How do I create a simple login and registration system using PHP and msqli?

Question

1.00/5 (1 vote)

See more:

I'm trying to create a very simple Login and Registration system using PHP and MSQLi and I'm not sure how to procede here

if()
LOGIN();
else()
REGISTER();

I don't want to complicate the code further by adding email,verification,logout option etc. and I don't wish to use a

<div class="form">

or other possible options that I've come across the internet. I'm just a beginner and I want to know if there's a right way to go with

if()
		LOGIN();
	else()	
		REGISTER();

What I have tried:

<!DOCTYPE html>
<html>
	<head>
		<title>LOGIN</title>
	</head>

	<body>
		<form name="login" action="login.php" method="POST">
			Username:<input type="text" name="username"/><br/>
			Password:<input type="password" name="password"/><br/>
			<input type="submit" name="action" value="Login"/>
			<input type="submit" name="action" value="Register"/>
		</form>
	</body>
</html>

<!DOCTYPE html>
<html>
<head>
<title>LOGIN Result</title>

<?php
function DeclareVariables()
{
	global $username,$password;
	global $hostname,$database,$db_username,$db_password;
	global $DB,$connectDB_ok,$result;
/*	
	$hostname="localhost";    // XAMPP
	$database="MyServiceDB";  // XAMPP
	$db_username="root";      // XAMPP
	$db_password="";          // XAMPP
*/

	$hostname="localhost";          //"mysql.hostinger.gr";
	$database="id15378361_mydb";
	$db_username="id15378361_user"; // phpMyAdmin username
	$db_password="Password123!";    // phpMyAdmin password

	$username=$_POST['username'];
	$password=$_POST['password'];

	$connectDB_ok=true;
	
	
	
	
	
}
function Failed($error_msg)
{
	global $connectDB_ok;

	$connectDB_ok=false;
	print $error_msg;
}



function ConnectToDB()
{
	global $DB,$hostname,$database,$db_username,$db_password,$connectDB_ok;
	
	$DB=mysqli_connect($hostname,$db_username,$db_password) or Failed("MySQL connecting error");
	if($connectDB_ok)
	{
		mysqli_select_db($DB,$database) or Failed("DATABASE selection error");
	}
}





function QueryToDB()
{
	global $DB,$result,$connectDB_ok,$username;
	
	if($connectDB_ok)
	{
		if (trim($username)!='') //check if username is not empty
		{
			$query="SELECT * FROM RegisteredUsers WHERE Name='$username';";
			$result=mysqli_query($DB,$query) or Failed("SQL query error");
		}
		else
			Failed("Please enter a valid username");
	}
}




function CheckUser()
{
	global $DB,$result,$connectDB_ok,$username,$password;
	
	if($connectDB_ok) 
	{
		$num=mysqli_num_rows($result);
		if ($num==0) // if there are no records returned the user doesn't exist
		{
			print "USER ".$username." doesn't exist";
		}
		else //($num==1) >1 is not possible since Name is a UNIQUE db-field
		{
			$row=mysqli_fetch_row($result);
			$password_from_db=$row[2]; // 2 refers to the 3rd column (0-based logic: 0,1,2)
			if ($password_from_db==$password)
			{
				print "LOGIN of ".$username." was successful";
			}
			else
			{
				print "WRONG PASSWORD for USER ".$username;
			}
		}
	}
}




function AddNewUser()
{
	global $DB,$connectDB_ok,$username,$password;
	
	if($connectDB_ok)
	{
		if (trim($username)!='') //check if username is not empty
		{
			$query="SELECT MAX(ID) AS 'max_id' FROM RegisteredUsers;";
			$result=mysqli_query($DB,$query) or Failed("NEW-ID error");
			if($connectDB_ok)
			{
				$row=mysqli_fetch_row($result);
				$newID=$row[0]+1; // 0 refers to the 1st-column=ID (0-based logic: 0,1,2)
				$query="INSERT INTO RegisteredUsers (ID,Name,Password) VALUES ($newID,'$username','$password');";
				mysqli_query($DB,$query) or Failed("INSERTION error (probably user already exists)");
				if($connectDB_ok)
				{
					print $username." inserted successfully";
				}
			}
		}
		else
			Failed("Please enter a valid username");
	}
}






function LOGIN()
{
	DeclareVariables();
	
	ConnectToDB();
	QueryToDB();
	CheckUser();

}


function REGISTER()
{
	DeclareVariables();
	
	ConnectToDB();
	QueryToDB();
	AddNewUser();
}



?>



</head>



<body>
<?php 
	if()
		LOGIN();
	else()	
		REGISTER();
?>
</body>
</html>

Posted 28-Nov-20 7:29am

ShortCake2026

Updated 28-Nov-20 23:47pm

Add a Solution

Comments

Richard Deeming 30-Nov-20 4:42am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

Richard Deeming 30-Nov-20 4:42am

You are also storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sandeep Mewara · Accepted Answer · 2020-11-28T23:47:00

Have a look at this and try. They are very basic examples only and would help you build what you are looking for:
PHP - Login Example - Tutorialspoint[^]
Creating a User Login System with PHP and MySQL - Tutorial Republic[^]

They are step by step and if you feel stripping few HTML out of them too, you can try that of.