1. Database Configuration (config.php)
<?php
// Database credentials
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'your_database_name');
// Connect to the database
$conection_db = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
// Check the connection
if($conection_db === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>
2. Login Page (login.php)
<?php
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$email = $password = "";
$email_err = $password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Check if email is empty
if (empty(trim($_POST["email"]))) {
$email_err = "Please enter email.";
} else {
$email = trim($_POST["email"]);
}
// Check if password is empty
if (empty(trim($_POST["password"]))) {
$password_err = "Please enter your password.";
} else {
$password = trim($_POST["password"]);
}
// Validate credentials
if (empty($email_err) && empty($password_err)) {
// Prepare a select statement
$sql = "SELECT id, email, password FROM users WHERE email = ?";
if ($stmt = mysqli_prepare($conection_db, $sql)) {
// Bind variables to the prepared statement
mysqli_stmt_bind_param($stmt, "s", $param_email);
// Set parameters
$param_email = $email;
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if email exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $email, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["email"] = $email;
// Redirect user to welcome page
header("location: welcome.php");
} else {
// Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else {
// Display an error message if email doesn't exist
$email_err = "No account found with that email.";
}
} else {
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($conection_db);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h2>Login</h2>
<form action="<?= htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group">
<label>Email</label>
<input type="email" name="email" class="form-control" value="<?= $email; ?>">
<span class="help-block"><?= $email_err; ?></span>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?= $password_err; ?></span>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Login</button>
</div>
</form>
</div>
</body>
</html>
3. Welcome Page (welcome.php)
<?php
// Initialize the session
session_start();
// Check if the user is logged in, if not then redirect him to login page
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
header("location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Welcome</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>Welcome, <?= $_SESSION["email"]; ?>!</h1>
<p>Welcome to the admin dashboard.</p>
<a href="reset-password.php" class="btn btn-warning">Reset Password</a>
<a href="logout.php" class="btn btn-danger">Logout</a>
</div>
</body>
</html>
4. Logout Page (logout.php)
<?php
// Initialize the session
session_start();
// Unset all session variables
$_SESSION = array();
// Destroy the session
session_destroy();
// Redirect to login page
header("location: login.php");
exit;
?>
5. Password Reset (reset-password.php)
<?php
// Include config file
require_once "config.php";
// Initialize variables
$new_password = $confirm_password = "";
$new_password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Validate new password
if (empty(trim($_POST["new_password"]))) {
$new_password_err = "Please enter the new password.";
} elseif (strlen(trim($_POST["new_password"])) < 6) {
$new_password_err = "Password must have at least 6 characters.";
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
$confirm_password_err = "Please confirm the password.";
} else {
$confirm_password = trim($_POST["confirm_password"]);
if (empty($new_password_err) && ($new_password != $confirm_password)) {
$confirm_password_err = "Password did not match.";
}
}
// Check input errors before updating the database
if (empty($new_password_err) && empty($confirm_password_err)) {
// Prepare an update statement
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conection_db, $sql)) {
// Bind variables to the prepared statement
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Set parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $_SESSION["id"];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Password updated successfully, destroy the session, and redirect to login page
session_destroy();
header("location: login.php");
exit();
} else {
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($conection_db);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Reset Password</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h2>Reset Password</h2>
<form action="<?= htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?= (!empty($new_password_err)) ? 'has-error' : ''; ?>">
<label>New Password</label>
<input type="password" name="new_password" class="form-control" value="<?= $new_password; ?>">
<span class="help-block"><?= $new_password_err; ?></span>
</div>
<div class="form-group <?= (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control" value="<?= $confirm_password; ?>">
<span class="help-block"><?= $confirm_password_err; ?></span>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Reset Password</button>
</div>
</form>
<a href="welcome.php">Cancel</a>
</div>
</body>
</html>
Notes:
-
The login system is now fully structured and includes email/password validation, password hashing, and session management.
-
The password reset functionality securely updates the user's password and logs them out after the reset.
-
Make sure to replace
your_database_namein theconfig.phpfile with your actual database name.
