How to Build a Full-Featured Login System
plus

How to Build a Full-Featured Login System: New Premium Tutorial

on Aug 5th 2009 with 86 comments
Download Source Files

In this tutorial, I will show you how to build a simple login system consisting of a login page, register page, forgotten password page, email activation, logout page and finally a users online page. I made this tutorial to primarily target new-to-PHP developers, due to the fact that, when I started, I noticed the lack in quantity of basic login systems. Therefore, I decided to make one myself giving high quality advice on how to make your first login system with a users online script! Join today!

How to Build a Full-Featured Login System: New Premium Tutorial

Join Tuts Premium

NETTUTS+ Screencasts and Bonus Tutorials

For those unfamiliar, the family of TUTS sites runs a premium membership service called “Premium”. For $19 per month, you gain access to exclusive premium tutorials, screencasts, and freebies at nettuts+, psdtuts+, and vectortuts+! For the price of a pizza, you’ll learn from some of the best minds in the business. Join today!


Tags: Premium
 
Enjoyed this Post?

Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!

By

Rollover to read this author's bio or click through to see a full list of posts by this author.

This author has yet to write their bio.  

Plus Premium
 
 
Note: Want to add some source code? Type <pre><code> before it and </code></pre> after it. Find out more
  • Meshach

    Oh man…

    I wish this wasn’t a plus tut.

    • http://laranzjoe.blogspot.com lawrence77

      Me too…. :cry:

      Soon we join and learn that… :cheers:

      Thanks nettuts….

      • Bloody Mary

        This network is still not accessible if you don’t have a credit card!

        Change the subscription system so that all people around the globe can access and enjoy learning from this resource.

        Did you read that,Mr.tutsplus ? :-)

      • http://labs.dariux.com Dario Gutierrez

        I agree with you guys! Looks good tutorial!

      • http://chucky-mong.co.cc Marcus Setchell

        Thanks for being interested in my tutorial and im sorry that you guys cant read it =[

        Marcus

      • Fynn

        Yo Bloody Mary,

        Tuts plus “Plus” (?!!) account is also accessible via Paypal. So that shouldn´t be a problem considering credit cards right? At least not in the Netherlands..

        By the way looks like a great tut!

      • http://laranzjoe.blogspot.com lawrence77

        no problem Marcus….

        We join soon and read that……. :thumpsup: ;)

      • http://sffarlenn.net Laneth

        I am in Australia and subscribed with the 3 Month option via PayPal – I don’t have Credit Card and if I don’t have the funds in the PayPal account, it automatically comes from my bank account. Handy really – How else would one pay, if not with a Credit Card or PayPal?

      • SykeS

        I have PayPal, but I can’t buy Plus. Credit Card is needed…

      • setare

        its a good idea

    • http://www.jlapitan.com jlapitan

      me too.. i wish i can afford it.. awts… really love to have a tutsplus account…

  • Guario

    This is something I’ve been looking for a while now. I need a basic PHP login system that can also reset passwords. I’m trying Kohana as a PHP framework and it has a basic Authentication module, but it does not include a reset/forgot your password functionality.

    I hope this or something like this gets put on the regular tuts site.

  • Johnathan

    There’s no video?

  • http://chrisberthe.com/ chrisberthe

    It’s pretty good, but I found there to be a few grammar mistakes + all throughout the tut you had:

    which I found to be pretty entertaining :)

    • http://chrisberthe.com/ chrisberthe

      Doh… t’was html code I posted. You kept linking a stylesheet called style.htm, funny.

      • http://chucky-mong.co.cc Marcus Setchell

        I dont know why that is, XD how can i correct it? :\

      • http://sffarlenn.net Laneth

        Marcus – I’d contact Jeffrey to see if he can’t either update it or allow you access to update it yourself. At least that would be my first step.

      • http://www.jeff-way.com Jeffrey Way

        I’ll fix that today.

      • Marcus Setchell
        Author

        Okay thanks and could you sort my SQL file too please as stated below by David Moreen.

        Thanks a lot =]

  • Chad

    I’ll have to read through this later this evening but I’m curious about the Full-Featured Simple Login System.

  • barry

    Why do you guys complain so much?

  • http://www.enatom.com enatom

    guys its not that hard, :-

    register, send activation link, md5 (which is easy stuff), sessions, mysql.

