Create Login, LogOut and Forgot Password Recovery Features using PHP and MYSQL.

How to make Login , Logout and Forgot Password features in PHP with MYSQL.

Step 1: Creating User Table in MySQL to Store User Login Details

Create a user_registration table in MYSQL using the following code. The primary key is the “id” that is auto_increment value i.e it is automatically incremented for every new user. Email_address field will be used as the “login” and password is the “user password”. The email_address is the unique key, i.e it cannot be duplicated.

CREATE TABLE `user_registration` (
  'id' int(100) NOT NULL auto_increment,
  'first_name' varchar(255) NOT NULL default '',
  'last_name' varchar(255) NOT NULL default '',
  'email_address' varchar(255) NOT NULL default '',
'password' varchar(255) NOT NULL default '',

PRIMARY KEY  ('id'),
  UNIQUE KEY 'email_address' ('email_address')
) TYPE=MyISAM AUTO_INCREMENT=1 ;

Step 2: Create The Login.html page

This is the simple HTML login page. It has a form with 2 fields. The User Name (Email Addres) and Password. The form is submitted to the authenticate.php page.

                            User name(Email Address)
                            
Password 
                            

                            
                            
  

Step 3: How To Authenticate The User Submitted Info (authenticate.php)

a) First Of all the values of login and password are taken into login_id and password variables.

$login_id = $_POST['username']; // the value of login id is taken in variable
$password = $_POST['password']; // the value of password is take in a variable

b) These values are checked from the MYSQL table (created in step 1). If the values are not matched, it means the user info was not present in the table and the user is not valid. In this case the user is again re-directed to the login page.

But if the user is valid then the sessions are created for the user and user is redirected to the new page called user_area_page.php
The sessions store the user login and password values. Now these sessions will be alive till we will kill them by logout.

if($result=mysql_query("SELECT * FROM ny_free_registration WHERE email_address='$login_id' AND password='$password'")) {

    if(mysql_num_rows($result)) {

       session_start();
        session_register("user_id", "user_password");
        $_SESSION['user_id'] = $_POST['username']; 
        $_SESSION['user_password'] = $_POST['password'];
        $url = "user_area_page.php";    
        header ('Location: ' . $url);   

    }

}

else {

    $url = "login.php?login=invalid";    
    header ('Location: ' . $url);    

}

c) On top of every page that needs the registered users to enter, will be the following code. This code is just checking the sessions presence. If the sessions are not set the user will be redirected to the login page otherwise he can access that page.

session_start();
if(empty($_SESSION['user_id']) OR empty($_SESSION['user_password']) ) {

    header('Location: login.php?login=access_denied' ); 
}

Step 4: LogOut The User

This code will do the simple job. It will empty the session variables and will destroy them. So after this, the code that is checking the presence of the sessions on every page will redirect the user to the login page with “access denied” query string.

Here is the code for logout.php file

Step 5: Forgot Password Feature (forgot_password.php)

a) We will make a simple form with one field called email address. User will enter his email address.

b) Now we need to determine either the input email address exists in our database. This query is written above in 2(b).

c) If the email address not found, then you will echo a error message like “Email Not Found”.

d) Game starts when your code tells that the email address is present in our database.

Now we will get the password for the input email address and will email this info at this email address with the subject “Your Login Info For ABC.com”

$semi_rand = md5(time());
         $email_txt  = "Here is your login information for accessing the secure pages of abc.com
        


        Login Id = $email_address


        
        Password = $password 

 ";    
            
                         
        $email_txt  = stripslashes($email_txt);
     
         $to = "$email";
         $subject = "Your Login Info For abc.Com";
         $email_from = "info@abc.com";
    
         $headers = "From: ".$email_from;
         $headers .= "nMIME-Version: 1.0n" .
                        "Content-Type: multipart/mixed;n" .
                    " boundary="==Multipart_Boundary_x{$semi_rand}x"";
    
        $message1 = "This is a multi-part message in MIME format.nn" .
                      "--==Multipart_Boundary_x{$semi_rand}xn" .
                     "Content-Type:text/html; charset="iso-8859-1"n" .
                      "Content-Transfer-Encoding: 7bitnn" . $email_txt . "nn";
        if (@mail($to, $subject, $message1, $headers))
            {
                  echo "email sent"; 
                  
            }
        else
              {    
                echo "email not sent";
            }

If you enjoyed this post, please consider sharing, leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.