Thursday 17 November 2016

PHP Login Registration Script by using password_hash() method





If you looking for how to use password_hash() method for login and registration in php script. In this tutorial we will discuss how to use php password hash method for secured login and registration. This PHP password_hash() method will creates new password hash by using effective one way hashing algorithm. This method first introduce under php 5.5 version and it will creates new password hash with 60 characters long and we will store that hashed password into our database and it is very difficult to hacked and it can be verify by using password verify method. If you are build any application and you want to implement strong login for your application then you can use this password_hash() method for strong login registration for your application. When we will register into this type of registration then password will be hashed by password_hash() method and store into database and while we will login into system then this type of hashed password can be verify by using password_verify() method. So this is the complete register login logout system by using password_hash() method. Here when new user come for register to this type of system then this system will generate hashed password from password which he has enter while registration by using password_hash() method. This method will generate 60 character long hashed password by using password hash algorithm and then after we have store that hashed password in database and when user come for login then at that user enter his password then after we have validate that user enter password with hashed password by using password_verify() method, this method verify hashed password with normal string password and if both password match then it will return true that means password match but suppose this method return false that means password not match. This is the best method for prevent from password hacking.


Source Code


index.php


 <?php  
 $connect = mysqli_connect("localhost", "root", "", "test");  
 session_start();  
 if(isset($_SESSION["username"]))  
 {  
      header("location:entry.php");  
 }  
 if(isset($_POST["register"]))  
 {  
      if(empty($_POST["username"]) || empty($_POST["password"]))  
      {  
           echo '<script>alert("Both Fields are required")</script>';  
      }  
      else  
      {  
           $username = mysqli_real_escape_string($connect, $_POST["username"]);  
           $password = mysqli_real_escape_string($connect, $_POST["password"]);  
           $password = password_hash($password, PASSWORD_DEFAULT);  
           $query = "INSERT INTO users(username, password) VALUES('$username', '$password')";  
           if(mysqli_query($connect, $query))  
           {  
                echo '<script>alert("Registration Done")</script>';  
           }  
      }  
 }  
 if(isset($_POST["login"]))  
 {  
      if(empty($_POST["username"]) || empty($_POST["password"]))  
      {  
           echo '<script>alert("Both Fields are required")</script>';  
      }  
      else  
      {  
           $username = mysqli_real_escape_string($connect, $_POST["username"]);  
           $password = mysqli_real_escape_string($connect, $_POST["password"]);  
           $query = "SELECT * FROM users WHERE username = '$username'";  
           $result = mysqli_query($connect, $query);  
           if(mysqli_num_rows($result) > 0)  
           {  
                while($row = mysqli_fetch_array($result))  
                {  
                     if(password_verify($password, $row["password"]))  
                     {  
                          //return true;  
                          $_SESSION["username"] = $username;  
                          header("location:entry.php");  
                     }  
                     else  
                     {  
                          //return false;  
                          echo '<script>alert("Wrong User Details")</script>';  
                     }  
                }  
           }  
           else  
           {  
                echo '<script>alert("Wrong User Details")</script>';  
           }  
      }  
 }  
 ?>  
 <!DOCTYPE html>  
 <html>  
      <head>  
           <title>Webslesson Tutorial | PHP Login Registration Script by using password_hash() method</title>  
           <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>  
           <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />  
           <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>  
      </head>  
      <body>  
           <br /><br />  
           <div class="container" style="width:500px;">  
                <h3 align="center">PHP Login Registration Script by using password_hash() method</h3>  
                <br />  
                <?php  
                if(isset($_GET["action"]) == "login")  
                {  
                ?>  
                <h3 align="center">Login</h3>  
                <br />  
                <form method="post">  
                     <label>Enter Username</label>  
                     <input type="text" name="username" class="form-control" />  
                     <br />  
                     <label>Enter Password</label>  
                     <input type="text" name="password" class="form-control" />  
                     <br />  
                     <input type="submit" name="login" value="Login" class="btn btn-info" />  
                     <br />  
                     <p align="center"><a href="index.php">Register</a></p>  
                </form>  
                <?php       
                }  
                else  
                {  
                ?>  
                <h3 align="center">Register</h3>  
                <br />  
                <form method="post">  
                     <label>Enter Username</label>  
                     <input type="text" name="username" class="form-control" />  
                     <br />  
                     <label>Enter Password</label>  
                     <input type="text" name="password" class="form-control" />  
                     <br />  
                     <input type="submit" name="register" value="Register" class="btn btn-info" />  
                     <br />  
                     <p align="center"><a href="index.php?action=login">Login</a></p>  
                </form>  
                <?php  
                }  
                ?>  
           </div>  
      </body>  
 </html>  

entry.php


 <?php  
 //entry.php  
 session_start();  
 if(!isset($_SESSION["username"]))  
 {  
      header("location:index.php?action=login");  
 }  
 ?>  
 <!DOCTYPE html>  
 <html>  
      <head>  
           <title>Webslesson Tutorial | PHP Login Registration Script by using password_hash() method</title>  
           <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>  
           <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />  
           <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>  
      </head>  
      <body>  
           <br /><br />  
           <div class="container" style="width:500px;">  
                <h3 align="center">PHP Login Registration Script by using password_hash() method</h3>  
                <br />  
                <?php  
                echo '<h1>Welcome - '.$_SESSION["username"].'</h1>';  
                echo '<label><a href="logout.php">Logout</a></label>';  
                ?>  
           </div>  
      </body>  
 </html>  

logout.php


 <?php  
 //logout.php  
 session_start();  
 session_destroy();  
 header("location:index.php?action=login");  
 ?>  

14 comments:

  1. Success due to your help above. Thank you!

    ReplyDelete
  2. dude i try to change the database why this error msg show "wrong user details" thx u pls reply

    ReplyDelete
  3. Thanks,

    Solved my problems but include on the registration a feature that checks if user exists first before adding him to the database

    ReplyDelete
  4. Thanks for really good example.I have checked multiple site but didn't get any example through which I can understand the concept.

    ReplyDelete
  5. how to change user password?

    ReplyDelete
  6. bro there is a problem in while loop section in the code to login while I'm entering my password.
    It's not able to recognize $row variable which is not assigned.Help me to resolve the issue.



    ReplyDelete
  7. I did a test using another column name (varchar) of the table to show in the welcome, I don't understand why it doesn't accept. Include in parts of the code and do not accept it at all.
    Can someone help me?

    ReplyDelete