how you can implement login, forget password, signup (register), logout, remember me, and email verification functionalities using PHP, MySQLi, and PHP's built-in mail function.
Here's a simplified version of these functionalities:
1. Database Table (users):
You'll need a MySQL table to store user information including username, email, password, and a verification status flag.
sqlCREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
email VARCHAR(100) NOT NULL,
password VARCHAR(255) NOT NULL,
verified TINYINT(1) DEFAULT 0,
verification_token VARCHAR(255),
remember_token VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
2. Signup (register.php):
This page allows users to sign up by providing a username, email, and password.
php<?php
require_once 'db_connection.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$verification_token = md5(uniqid(rand(), true));
$sql = "INSERT INTO users (username, email, password, verification_token) VALUES (?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ssss", $username, $email, $password, $verification_token);
if ($stmt->execute()) {
// Send verification email to the user
$to = $email;
$subject = 'Verify Your Email Address';
$message = 'Click the following link to verify your email address: http://yourdomain.com/verify_email.php?token=' . $verification_token;
$headers = 'From: your@example.com';
mail($to, $subject, $message, $headers);
echo "Registration successful. Please check your email to verify your account.";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$stmt->close();
}
$conn->close();
?>
3. Verify Email (verify_email.php):
This page verifies the user's email address using the verification token sent to their email after signup.
php<?php
require_once 'db_connection.php';
if ($_SERVER["REQUEST_METHOD"] == "GET" && isset($_GET['token'])) {
$verification_token = $_GET['token'];
$sql = "UPDATE users SET verified = 1 WHERE verification_token = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $verification_token);
if ($stmt->execute()) {
echo "Email verified successfully. You can now login.";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$stmt->close();
}
$conn->close();
?>
4. Login (login.php):
This page allows users to log in using their username and password.
php<?php
session_start();
require_once 'db_connection.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT id, username, email, password FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
// Set remember me cookie if checked
if (isset($_POST['remember'])) {
$remember_token = md5(uniqid(rand(), true));
setcookie('remember_token', $remember_token, time() + (86400 * 30), "/");
$sql = "UPDATE users SET remember_token = ? WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("si", $remember_token, $row['id']);
$stmt->execute();
}
header("Location: dashboard.php");
exit;
} else {
echo "Invalid username or password";
}
} else {
echo "Invalid username or password";
}
$stmt->close();
}
$conn->close();
?>
5. Forget Password (forget_password.php):
This page allows users to request a password reset link by entering their email.
php<?php
require_once 'db_connection.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = $_POST['email'];
$sql = "SELECT id, username FROM users WHERE email = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
$reset_token = md5(uniqid(rand(), true));
$sql = "UPDATE users SET reset_token = ? WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("si", $reset_token, $row['id']);
$stmt->execute();
// Send password reset email to the user
$to = $email;
$subject = 'Password Reset Request';
$message = 'Click the following link to reset your password: http://yourdomain.com/reset_password.php?token=' . $reset_token;
$headers = 'From: your@example.com';
mail($to, $subject, $message, $headers);
echo "Password reset link sent to your email.";
} else {
echo "Email not found.";
}
$stmt->close();
}
$conn->close();
?>
6. Reset Password (reset_password.php):
This page allows users to reset their password using the reset token sent to their email after requesting a password reset.
php<?php
require_once 'db_connection.php';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['token'])) {
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$reset_token = $_POST['token'];
$sql = "UPDATE users SET password = ?, reset_token = NULL WHERE reset_token = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $password, $reset_token);
if ($stmt->execute()) {
echo "Password reset successful.";
} else {
echo "Error resetting password.";
}
$stmt->close();
}
$conn->close();
?>
7. Logout (logout.php):
This page allows users to log out by destroying the session and deleting the remember me cookie.
php<?php
session_start();
unset($_SESSION['user_id']);
unset($_SESSION['username']);
// Delete remember me cookie
if (isset($_COOKIE['remember_token'])) {
setcookie('remember_token', '', time() - 3600, "/");
}
session_destroy();
header("Location: login.php");
exit;
?>
8. Dashboard (dashboard.php):
This page is accessible only to logged-in users and shows their dashboard.
php<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}
echo "Welcome, " . $_SESSION['username'] . "! You are logged in.";
?>
9. Database Connection (db_connection.php):
This file contains the database connection code.
php<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "your_database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
Make sure to replace "yourdomain.com" with your actual domain in the email links.
This is a basic example to get you started. For production use, you'll need to add more security measures such as input validation, CSRF protection, password strength requirements, etc. Additionally, consider using PHP frameworks like Laravel or Symfony for better code organization and security.