How to register PHP authorization
Create a secure user registration & authentication system in PHP with a step-by-step example.
Register PHP Authorization
Registering a PHP authorization is a simple process that requires a few basic steps. In order to register a PHP authorization, you will need to add a few lines of code to the top of your PHP script. This code will serve as a gateway of sorts, allowing only valid users to access the page. Here is an example of how to set up a PHP authorization:
// Start the session
session_start();
// Check if the user is logged in, if not then redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
This code will first start a session and then check whether the user is logged in. If the user is not logged in, the code will redirect them to the login page. This is a good starting point for setting up a PHP authorization.
The next step is to add code that will check the user's credentials. This code will take the username and password that are submitted by the user and check them against the database. Here is an example of how to do this:
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Please enter username.";
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// Redirect user to welcome page
header("location: welcome.php");
} else{
// Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else{
// Display an error message if username doesn't exist
$username_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
This code will take the username and password that is submitted by the user and check it against the database. If the credentials are valid, the user will be granted access to the page. Otherwise, an error message will be displayed.
Once the authorization code is in place, you can begin to create the login page. The login page should include a form for the user to enter their username and password. This form should then submit the credentials to the PHP authorization code. Here is an example of a basic login form:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username</label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
This code will create a basic form that allows the user to enter their username and password. Once the form is submitted, it will be sent to the PHP authorization code that was created earlier. From there, the user will either be granted access or an error message will be displayed.
Registering a PHP authorization is a simple process that requires a few basic steps. By following the steps outlined here, you can quickly and easily set up your own PHP authorization system.