5 Easy Steps to Create Simple & Secure PHP Login Script - Free
  • Home
  • PHP

5 Steps to Create Simple Secure Login Script in PHP and MySql

This is a Simple to Advanced Login Script System using PHP and MySQL. In this script, a form will be displayed with two fields, username, and password. When the user is submitting with valid username and password, then he can access authenticated page. Otherwise, users again have to fill in the form. This is a continuation from the last article Simple User Registration Script in PHP and MySql. If you want to follow next article these are the links.

Here you will learn about Simple Login System & also an advanced system. Simple Login Script System is targetted towards beginners and helps you to learn the script easily. Advanced Login Script System is more secure than the simple Login Script and it is targetted towards intermediate, advanced users even beginners also can easily understand it. I’ve also created video tutorials for both the Login Systems. And also I’ve created a video course, I highly encourage you to join my course. So that, you will learn more advanced topics in user login & registration system.

(i). Simple User Login Script in PHP & MySQL
(ii). Advanced User Login, Registration, Forgot(reset) Password in PHP & MySQL

  1. Simple User Registration Script in PHP and MySQL
  2. Simple Login Script in PHP and MySQL
  3. User Login with activation check using PHP and MySQL
  4. Send Forgotten Password by mail using PHP and MySQL
  5. Check Username Availability With jQuery In PHP And MySql

(i). Steps to create Simple Login Script in PHP and MySQL

  1. First step we will connect to the database.
  2. Then we will select the database.
  3. We are checking, if the form is submitted or not. In this step we have two logic’s.
    • What if the form is submitted.
      1. If the form is submitted, we are assigning the posted values to variables and checking the values are existing in the database or not.
      2. If the values submitted in the form and the values in the database are equal, then we will create a session for the user.
      3. If the values are not equal then it will display an error message.
      4. And then we checks for the session, if the session exists we will great him with the username, otherwise the form will be displayed.
    • What if not the form is submitted.
      1. When the user comes first time, he will be displayed with a simple form.
      2. User Name, Password and a submit button.

Below is the Video on Simple User Login Registration Script in PHP

Subscribe on Youtube

1. Create a Database Table

If you are already following from previous article, you should already have database table created. If you don’t have create the table.

2. Creating HTML User Login Form

This is the form, only displayed if message variable in not set.

3. Adding styles to Login Form

And the styles for the form, if you have added styles in previous article. Skip this step.

4. Connect to Database

If you are following from previous user registration article, no need to create this file. Other wise create connect.php file.

5. PHP Logic for User Login

And this is the PHP code for logging in user


Complete Code of login.php

If you want to learn other things you can read other posts – registration, login, user login with activation check, and sending forgotten password by email, Check Username Availability .

(ii). Steps to create Advanced Login Script System in PHP and MySQL

In the above simple login script, we have some flaws. That is I’m using plain text passwords and it is easy to do SQL injections and lot more. Because that is targetted to beginners for learning purpose.

Here in this advanced login system, you will learn a lot of advanced things and some of the features are below.

  • Login with User Name or E-Mail
  • Securing Login from SQL injections
  • Encrypting Users Password
  • Login using PHP Sessions
  • Only Active Users Can Login

In this script we will start by checking the session, if the user already logged in he will be redirected to index.php page that is members area. After the form submission, we check post superglobal isset and not empty. In this code, I’m using DB connection from above code, database table and HTML form from our above code.

Here I’m just working on improving PHP logic from above code.

Below is the Video on Advanced & Secure PHP User Login Registration Script With All Features

Subscribe on Youtube

If the post superglobal is set and not empty, if it’s true I’m assigning the submitted values to variables using this code and encrypting password to md5 hashing instead of plain text password.

After that, I’m writing an SQL query to check the user details in database tables with submitted user information. Executing the query and also counting the number of rows in result set. If the number of rows is equal to one then we will set the session and redirect the user to members area page. Otherwise, we will display an error message. I’m already displaying these messages in above the form HTML code, if you are following from above you will already have it.

And next important cocept is user will be able to login with username or email. For that I’ll modify the SQL query little bit. So, that we will check the submitted value if it’s email we will check it with email column. If it’s not email we will check it in username column. And I’m creating SQL query over couple of conditions and statments.

Checking the user, if his account is activated then only we will allow hime to login otherwise he won’t be able to login. For that I’m using active column, if the user activates his account by verifying his email. Then only his account status becomes active, that means active column becomes to 1.

Here is the improved code with above discussed condition.

Complete code of Advanced Login Script System in PHP & MySQL

Download the Complete Code

Next Steps After User Login

Password Encryption

Instead of md5 hashing algorithm, use password_verify PHP function in conjection with password_hash PHP fucntion. This password_hash should be used while registering users and while login you can use password_verify PHP function.