    I just finised writing my own system with sql injection etc and lots of security, in less than 5 days, tbh i think more Advanced tutorials should be PLUSed. not this.

    • Jedrek

      I agree

    • http://www.dbrema.com David

      I disagree, plus doesn’t mean advanced – it should mean higher quality that teaches something very valuable. Just because it’s easy or basic to some doesn’t mean it isn’t really valuable to others, you know?

    • http://www.microsoft.pl billgates

      Well, I would disagree also. Consider this site is visited by lots of front-end web designers that do not know php (yet?)

  • http://spotdex.com David Moreen

    Your mysql dump file is not formatted correctly and is generating errors, when I try to import. Very nice tutorial though.

    • http://spotdex.com David Moreen

      Here is the proper dump for everyone:


      – Table structure for table `users`

      CREATE TABLE IF NOT EXISTS `users` (
      `id` int(11) NOT NULL auto_increment,
      `username` varchar(32) NOT NULL,
      `password` varchar(32) NOT NULL,
      `online` int(20) NOT NULL default ’0′,
      `email` varchar(100) NOT NULL,
      `active` int(1) NOT NULL default ’0′,
      `rtime` int(20) NOT NULL default ’0′,
      PRIMARY KEY (`id`)
      ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

      INSERT INTO `users` (`id`, `username`, `password`, `online`, `email`, `active`, `rtime`) VALUES
      (1, ‘testing’, ‘testing’, 0, ‘fake@noemail.co.uk’, 0, 0);

      • Jay

        I’m trying to add this in with phpmyadmin and I keep getting

        #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘– – Table structure for table `users` – CREATE TABLE IF NOT EXISTS `u’ at line 1

        Do you happen to know why? thanks :)

  • kevinsturf

    Ill have to read through this one later. I would really love to build a login system

  • 阿呆

    It’s sorrowful that I cann’t watch it..

  • http://www.miketorosian.com Mike

    In place of the protect function could you just wrap your $_POST elements with mysql_real_escape_string?

  • hari

    Well I am glad to be a member.

    I would love to see some tuts for commerce sites. I was researching prestashop. But you hardly find any tips or tutorials.

    Keep on rocking :)

  • ARIFUR RAHMAN

    This tutorial my be free as there are standard tutorial on net about login.
    One other issue. As there member system need credit card so that many user do not use this. So will you change the subscription system.

  • http://www.sonergonul.com/blog/ Soner Gönül

    Thanks man! It’s great!

    I will use this ;)

  • http://www.kiran13xtreme.co.uk Kiran

    I think i need to beocme a member just to see this!

    • http://twitter.com/kiran13xtreme Kiran

      @Jeffrey Can I subscribe to the plus service for one month and if so what do i do? I converted $9 to GB and its only a £5 that’s good value but i only want it for one month

      • http://www.peewee1002.co.uk Peewee1002

        You can do that.

        I am pretty sure.

  • Marcus Setchell
    Author

    Hey thanks alot for all the great comments guys, and thanks for sorting out my SQL file David. I will admit that when it comes to SQL im not one of the most confident people but i always give it a go.

    As for the comments about it being basic, i have stated at the begining of my tutorial the fact that i have written in for new programmers

    “I made this tutorial to primarily target new-to-PHP developers, due to the fact that, when I started, I noticed the lack in quantity of basic login systems.”

    Yes Mike, you could just wrap you $_POST data with the mysql_real_escape_string() function, i just do my own function out of personal prefference.

    Again, Thanks a lot guys :D

    • http://mattskornor.com Matthew Mancuso

      I believe it would be easier to write protect instead of mysql_real_escape_string ;) … make it easy on yourselves!

  • James

    People, it’s 9 bucks a month man. Lynda.com charges 25 a month just for videos. No written tutorials.

  • http://ekbdesigns.com Elizabeth K. Barone

    I only just started nettuts, but this is the first members-only article I’ve seen on any of the tuts+ sites.

    What’s interesting is the number of web and web-only publishers who are now charging for content. It seems to be growing quickly, but is it beneficial to the website? I’m especially concerned because a lot of users, as some stated above, will just go elsewhere for the content. (I already have a book, PHP Solutions by David Powers, that covers building a login system.)

