How to Build a Simple User Registration and Login System in PHP

Creating a user registration and login system is a foundational task in many web applications. Whether you're building a blog, an e-commerce platform, or a custom dashboard, managing users securely is essential. In this tutorial, we'll walk through how to build a basic system using PHP and MySQL.

What You’ll Need

• PHP (version 7+ recommended)
• MySQL database (via XAMPP, MAMP, or live server)
• Basic HTML and PHP knowledge
• Text editor (VS Code, Sublime, etc.)

Step 1: Create the Database

CREATE DATABASE user_system;

USE user_system;

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL UNIQUE,
    email VARCHAR(100) NOT NULL UNIQUE,
    password VARCHAR(255) NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

Step 2: Connect to the Database

Create a file named db.php for your database connection:

<?php
$host = 'localhost';
$db   = 'user_system';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];

try {
    $pdo = new PDO($dsn, $user, $pass, $options);
} catch (PDOException $e) {
    die("Database connection failed: " . $e->getMessage());
}
?>

Step 3: User Registration Form

Create register.php:

<form action="register.php" method="POST">
    <h2>Register</h2>
    <input type="text" name="username" placeholder="Username" required><br>
    <input type="email" name="email" placeholder="Email" required><br>
    <input type="password" name="password" placeholder="Password" required><br>
    <button type="submit" name="register">Sign Up</button>
</form>

And the PHP handling code: 

<?php
require 'db.php';

if (isset($_POST['register'])) {
    $username = htmlspecialchars($_POST['username']);
    $email    = $_POST['email'];
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);

    $stmt = $pdo->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
    try {
        $stmt->execute([$username, $email, $password]);
        echo "Registration successful!";
    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}
?>

Step 4: User Login

Create login.php:

<form action="login.php" method="POST">
    <h2>Login</h2>
    <input type="text" name="username" placeholder="Username" required><br>
    <input type="password" name="password" placeholder="Password" required><br>
    <button type="submit" name="login">Log In</button>
</form>

And the login logic: 

<?php
require 'db.php';
session_start();

if (isset($_POST['login'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password'])) {
        $_SESSION['user'] = $user['username'];
        echo "Login successful! Welcome, " . $_SESSION['user'];
        // Redirect to dashboard or home page
    } else {
        echo "Invalid credentials!";
    }
}
?>

Step 5: Secure the Pages

Protect pages like dashboard.php:

<?php
session_start();
if (!isset($_SESSION['user'])) {
    header("Location: login.php");
    exit();
}
echo "Welcome, " . $_SESSION['user'];
?>

🚪 Step 6: Logout Script

Create logout.php:

<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php");
exit();
?>

Final Tips

• Always hash passwords with password_hash(), never store them in plain text.
• Use prepared statements to avoid SQL injection.
• Consider adding form validation, CSRF protection, and email verification for a more secure system.

Conclusion

You’ve now built a working user registration and login system in PHP! This simple project lays the foundation for more advanced features like user roles, password reset, and secure sessions.