HTML CSS JavaScript jQuery PHP MySQL

Secure Registration System with PHP and MySQL

Posted on by David Adams

Secure Registration System with PHP and MySQL

This tutorial is a follow up to our previous tutorial Secure Login System with PHP and MySQL, we will be creating a registration form to go with the login form that we created. Before we get started there are some requirements you need for this tutorial, you need a web server running PHP 5 (or over), MySQL server, and MySQLi extension for PHP (usually enabled by default), we recommend downloading and installing XAMPP if you are developing your projects on a local computer.


1. Creating the Registration Form Design

You are free to create your own design or use the registration design below.


register.html:
<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<title>Register Form Tutorial</title>
		<style>
		.register-form {
			width: 300px;
			margin: 0 auto;
			font-family: Tahoma, Geneva, sans-serif;
		}
		.register-form h1 {
			text-align: center;
			color: #4d4d4d;
			font-size: 24px;
			padding: 20px 0 20px 0;
		}
		.register-form input[type="email"],
		.register-form input[type="password"],
		.register-form input[type="text"] {
			width: 100%;
			padding: 15px;
			border: 1px solid #dddddd;
			margin-bottom: 15px;
			box-sizing:border-box;
		}
		.register-form input[type="submit"] {
			width: 100%;
			padding: 15px;
			background-color: #535b63;
			border: 0;
			box-sizing: border-box;
			cursor: pointer;
			font-weight: bold;
			color: #ffffff;
		}
		</style>
	</head>
	<body>
		<div class="register-form">
			<h1>Register Form</h1>
			<form action="register.php" method="post">
				<input type="text" name="username" placeholder="Username">
				<input type="password" name="password" placeholder="Password">
				<input type="email" name="email" placeholder="Email">
				<input type="submit">
			</form>
		</div>
	</body>
</html>

The above code is a basic layout we need to register users on our website, as you can see with the form we have the username, password, and email fields, we also link our form to register.php which will come later. The form method is set to post which will allow us to send the form data to the server when the user clicks the submit button.


2. Registering Users with PHP

Now we need to create the registration file, this file will process the form fields, we will check for basic validation and insert the fields in to our database (make sure you follow the previous tutorial for the SQL statement).


register.php:
<?php
session_start();
// Change this to your connection info.
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'phplogin';
// Try and connect using the info above.
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
	// If there is an error with the connection, stop the script and display the error.
	die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data was submitted, isset will check if the data exists.
if ( !isset($_POST['username'], $_POST['password'], $_POST['email'])) {
	// Could not get the data that should have been sent.
	die ('Please complete the registration form!');
}
// Also check if the submitted values are empty
if ( empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
	// One or more values are empty...
	die ('Please complete the registration form!');
}
// We need to check if the account with that username exists
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
	// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
	$stmt->bind_param('s', $_POST['username']);
	$stmt->execute(); 
	$stmt->store_result(); 
	// Store the result so we can check if the account exists in the database.
	if ($stmt->num_rows > 0) {
		// Username already exists
		echo 'Username exists, please choose another!';
	} else {
		// Username doesnt exists, insert new account
		if ($stmt = $con->prepare('INSERT INTO accounts (username, password, email) VALUES (?, ?, ?)')) {
			$stmt->bind_param('sss', $_POST['username'], password_hash($_POST['password'], PASSWORD_DEFAULT), $_POST['email']);
			$stmt->execute();
			echo 'You have successfully registered, you can now login!';
		} else {
			echo 'Could not prepare statement!';
		}
	}
	$stmt->close();
} else {
	echo 'Could not prepare statement!';
}
?>

That's basically all we need to do to register users on our website. The above code will check if the user has sent the form values, then we check if they are empty, and finally if the username doesn't exist we insert the new account into our database.


3. Validation

We already have basic validation in our PHP script but what if we want to check if the email is actually an email or if the usernames and passwords should be a certain amount of characters long, you can do that with the codes below, just add them in the register.php file.


Email Validation:
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
	die ('Email is not valid!');
}

Invalid Characters Validation:
if (preg_match('^[0-9A-Za-z_]+$', $_POST['username']) == 0) {
    die ('Username is not valid!');
}

Character Length Check:
if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
	die ('Password must be between 5 and 20 characters long.');
}


Conclusion

You should now have a basic understanding of how a registration system works in PHP and MySQL, feel free to use the codes above and alter them for your own projects. If you would like more of this tutorial series feel free to drop a comment and suggest to us what we could do next.