Before you write a comment, please read this guide and our code of conduct.
55 replies
  1. ccornutt
    ccornutt says:

    I’d suggest that rather than just having a comment saying “password should be encrypted” you describe this process and show how to validate the password (I’d hope you mean “salt and hash the password” not really “encrypt).

    I could see a lot of people hard-coding the username and password into the script just copy and pasting your example and that’s teaching a very bad practice. Another option is just hashing the password with a salt and writing it to a text file – it’s not ideal, but it’s simpler than a database.

    If you’re looking for a good tool for password hashing, check out this project: (or, if you’re on PHP 5.5+ you can just use the password_hash() function natively).

    • Mike Dalisay
      Mike Dalisay says:

      Thanks for pointing that out, I agree with you, but I have a different perspective. If people are really going to create a production-ready login code, no doubt they will search and find out about what I said “password should be encrypted”. My goal in this post is to show people the simplest way to understand how a PHP login script usually works and give them a small start. Thanks again for your contribution to this post! I updated the post a bit.

  2. Guest
    Guest says:

    I downloaded the code and tried to run it on a WAMP server. When I do, and go to login.php I get an error that ‘loged_in’ is an undefined index. Same with ‘action’ when looking in the $_GET array. Is there something I’m missing? I’m new to PHP and web development and appreciate the posts here very much.

  3. Philip Allen
    Philip Allen says:

    I tried running this code on a WAMP server so that I could experiment with it myself. When I did I got errors saying that ‘logged_in’ and ‘action’ array indexes didn’t exist. Am I missing something that would have created those in the appropriate arrays?

    • Mike Dalisay
      Mike Dalisay says:

      Hi Philip, thanks for dropping by! You can check if the session or get variable was set and set it to another variable, like this:

      $logged_in = isset($_SESSION[‘logged_in’]) ? $_SESSION[‘logged_in’] : “”;

      and then use the $logged_in variable for the if statement.


      You can go to wamp > php > php settings

      and then uncheck either expose php, track errors, or display errors. i forgot which is which. please let us know if you tried.

      • Philip Allen
        Philip Allen says:

        Thanks, and sorry for the double post. I did find that your code does function fine and the errors are invisible to the user when display errors is turned off in the WAMP server. I will try your first option to check/initialize the session variables and see if that takes care of the problem.

  4. pat
    pat says:

    Thank you so much for the tip but I got error like this using exactly your files in my server:
    Warning: Cannot modify header information – headers already sent by (output started at /test/login.php:22) in /test/login.php on line 43

  5. sergio wolf
    sergio wolf says:

    Hi Mike, I want to congratulate you for your work, I really enjoyed it, but I could not get any link any item “8.6 User object create () method” a $ this-> function showError ($ stmt); you can post to me, thanks.

      • sergio wolf
        sergio wolf says:

        Sorry, I was not clear, I have not found a function $ this-> function showError ($ stmt) “in source code 8.6 User object create () method”, I’m still a beginner :). I wanted to know if you have her description.

      • Free Thinker
        Free Thinker says:

        I’m having same problem.
        Fatal error: Uncaught Error: Call to undefined method User::showError() in /Library/WebServer/Documents/php_login_system/objects/user.php:126 Stack trace: #0 /Library/WebServer/Documents/php_login_system/register.php(56): User->create() #1 {main} thrown in /Library/WebServer/Documents/php_login_system/objects/user.php on line 126

        user.php on line 126 – $this->showError($stmt);

  6. Abid Siddique
    Abid Siddique says:

    Yes, no doubt this script is wonderful, thanks for sharing it.

    I am facing *ERROR: Access code not found.* issue

    Am i missing something ??

  7. Jalal Maqableh
    Jalal Maqableh says:

    Hi Mike, First, I would like to thank you for this great tutorial, I learned a lot since I’m from the old programming generation. The way you explain this work help people understand what is going on in each step. I did the whole coding including sections 12 & 13. There is only one thing I want to share with you about point (12.1 Add forgot password link), the following code kept giving me error till I added “echo” for each line of code.

    Forgot password?

    Thank you very much

    • Mike Dalisay
      Mike Dalisay says:

      Hi @JalalMaq:disqus, you’re welcome and thanks for the kind words! I’m glad our tutorial has helped you. I updated section 12.1 with your suggestion, thank you for pointing this out! I’m sure this will help other students of our site. :)

  8. Nathan Francoeur Savoie
    Nathan Francoeur Savoie says:

    Really clear and easy to follow !
    I will just modified the following line in .htaccess file for : Options +Multiviews
    I have replaced the minus sign by the plus sign in order to make this work without the extension .php
    Thanks again :)

    • Zaem Shakkir
      Zaem Shakkir says:

      I follow all ur steps , but when it comes to verify email , i got the email from the server , and it goes to spam msg , when i click the link given to verify email , its dont work

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.