A simple, clean and secure

PHP & MySQL Login Script

Clean, crisp, fast, free, safe, object oriented, high performant and reduced to the max. Including modern sha256+salt password encryption. Works perfectly with PHP 5.3, 5.4 and the upcoming 5.5! Available in a minimal (ready to download!) and two styled versions (coming up!).

Download View on GitHub

Introduction

Finding a simple login script can be really really hard! The web is full of crappy, bad and unsecure scripts, long long threads a la "how to create a login on my PHP project ?" and totally outdated and unprofessional tutorials. And even when you have found something, somewhere, in the deepness of the web, then there's probably no documentation, no support, no community and no maintenance for up-to-date PHP versions.

This script tries to fill that gap and giving the PHP community something that actually works and does not suck.

It's simple & clean

2 tiny classes in 2 tiny files. One config file, one index file. Plus HTML-Views. No need to write any code. Everything does exactly what it's named after, all files are properly organized in a near-MVC structure and it uses just one (documented) database table.

It's secure

The script uses the sha256 hashing method and an additional salt. For all the non-hardcore-nerds: This is something good! ;) It's much much much better than the password encryption used by hacked mainstream sites like linkedin.com or eharmony.com!

It works

No plugins, no setup, no "you need to do this and that and maybe recompile bla and have you already checked this special thing here...". The script will work on any standard PHP 5.3+ & MySQL setup.

It's maintained

This script gets updates and a lot of people have & had a look on it's code. It's under active development, active bugfixing (no bugs so far!) and is the most liked and most forked PHP Login Script on github.

Easy usage

This is the basic implementation: Within your file, you create a database connect, a login object - and then you can simply ask if the user is logged in or not.

// include the configs
require_once("config/db.php");

    
// load the login class
require_once("classes/Login.php");

    
// create a login object.
$login = new Login();

    
// ... ask if we are logged in here:
if ($login->isUserLoggedIn() == true) {    
    // the user is logged in...
    include("views/logged_in.php");    
} else {
    // the user is not logged in...
    include("views/not_logged_in.php");
}

Easy installation / setup

First, fill out the config data in config/db.php ! The database name is the name of the database you'll create in the next step. If your host is different than "127.0.0.1" then you should change this here. 

/** database host, usually it's "127.0.0.1" or "localhost", some servers also need port info, like "127.0.0.1:8080" */
define("DB_HOST", "127.0.0.1");
  

/** name of the database. please note: database and database table are not the same thing! */
define("DB_NAME", "login");
  

/** user for your database. the user needs to have rights for SELECT, UPDATE, DELETE and INSERT.
/** By the way, it's bad style to use "root", but for development it will work */
define("DB_USER", "root");
  

/** The password of the above user */
define("DB_PASS", "mySecr3tP4ssW0rd");

After that, create an empty database named "login" (use phpmyadmin or another database tool when you are new to this) and run the login.sql statement within that database. This statement will create a table called "users" within that database. Alternativly, you can use the sql statements in "_install/sql_statements.txt". 

CREATE DATABASE IF NOT EXISTS `login`;

CREATE TABLE IF NOT EXISTS `login`.`users` (
`user_id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'auto incrementing user_id of each user, unique index', 
`user_name` varchar(64) COLLATE utf8_unicode_ci NOT NULL COMMENT 'user''s name',  
`user_password_hash` char(60) COLLATE utf8_unicode_ci NOT NULL COMMENT 'user''s password in salted and hashed format',  
`user_email` varchar(64) COLLATE utf8_unicode_ci DEFAULT NULL COMMENT 'user''s email',  
PRIMARY KEY (`user_id`),  
UNIQUE KEY `user_name` (`user_name`)) 
ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='user data'

Comes in three different versions

a.) Minimal & Reduced (without any CSS/JS)

Everything you need to set up a simple site with a simple login process.

b.) Advanced Login [coming in May 2013]

Comes with additional features, proper MVC structure, one shared database connection, PDO, clean seperation of logic, messages/errors etc, cookie handling, user editing interface, user roles, email verification, captchas, etc...

c.) Full Version [coming in June 2013]

Same like Advanced Version, but with a lot of CSS and JS stuff, gravatar support and ajax login.
Some visual previews here:

FAQs / Troubleshooting

I get error "mysqli class not found"

Pleeeease don't use extremely outdated PHP versions! This error occurs when you use a version prior to PHP 5.3! PHP 5.2 is outdated since 2009 (!), and there is absolutly no need to use this anymore. From PHP 5.3, mysqli is automatically installed with PHP.

License

This script is licensed under MIT license.
You can use the code in any form on any projects, private and commercially.

Fork me on GitHub