Free Secure Registration Form PHP

This article I will be explaining how to create a secure user sign-up form using php and mysql.This is a very secure way to use the salt value to add users into the database users table. It will help you to avoid sql injection and brute force dictionary attacks from hackers. This encryption method is a better way and is more secure than the md5 encryption method.

User Registration

<form method="post" action="registration.php">
                                
 	User Name: <input type="text" name="userName" id="userName"/> <br/>
    Password: <input type="password" name="userPassword" id="userPassword"/> <br/>
    Email Address: <input type="text" name="userEmail" id="userEmail"/> <br/>
    
    <input type="button" id="user-btn-signup" value="Registration" name="userSubmit"/>

                                
 </form>

Below is the table structure I have used.

secure-user-login-table

Below is the mysql you can use to create the table structure above.

CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `userEmail` varchar(255) NOT NULL,
  `userName` varchar(255) NOT NULL,
  `userPassword` varchar(255) NOT NULL,
  `enable` int(11) NOT NULL DEFAULT '1',
  `regDateTime` datetime NOT NULL,
  `salt` varchar(255) NOT NULL,
  PRIMARY KEY (`id`,`userEmail`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;

Below is the php script used to process the registration form. This can put in the registration.php file.
I have not added database connection details so you will need to add your own connections. If you are struggling to create or input your database connections into the file please comment below and I will help you.

/***
	 check given username is already registred or not whether.
	 if already registered return 0
	 if given username is not registered return 1
***/
function checkuseremail($useremail) {
	
 	$SQL="SELECT id FROM users WHERE userEmail = '$useremail'";
	$result = mysql_query($SQL) or die(mysql_error());	 
	$rows = mysql_num_rows($result);
	if($rows <= 0) {
		return 0; // not registered
	} else {
		return 1; // already using given username
	}
	
}


/***
	 check given email address is already registred or not whether.
	 if already registered return 0
	 if given email address is not registered return 1
***/
function checkusername($username) {
	
	$SQL="SELECT id FROM users WHERE userName = '$username'";
	$result = mysql_query($SQL) or die(mysql_error());	  
	$rows = mysql_num_rows($result);
	if($rows <= 0) {
		return 0; // not registered
	} else {
		return 1;// already using given email address
	} 
 	
}



// create random salt with 5 character length and return it.
function createSalt() {
    $string = md5(uniqid(rand(), true));
    return substr($string, 0, 5);
}
 
 
 
if( isset($_POST['userSubmit']) && ($_POST['userSubmit']=='Registration') )  {

		//get user entered details
		 $username 		= mysql_real_escape_string(trim($_POST['userName']));
		 $userpassword  = mysql_real_escape_string(trim($_POST['userPassword']));
		 $useremail 	= mysql_real_escape_string(trim($_POST['userEmail']));


	 $errors = 0; // define variable to assign value if have errors

     // check username is already using or not
 	 $checkUsername = checkusername($username); 
	 if($checkUsername==1) {
 		echo $username.' is already registered.Please use different username.';
		$errors = 1;
		die();
 	 }
	 
	 
 	 // check email is already using or not
	 $checkemail = checkuseremail($useremail);  
	 if($checkemail==1) {
 		echo $useremail.' is already registered.Please use different email address.'; 
		$errors = 1;
		die();
 	 }
	 
	 
	 // if username and email not registered
	 if($checkUsername==0 && $checkemail==0 && $errors==0 && $userpassword !='') {
		 
		 // create salt
		 $salt_reg = createSalt();	
		 
  		 // create hash paassword using salt and user entered password
		 $userpasswdHash = hash('sha256', $salt_reg . $userpassword); 
			 
		 $insertSql = "INSERT INTO users (id,userEmail,userName,userPassword,enable,regDateTime,salt) VALUES  ('','$useremail','$username','$userpasswdHash',1,NOW(),'$salt_reg')";
		 
		 $results_insert = @mysql_query($insertSql) or die(mysql_error());
		 
		 if($results_insert) {
			  echo 'Successfully Registered.';
		 }
		 else {
			  echo 'Registration Error.Please check the details again and submit.';
		 }
	 }  // end if condition
	
	
	
}  // end check if submit

User Login

The code for the login form is below.

<form method="post" action="login.php">
                                
 	User Name: <input type="text" name="userName" id="userName"/> <br/>
    Password: <input type="password" name="userPassword" id="userPassword"/> <br/>
     
    <input type="button" id="user-btn-signup" value="Login" name="userSubmit"/>

                                
 </form>

Place the code below in a login.php file so that the users can login.

if(isset($_POST['userSubmit']) && $_POST['userSubmit']=='Login') {
	
		$username = mysql_real_escape_string(trim($_POST['userName']));
		$userpassword = mysql_real_escape_string(trim($_POST['userPassword']));
	
 	    $errors = 0;
		
			// check uname and pswd
			$sql_check = "SELECT id,userEmail,userName,userPassword,salt FROM users WHERE userName='$username'";
			$result_check = mysql_query($sql_check) or die(mysql_error());;

			//********** check the username ***********************
			if(mysql_num_rows($result_check) < 1) //no such user exists
			{
				echo 'No such username exists.'; // wrong
				$errors = 1;
				die();
			}
			 
			 
			 //********** check the password **********************
			 // get user details to array			
			 $userData = mysql_fetch_array($result, MYSQL_ASSOC);
			
			 // get that user's salt value
			 $db_salt = trim($userData['salt']); 
			 
			 // create hash password using db salt value and user entered password
			 $hash_entered =  hash('sha256', $db_salt . $userpassword);
 			
			// compare both user entered password hash value and db value
			if($hash_entered != $userData['userPassword']) //incorrect password
			{
				 echo 'Incorrect Paasword.'; // wrong
				 $errors = 1;
				 die();
			}
			else
			{
				// if login details correct assign user values to the session variable

				$_SESSION['userID']=$userData['id'];
		
 				$_SESSION['userEmail']=$userData['userEmail'];
				
				$_SESSION['userName']=$userData['userName'];
				
  		
	 		    //'Successfully Login
				header("location: home.php");
			}
			
 } // end if check login

Thats all! If you have any issues creating this please comment below and I will help you.

JustUKFreebies

I am a freelance website designer, this is my blog website were I like to post freebie website templates and scripts and other cool useful stuff.

You may also like...

Leave a Reply

Your email address will not be published.