experience. If they encounter any errors I am helping them along because customers and users are important.

Before saving the user data to the database I used an an MD5 hash which is composed of 32 hexadecimal characters.

Now I am able to have users register and their passwords are stored but are stored as MD5 hashes.

So now when a registered users comes to my website they can skip the registration process and log in as you normally would to any e-commerce or social media website. If the credentials are invalid the user gets an error message. If the credentials are valid the user is logged in and a session is started.

Here we just do a simple check and let the user know if their information is erroneous.

When the user logs in from the login page with valid credentials they are redirected to the home page of their account.



My script logs users in who have valid credentials and redirects them to the home page. If the combination is incorrect the user will get an error message telling them to try with valid credentials.

Login success!!!

Great, now people can visit the website, register for an account and use the same credentials to log into a private account at a later point in time.







Comments

Popular posts from this blog

Automated Exploitation of a Bluetooth vulnerability that leads to 0-click code execution

Sniffing GSM traffic on a private cellphone network

Raspberry Pi WiFi Honeypot 🍯