    I wonder if charging users for content is more profitable than charging for ad space, and if the average user will stand for it. Personally, I wouldn’t buy a subscription to nettuts — only because I use a lot of similar sites and paying subscriptions to all of them would be very expensive, much like buying subscriptions to several magazines in the “old” days would be very expensive.

    Still, I think it’ll be interesting to see how this new model plays out…

    • http://ekbdesigns.com Elizabeth K. Barone

      Yikes, that first line should say, “I only just started USING nettuts,” lol!

      • http://www.jeff-way.com Jeffrey Way

        Eiizabeth – The PLUS service is simply for those users who wish to have access to more tutorials and screencasts. We offer 5 high quality tutorials every week for free on this site that will keep people from going elsewhere for tutorials.

      • Marcus Setchell
        Author

        I also think that a premium section is a good idea and should be kept. This is because its exactly the same as what you said before, in fact better. You had to pay for the book? well imagine paying for a book that updates every week, you can ask questions if you become stuck.

        I personally would rather pay to be a premium meber for nettuts+ than pay for a book.

        But on the otherhand taking into account other people have different opinion and i see where your coming from. There are great resources on the internet for free. I dont think anyone here can say they have never used some, but then nettuts is not a webpage displaying tutorials. Its a community of developers trying to help each other out a bit.

        Please no one take this offensivly it wasnt meant to be just adding my opinion :D and i respect everyone elses opinion =]

  • http://www.tutsvalley.com Web010

    There are many tutorials on nettuts about membership systems, why is this one so special to be PLUS?

    • connor

      Due to the shear detail in it. I have read it and it is worth the 9 bucks.

  • http://no@spam.com barten

    is this system secure?

  • Brian

    That’s gotta be some tutorial. I’ve got a nice CI authentication and user management system that I wrote, and it’s at about 2000+ lines of code. It has various modes of user registration, password recovery by email link, user search/sort/update/delete, multi-levels of users and admins, supports disabling the login per IP or per username, optional persistent login, and a lot more. Best of all, it is CI, so it uses flash sessions for form posts, form validation, input filtering, active record for clean sql, and all that good stuff we love about CI. I’m going to be fine tuning it over the next few weeks, and hopefully post it in the CI wiki shortly after the CI 1.7.2 release. The CI forum makes it sounds like 1.7.2 is really close to being released. A tutorial for making my system would take… many many hours. Fortunately, using it is really simple.

    • Amine

      Really Interested by it since there are no bullet proof and clear tutorials about that in the codeigniters forums … and I’ve been searching for a while =) !

    • http://twitter.com/kiran13xtreme Kiran

      Where do i go specifically to view what you have made (CI novice) :)

  • Darrel

    I wish you had written this so that the passwords are stored encrypted. Then have the “forgot password” section send a new, random password. Of course then you’d need a “reset password” section so users could their preferred password back in.

  • otumara jolomi

    My country is not on the list on the payment page so i can’t even get a plus account. Not fair at all

  • raoul

    Hi there,

    I’ll maybe take an account not just for this tuts but… Is this tut work with a data base ? like sql or so ?

    Thanks !!
    R. from france.

  • Some Macedonian

    I think it’s fair enough for them to charge for some tuts, cause the free tutorials here are among the best you can find online. Plus you don’t have to pay if you don’t want to. We should be grateful for sites like this, cause they have made the effort to help the community, but people are always greedy, you give them the finger, they want the whole arm. If you read all the free tutorials about PHP here and you are not able to do full featured login system on your own, then you should seriously think about changing your profession to something else.

  • Brandon S. Adkins

    Looks like I might be getting a Tuts+ account to view this one. :)

  • laCiutat

    Hi Marcus,

    Thanks for the great tut, it’s perfect for a crossover designer learning the ropes.
    I have a few questions:

    I keep getting these errors that I feel are pretty simple, but since I’m a php n00b I don’t know how to fix them. I’ve listed the, page, error notice, and the relevent line of code below:

    ———————————————————————————————
    /login.php

    Notice: Undefined index: submit in C:\wamp\www\cms sci\login.php on line 22

    line 22: if($_POST['submit']){

    ————

    /register.php

    Notice: Undefined variable: INFO in C:\wamp\www\cms sci\register.php on line 100

    Warning: mail() [function.mail]: Failed to connect to mailserver at “localhost”
    port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set() in C:\wamp\www\cms sci\register.php on line 100

    line 100: mail($email, $INFO['chatName'].’ registration confirmation’, “Registration email “.$username.

