Wednesday, 26 December 2018

PHP: User registration script using php mysql with Password Hash

User registration can be found in almost all website. But how a developer creates one? That is a million dollar question and there are thousands of methods to do it. Here I am going to provide a simple way developing a website which has the user registration feature using PHP MySQL. This tutorial is intended for all PHP / MySQL beginners who wanted to create user registration page in a splash 🙂 For your convenience I have also included a demo on how it works.
If you would like to check the password strength, Please check this script on how to implement password strength check on your web page?
I know there are hundreds of tutorial on how to create registration forms but thought of sharing my own simple method of using php mysql script for creating a user registration website.

You can also check this tutorial on how to Enable Authentication For PHPMyAdmin?
One of the features we are using here is password hashing. Which means that even if the user enters a password and add it to the MySQL database it will be hashed and will not be readable by anyone else.
A typical user registration page contains fields like First name, Last Name, Password, Email, Address etc., . So these are the fields I am going to add for my HTML form. Create an HTML page with name My_Registration_Form.html
<form method="post" action="action.php" id="login_form">
       <div>
                       First Name
                        <div>
                          <input type="text" id="fname" placeholder="First Name">
                        </div>
                        Last Name
                        <div>
                          <input type="text" id="lname" placeholder="Last Name">
                        </div>
                        Email
                        <div>
                          <input type="text" id="email" placeholder="Email">
                        </div>
                        Password
                        <div>
                          <input type="password" id="password" placeholder="Password">
                        </div>
                      </div>
                      </div>
                        <div>
                        Address
                        <div>
                          <input type="text" id="address" placeholder="Address">
                        </div>
                      </div>
                        <div>
                        City
                        <div>
                          <input type="text" id="city" placeholder="City">
                        </div>
                      </div>
                        <div>
                        State / Province
                        <div>
                          <input type="text" id="state" placeholder="State">
                        </div>
                      </div>
                        <div>
                        Postal / Zip Code
                        <div>
                          <input type="text" id="zip" placeholder="Zip">
                        </div>
                      </div>
                      <div>
                       <div>
                        Country
                        <div>
                      <input type="text" id="country" placeholder="Country">
                  </div>
                      </div>
                      <div >
                        <div>
                          <input name="Submit" type="submit" id="submit" value="Submit" class=""/>
                          <input type="reset" name="Reset" value="Reset" class="btn"/>
                        </div>
                      </div>
</form>
Next step is to create MySQL database and required tables.
Let us create a database with the name userdata, then create a table named loginform and add corresponding columns. Just copy paste the code below to your Mysql database command line / PHPMyAdmin.
CREATE DATABASE userdata;
USE userdata;
CREATE TABLE loginform (
loginform_id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
loginform_firstname VARCHAR(30) NOT NULL,
loginform_lastname VARCHAR(30) NOT NULL,
loginform_email VARCHAR(50),
loginform_pass CHAR(90),
loginform_address VARCHAR(150),
loginform_city VARCHAR(50),
loginform_state VARCHAR(50),
loginform_zip VARCHAR(50),
loginform_country VARCHAR(50),
reg_date TIMESTAMP
)
Now the MySQL part is done. All we have pending is to create a PHP code which will help us to submit data from the HTML form to MySQL database.
In the PHP script, I have tried to make the code less complex as possible for your understanding. We are using Mysqli_connect instead of the regular mysql_connect function. Make sure to update your Mysql Username / Password according to your requirement otherwise the code will not work.
<?php
//Connect to database from here
$link = mysqli_connect('localhost', 'root', 'mynewpass','userdata');
if (!$link) {
    die('Could not connect: ' . mysqli_error());
}
//select the database | Change the name of database from here
 
//get the posted values
$fname=htmlspecialchars($_POST&#91;'fname'&#93;,ENT_QUOTES);
$lname=htmlspecialchars($_POST&#91;'lname'&#93;,ENT_QUOTES);
$email=htmlspecialchars($_POST&#91;'email'&#93;,ENT_QUOTES);
$password=htmlspecialchars($_POST&#91;'password'&#93;,ENT_QUOTES);
$pass = password_hash($password, PASSWORD_BCRYPT);
$add=htmlspecialchars($_POST&#91;'address'&#93;,ENT_QUOTES);
$city=htmlspecialchars($_POST&#91;'city'&#93;,ENT_QUOTES);
$state=htmlspecialchars($_POST&#91;'state'&#93;,ENT_QUOTES);
$zip=htmlspecialchars($_POST&#91;'zip'&#93;,ENT_QUOTES);
$cntry=htmlspecialchars($_POST&#91;'country'&#93;,ENT_QUOTES);
 
//now validating the email
$sql_v="SELECT loginform_email FROM loginform WHERE loginform_email='".$email."'";
$result=mysqli_query($link, $sql_v);
 
//if email exists
if (mysqli_num_rows($result) > 0)
{
echo "Email already exist in Database. Use different email address";
exit();
}
$sql = "INSERT INTO loginform (loginform_firstname, loginform_lastname, loginform_email,loginform_pass,loginform_address,loginform_city,loginform_state,loginform_zip,loginform_country)
VALUES ('$fname','$lname','$email','$pass','$add','$city','$state','$zip','$cntry');";
 
if (mysqli_query($link, $sql)) {
    echo "New user created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($link);
}
 
mysqli_close($link);
?>
This script will validate email address, If it is already existing in the database then user will be prompted to use another email.
Password is also hashed while saving to the database. This provide extra security.
Each form field is validated for HTML Special Characters. Single and double quotes are converted using ENT_QUOTES constant.

0 comments:

Post a Comment