PHP User Authentication with MySQL

by Vincy. Last modified on July 26th, 2022.

User authentication is a process of validating users with some keys, tokens, or any other credentials. If the user gives correct credentials then the authentication process will be successful.

After successful authentication, the users will be allowed to the system as authenticated users.

In this tutorial, we are going to create a PHP user authentication system with MySQL database.  It will be easy to understand this example code. By reading this article, you will learn how to code PHP user authentication.

Also, I have added the downloadable source code at the end of this article.

About this example

In this user authentication example, it has a login panel to let users enter their login details. It requests users to enter their username and password to authenticate. By submitting these login credentials, it will be posted to a PHP page.

In PHP it verifies the entered detail with the registered users’ database. It shows how to prepare the database query and execute it to check and verify the user’s data with the database.

Once a match is found, the user will be considered authenticated and authorized. After successful login, the authenticated user will be allowed to enter into the application.

user login authentication form

Steps to create a user login authentication system in PHP

  1. Create a MySQL database with users table.
  2. Create a user login panel to submit login details to PHP.
  3. Generate query to compare user login details with the MySQL user database.

1) Create a MySQL Database with Users Table.

For creating a database and the database tables you can run the MySQL CREATE statement. Instead, you can go with any database client like SQLYog, PHPMyAdmin. I am using PHPMyAdmin for creating the database and table structure that is used for the MySQL examples.

In this example, I created a database named as payload for creating users table. The following screenshot shows the users table structure with data.

user login database

2) Create User Login Panel.

The following HTML code is used to show the user login panel to the users to enter their authentication details. It has two input fields for getting username and password from the users.

Once the user entered their login details and submitted the form, the username and password data will be posted to the PHP to process authentication with MySQL database.

<form name="frmUser" method="post" action="">
    <div class="message text-center"><?php if($message!="") { echo $message; } ?></div>

    <h1 class="text-center">Login</h1>

    <div>
        <div class="row">
            <label> Username </label> <input type="text" name="userName"
                class="full-width" " required>
        </div>
        <div class="row">
            <label>Password</label> <input type="password"
                name="password" class="full-width" required>
        </div>
        <div class="row">
            <input type="submit" name="submit" value="Submit"
                class="full-width ">
        </div>
    </div>
</form>

These styles are added for the user authentication form elements by including a CSS file. The CSS provides a minimal look and feel to the PHP user authentication UI. It is just a skeleton and could be changed easily for the application theme.

body {
	font-family: calibri;
}

.tblLogin {
	border: #95bee6 1px solid;
	background: #d1e8ff;
	border-radius: 4px;
}

.tableheader {
	font-size: 24px;
}

.tableheader td {
	padding: 20px;
}

.tablerow td {
	text-align: center;
}

.message {
	color: #FF0000;
	font-weight: bold;
	text-align: center;
	width: 100%;
}

.login-input {
	border: #CCC 1px solid;
	padding: 10px 20px;
}

.btnSubmit {
	padding: 10px 20px;
	background: #2c7ac5;
	border: #d1e8ff 1px solid;
	color: #FFF;
}

3) Generate Query to Compare User Input with the Database.

In the following PHP code, it checks the $_POST global array length before executing the authentication code block. Once the user authentication form is submitted, then this global array will contain the values of the form input fields.

The PHP authentication code includes DataSource class at the beginning of the program. It connects the MySQL database by specifying the configurations to get the connection object. It uses MySQLi with prepared statements to execute authentication queries.

After receiving user authentication details in PHP, it compares the form data with the user database by executing a query by using the connection object.

The query binds the username entered by the user via HTML form. Then, it verifies the password hash with the entered password to return the authentication results.

If a match is found, it means the user is genuine who registered already with the system. So, the authentication code will allow the user to proceed further.

No matter whether the authentication is cleared or not. Anyhow this code will acknowledge the user by displaying success or warning based on the result of the authentication process.

<?php
$message = "";
if (count($_POST) > 0) {
    $isSuccess = 0;
    $conn = mysqli_connect("localhost", "root", "", "user_authentication");
    $userName = $_POST['userName'];
    $sql = "SELECT * FROM users WHERE userName= ?";
    $statement = $conn->prepare($sql);
    $statement->bind_param('s', $userName);
    $statement->execute();
    $result = $statement->get_result();
    while ($row = $result->fetch_assoc()) {
        if (! empty($row)) {
            $hashedPassword = $row["password"];
            if (password_verify($_POST["password"], $hashedPassword)) {
                $isSuccess = 1;
            }
        }
    }
    if ($isSuccess == 0) {
        $message = "Invalid Username or Password!";
    } else {
        header("Location:  ./success-message.php");
    }
}
?>

Database query preparation and parameter binding

To perform database operations this code uses secured prepared-statements to execute queries.

It creates a connection object by specifying the database credentials. This connection is used to validate login details with the MySQL database.

Database Script

Import this database script before running this example in your development environment.

This SQL script contains the user database structure. Additionally, it provides a sample record to test with valid authentication details.

Once you set up this example in your environment, run login.php and try below login details.

Username: admin

Password: admin

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `userId` int(8) NOT NULL,
  `userName` varchar(55) NOT NULL,
  `password` varchar(255) NOT NULL,
  `displayName` varchar(55) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`userId`, `userName`, `password`, `displayName`) VALUES
(1, 'admin', '$2a$10$0FHEQ5/cplO3eEKillHvh.y009Wsf4WCKvQHsZntLamTUToIBe.fG', 'Admin');

--
-- Indexes for table `users`
--
ALTER TABLE `users`
  ADD PRIMARY KEY (`userId`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
  MODIFY `userId` int(8) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;

Download

Comments to “PHP User Authentication with MySQL”

Leave a Reply

Your email address will not be published. Required fields are marked *

↑ Back to Top

Share this page