    —–

    /forgot.php

    Notice: Undefined index: submit in C:\wamp\www\cms sci\forgot.php on line 22

    line 22: if($_POST['submit']){

    ——————————————————————————————————-

    Everything else works fine. Any advice on what’s going on here would be greatly appreciated!

    Thanks again.

    • Gustavo Albuquerque

      Me too! I think it’s something about WAMP. And, yes, I’m a complete newbie :/

  • Moira

    Thanks for the great tut. How do we keep people out of the restricted area if they’re not logged in? I tried using the UsersOnline code, but it just says “restricted area…” but then shows the content just the same.

    Thanks

  • http://www.nosleephotel.com Houston Graham

    Can there easily be added a Admin Approval step? I would like to approve the new accounts before they have access. Thanks.

  • Blaise

    Hey, I keep getting a header issue: Cannot modify header information – headers already sent by ……
    Anyone know how to fix this? Ive tried removing white space and the issue persists.

    • Sree

      try placing this at the top of your page:

      then at the bottom of the page place this line of code:

      This turns on output buffering. Manual reference page is here
      http://php.net/manual/en/function.ob-start.php

      • Sree

        for some reason the php statements did not appear in my comments.

        try placing this at the top of your page:

        then at the bottom of the page place this line of code:
      • Sree

        Hehe! Comments eat up the php code!

        try placing this at the top of your page inside the php delimiters.
        ob_start();

        then at the bottom of the page place this line of code:

        ob_flush();

  • http://hackintosh.yourboyvic.com vic

    who/how do I contact regarding clarity/help on the ‘back to login.php’ step of this plus tutorial.

    in the mentioned step, when I add the the ‘back to login.php’ to step 2 ‘creating the login page’, it doesn’t function as it is written in the tutorial.

    sorry, but there wasn’t any documentation in the downloaded material on who to contact if things didn’t seem right.

  • mee

    there are some parts missing in this tut! like keeping people out of the private area… :(

  • http://6ixels.com David Henderson

    Hi,

    I am trying to run the SQL for the table users and keep getting the following error:

    #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘0′,
    `email` varchar(100) NOT NULL,
    `active` int(1) NOT NULL default ‘0′,
    ‘ at line 5

    Does Anyone know what may be causing this?

  • ali

    please anyone give me this tutorial i want it . but i have not any money . i can’t pay it because I’m outside of Europe & USA .

  • http://dewlance.com Kunnu Singh

    good tutorial but i think free tutorial is best for me :)

    tutsplus is good site… and they need $$ for running this site..(premium membership )

  • pissed off

    I’m also getting the same error as above, only signed up to Nettuts of this tutorial so expect to get a response very quickly..

    #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”nettuts’ ( ‘id’ int(11) NOT NULL auto_increment, ‘username’ varchar(32) NOT N’ at line 1

  • Ludd

    FOR THOSE HAVING TROUBLE COPYING AND PASTING THE SQL DATA:

    I also got the error #1064, but instead of giving up I tried inserting the table manually and i got the same results.

    1) I started by naming the database: loginTut

    2) Create new table on database loginTut – Name: users – Number of fields: 7

    3) You are now redirected to a page where you can manually enter all the 7 fields: ( ENTER ALL DATA )

    4) id needs to be auto-incremented so i checked the A_I radio-button
    if it says NOT NULL in the tutorial don’t check the NULL radio-button
    if there is a default value make sure to enter a default value under the default field and changing the drop-down to ‘use defined:’ and entering 0 below the field ( hope you understand what I’m saying )

    after that save and the database is set.

    I have no phpMyAdmin experience, and still I manage to do this. If I can do it so can you!

    TIP: use DEFAULT instead of default
    AUTO_INCREMENT instead of auto_increment.
    That is something that differs in myPhpAdmin It uses capital-letters. Maybe its the version I use. Who knows.