I hope this article helped you to learn user login using PHP and MySQL . To get latest news and updates follow us on twitter & facebook, subscribe to newsletter. If you have any feedback please let us know by using comment form.

simple login form in php php login script simple login form in php with mysql database simple php login script simple login page in php simple login php login php mysql simple php login php simple login php login code
Vivek Vengala

Vivek Vengala is a Online Entrepreneur, Web Developer from Hyderabad India.

Click Here to Leave a Comment Below 28 comments

Step 5 add a “?>” in the end : )


how do i log out?

    Onutu Mihai


Sarah Ellix

Do you have any code for logging out?




dude thank uuuuuu… after 2 dayss of surfing .. my code working …!!! greatest website everr ..!!!! haha 😀


Nice job Its helpful code for beginners

Dennis Briggs

Very nice on the html form after register I added forgot password line
Forgot Password

    Vivek Vengala

    Thanks Dennis, for your valuable suggestions.


Hi, I’m having a problem in 3. 9. Username and Email Checking in Database. Nothing pops up “Username or Email already exist” when I create a new duplicate account and I’m confused about your table user. I thought your only table is usermanagement. Is your usermanagement table is similar to your user table???? I’m really confused. Thanks

    Vivek Vengala

    Hello Jomar,

    Please check you have inserted rows in database table or not?

    User table is for my development purpose.


Hi dear,
It works perfectly but when a user logout and then again he click on login button “which will take him to login page ” it took him directly to the user dashboard using old stored details.

How to prevent accessing page directly if I have the URL. so you always be redirected to login page if you are not already logged in may be setting sessions . can you help please ?

    Vivek Vengala

    Hi mony,

    Check the session in members area page, if session does not exist redirect user to login page using header PHP function.


I have this error

Parse error: syntax error, unexpected end of file in D:\Xampp\htdocs\usermanagement\login.php on line 66

at line 66 it’s the end of the html tag ()

    Vivek Vengala

    Hi Andrew,

    Please post your code, so that I can see the problem clearly.

    To fix unexpected end of file error, please check you are not missing any closing braces for if condition.


Hi Vivek, excellent tutorial.
I am having issues with mysqli_num_rows for login code. I get the following error message: “Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\test\login\login.php on line 9”,

And line 9 code is $count = mysqli_num_rows($result);
It is supposed to return 1, but apparently it doesn’t, which means that $result query returned false. And i, for the life of me, can’t figure out why.
My code is as follows:

**(note i have changed the names of variables a bit, but everything else is the same as your code shown in the video, at least as far as i can see).

    Vivek Vengala

    Please check the SQL query, if there are no errors use this below code with mysqli_query()

    mysqli_query($connection, $sql) or die(mysqli_error($connection));

    By using above code, you can get the error… If your problem didn’t solve please let me know…


      your are amazing! thanks for this i need to learn more from you!!!


Hello all i was wondering something i manage to get the code to work ??
lets say i have a website and i want to use this “login” how do i send my members to MYpage once they register ? could someone please help me on this ?

    Vivek Vengala

    Hi lauro,

    In successful registration condition block, create session & redirect the user to members page.


      thanks for your Reply .
      but the problem was that my server provider does not accept mysql commands
      so i used mysqli
      thank you so much .


login html works fine
but when submitting

Table ‘test.user’ doesn’t exist

i used

:::; $sql = “SELECT * FROM user WHERE username =’$username’ and password =’$password'”;

and then i tried to create , test.user , but when i used
::::::::: $sql = “SELECT * FROM test.user WHERE username =’$username’ and password =’$password'”;
i got error
Table ‘test.test.user’ doesn’t exist

    Vivek Vengala

    Please check your database credentials in connect.php. Maybe your database name is different, instead of test.


After surfing 2 days finally found the working one for new mysql version. The best tutorial found over the internet. Thank you. You saved my day 🙂


But that isn’t secure login! First escaping the variables then match password with strcmp and password encryption is required. Using password_hash will be ok and at the time login verify with password_verify function. Wish you a good luck!

    Vivek Vengala

    Hi Om Prakash,

    You raised a good point, this tutorial is intended only for beginner level learners and indeed I’ve discussed the topics about secure password hash concept and there are other points like using PDO for securing from SQL Injections. And also using secure sessions. You can learn more about PHP Security here.



Thanks for the wonderful post. It is very helpful. Just one thing I am looking for i.e redirecting to another page if the user successfully logged in. It will be very great if you guide me.


    Vivek Vengala

    Hi Rajni, you can use header PHP function to redirect users after login.


Leave a Reply: