1. Hi @dennisandrian, would you tell us the error message you see on your console? Another solution is to remove the logout button from your drop down and put it in the navigation bar.

    1. I double and tripled checked it and it is named correctly, What I am wondering is if it may be a port issue, I had to switch the port to 8080 for Apache due to conflicts on port 80?

      1. I’m not sure about your local server settings. How about your database username and password? If you have a remote server, I suggest testing it there as well.

      2. Thanks for the help Mike, I actually went back through the database and realize are had wrong settings on it. Once I rebuilt the database it started working, thanks..

    1. I follow all ur steps , but when it comes to verify email , i got the email from the server , and it goes to spam msg , when i click the link given to verify email , its dont work

      1. Hi @zaem_shakkir, which web hosting provider do you use? I suggest using a different email server when sending email. I recommend sendgrid.com or postmarkapp.com so that it won’t go to spam folder.

  2. Really clear and easy to follow !
    I will just modified the following line in .htaccess file for : Options +Multiviews
    I have replaced the minus sign by the plus sign in order to make this work without the extension .php
    Thanks again :)

  3. Hi Mike, First, I would like to thank you for this great tutorial, I learned a lot since I’m from the old programming generation. The way you explain this work help people understand what is going on in each step. I did the whole coding including sections 12 & 13. There is only one thing I want to share with you about point (12.1 Add forgot password link), the following code kept giving me error till I added “echo” for each line of code.

    Forgot password?

    Thank you very much

    1. Hi @JalalMaq, you’re welcome and thanks for the kind words! I’m glad our tutorial has helped you. I updated section 12.1 with your suggestion, thank you for pointing this out! I’m sure this will help other students of our site. :)

  4. Yes, no doubt this script is wonderful, thanks for sharing it.

    I am facing *ERROR: Access code not found.* issue

    Am i missing something ??

    1. Hi @disqus_v10UkPONq8, I’m unable to replicate the issue, it works on my end. Are you sure the access code is being saved on your database? Please check your PhpMyAdmin.

  5. Hi Mike, I want to congratulate you for your work, I really enjoyed it, but I could not get any link any item “8.6 User object create () method” a $ this-> function showError ($ stmt); you can post to me, thanks.

      1. Sorry, I was not clear, I have not found a function $ this-> function showError ($ stmt) “in source code 8.6 User object create () method”, I’m still a beginner :). I wanted to know if you have her description.

      2. I’m having same problem.
        Fatal error: Uncaught Error: Call to undefined method User::showError() in /Library/WebServer/Documents/php_login_system/objects/user.php:126 Stack trace: #0 /Library/WebServer/Documents/php_login_system/register.php(56): User->create() #1 {main} thrown in /Library/WebServer/Documents/php_login_system/objects/user.php on line 126

        user.php on line 126 – $this->showError($stmt);

      3. Hi @disqus_yWhVHNJCiR, thanks for your comment, I added the showError() method’s code on section 8.7 above. Let me know if that worked for you.

  6. Hi,

    thanks a lot for your work! I’m missing the part where the “updateStatusByAccessCode()” method is add to the ‘user’ object

      1. not at all. plz i want a help about shopping cart with session it doesn’t work for me :where placing 6.12 bloc of

        Make “add to cart” button work????

  7. Thank you so much for the tip but I got error like this using exactly your files in my server:
    Warning: Cannot modify header information – headers already sent by (output started at /test/login.php:22) in /test/login.php on line 43

  8. I tried running this code on a WAMP server so that I could experiment with it myself. When I did I got errors saying that ‘logged_in’ and ‘action’ array indexes didn’t exist. Am I missing something that would have created those in the appropriate arrays?

    1. Hi Philip, thanks for dropping by! You can check if the session or get variable was set and set it to another variable, like this:

      $logged_in = isset($_SESSION[‘logged_in’]) ? $_SESSION[‘logged_in’] : “”;

      and then use the $logged_in variable for the if statement.


      You can go to wamp > php > php settings

      and then uncheck either expose php, track errors, or display errors. i forgot which is which. please let us know if you tried.

      1. Thanks, and sorry for the double post. I did find that your code does function fine and the errors are invisible to the user when display errors is turned off in the WAMP server. I will try your first option to check/initialize the session variables and see if that takes care of the problem.

  9. I downloaded the code and tried to run it on a WAMP server. When I do, and go to login.php I get an error that ‘loged_in’ is an undefined index. Same with ‘action’ when looking in the $_GET array. Is there something I’m missing? I’m new to PHP and web development and appreciate the posts here very much.

  10. I’d suggest that rather than just having a comment saying “password should be encrypted” you describe this process and show how to validate the password (I’d hope you mean “salt and hash the password” not really “encrypt).

    I could see a lot of people hard-coding the username and password into the script just copy and pasting your example and that’s teaching a very bad practice. Another option is just hashing the password with a salt and writing it to a text file – it’s not ideal, but it’s simpler than a database.

    If you’re looking for a good tool for password hashing, check out this project: https://github.com/ircmaxell/password_compat (or, if you’re on PHP 5.5+ you can just use the password_hash() function natively).

    1. Thanks for pointing that out, I agree with you, but I have a different perspective. If people are really going to create a production-ready login code, no doubt they will search and find out about what I said “password should be encrypted”. My goal in this post is to show people the simplest way to understand how a PHP login script usually works and give them a small start. Thanks again for your contribution to this post! I updated the post a bit.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top