    GOOD LUCK

    • ludd

      This was the code generated

      CREATE TABLE `loginTut`.`users` (
      `id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
      `username` VARCHAR( 32 ) NOT NULL ,
      `password` VARCHAR( 32 ) NOT NULL ,
      `online` INT( 20 ) NOT NULL DEFAULT ’0′,
      `email` VARCHAR( 100 ) NOT NULL ,
      `active` INT( 1 ) NOT NULL DEFAULT ’0′,
      `rtime` INT( 20 ) NOT NULL DEFAULT ’0′,
      PRIMARY KEY ( `id` )
      ) ENGINE = MYISAM ;

      all is capitalized in myPHPAdmin ! Hope this helps

  • ludd

    As a newbie in php and MySQL, I had a lot of trouble figuring out why somethings in this tutorial didn’t work right away. The code has some minor errors in it. If you don’t know what you are doing/reading it can be frustrating at times. Was it worth it? Yes!

    I’ve learned a ton. I pulled my hair out several times, cursed the script and I’m still sane ( hoping that at least ). But in the end I manage to complete this tutorial, correct the typos, rewrite the php-code into an object oriented way, combined it with flash actionscript 3 and be creative with it.

    Overall it was a good tutorial for beginners like me. I would suggest others to combine what you learn here with other tutorials on the envato site. Like securing your code, writing object oriented php code, and don’t complain to to much.

    good luck!

  • cinek

    I got lost on adding php to the login.php. It seems to start in the middle of the php file (with } else {) even tho there was no mention of adding any php before that. Would not recommend this.

    • http://www.rafaelrp.com.br/blog/ Rafael R.P (Raff)

      Yes!
      me too!!

      • http://www.10dd.co Mike

        Open the source files its easier to see what’s missing from the actual working files. The html tutorial is just an explanatory guide.

      • http://www.bobmenacho.com Bob

        The fact that the full PHP scripts are available in the source zip should be mentioned at the beginning of the tutorial. Looks like most people get confused and have to dig threw the comments to figure this out

  • http://www.hjdevri.es Hans de Vries

    I get the error:

    Warning: Cannot modify header information – headers already sent by (output started at /hjdevri.es/public_html/plus/wp-content/themes/sandbox/login1/login.php:21) in /hjdevri.es/public_html/plus/wp-content/themes/sandbox/login1/login.php on line 81

    Can anyone tell me how to fix this problem?

  • http://www.parhelia.ch Mischa

    “headers already sent” usually means that there was already some text/html output to the page at the moment you try to start creating initial output.

    In other words and according to your error message: You try to START to create the page (by using the “header()” command) at line 81 in login.php while the actual output of the File already has started on line 21 of your file.

    (you can only use the “header()” php command, if you haven’t already sent anything to the output)

  • mike

    This sucks
    i paid for +, just for this tutorial
    and it doesn’t WORK !!!
    the crappiest tutorial on net.tutsplus.com

  • http://www.10dd.co Mike S

    Been a Premium Member for months and love all the content across all the Envato Network. If something has value, which this network definitely does, you can’t fault people for wanting to earn something for all their hard work helping the online community. $9/month is nothing compared to studying this exact same stuff in college/media schools etc.
    Keep up the great work guys, you’ve helped my career so much I pretty much use one of your tutorials for reference everyday in my design firm. Ignore the penniless complainers!

    Oh and the Tut DOES work, look at the source files provided not just the tutorial html!

  • Mojoberlin

    Please can someone help me with this problem i’am newbie with php
    Warning: Cannot modify header information – headers already sent by (output started at /htdocs/login_user/login.php:19) in /htdocs/login_user/login.php on line 76

  • http://jackrugile.com Jack Rugile

    Has this tutorial been removed? The link to the tutorial marketplace does not work and I can’t find it by searching in the marketplace either. I definitely want to check it out!

  • http://www.hostregal.com Host Regal

    This is a great tutorial site. Thank you for this. I’ll sign up for premium membership soon.

  • http://templatz.co Kev

    I’m not too impressed with this login form. It is a little outdated and not responsive. Check out these 2 Complete Login and Membership Forms. One of the forms also has an Administration Area where you can view members, create users, ban users, approve users and edit user information.

    http://templatz.co/login-membership-forms.php

    • Simon

      Smells like spam to me.

  • Mahbub

    help me plz….

    find this error :(

    running wamp server with
    php version 5.3.10

    ( ! ) Notice: Undefined index: submit in F:\wamp\www\source\login.php on line 22
    Call Stack
    # Time Memory Function Location
    1 0.0005 689248 {main}( ) ..\login.php:0