PHP PDO Connection and Authentication(Registration, Login and Logout)
2 min readJun 1, 2020
Connection String:
Please add this to config.php
<?php
session_start();
// Define database
define('dbhost', 'localhost');
define('dbuser', 'root');
define('dbpass', '');
define('dbname', 'db_name');
// Connecting database
try {
$connect = new PDO("mysql:host=" . dbhost . "; dbname=" . dbname, dbuser, dbpass);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
echo $e->getMessage();
}
?>Registration:
<?php
require 'config.php';
if (isset($_POST['register'])) {
$errMsg = '';
// Get data from FROM
$parentname = $_POST['parentname'];
$mobileno = $_POST['mobileno'];
$password = $_POST['password'];
$email = $_POST['email'];
try {
$stmtuser = $connect->prepare('SELECT * FROM tbl_users WHERE user_mobile = :mobile');
$stmtuser->execute(array(':mobile' => $mobileno,));
$datauser = $stmtuser->fetch(PDO::FETCH_ASSOC);
//exit;
if (empty($datauser)) {
$stmt = $connect->prepare('INSERT INTO tbl_users (user_name, user_pass, user_mobile, user_email) VALUES (:user_name, :user_pass, :user_mobile, :user_email)');
$stmt->execute(array(':user_name' => $parentname, ':user_pass' => $password, ':user_mobile' => $mobileno, ':user_email' => $email,));
date_default_timezone_set('Etc/UTC');
$stmtuser = $connect->prepare('SELECT * FROM tbl_users WHERE user_mobile = :mobile');
$stmtuser->execute(array(':mobile' => $mobileno,));
$datauser = $stmtuser->fetch(PDO::FETCH_ASSOC);
$_SESSION['user_name'] = $datauser['user_name'];
$_SESSION['user_id'] = $datauser['id'];
$_SESSION['user_mobile'] = $datauser['user_mobile'];
$_SESSION['role'] = $datauser['role'];
$_SESSION['status'] = $datauser['status'];
echo '<script>window.location.replace("index.php")</script>';
exit;
} else {
$stmt = $connect->prepare('UPDATE tbl_users set user_name = :user_name, user_pass = :user_pass, user_email = :user_email where user_mobile = :user_mobile');
$stmt->execute(array(':user_name' => $parentname, ':user_pass' => $password, ':user_mobile' => $mobileno, ':user_email' => $email,));
$stmtuser = $connect->prepare('SELECT * FROM tbl_users WHERE user_mobile = :mobile');
$stmtuser->execute(array(':mobile' => $mobileno,));
$datauser = $stmtuser->fetch(PDO::FETCH_ASSOC);
$_SESSION['user_name'] = $datauser['user_name'];
$_SESSION['user_id'] = $datauser['id'];
$_SESSION['user_mobile'] = $datauser['user_mobile'];
$_SESSION['role'] = $datauser['role'];
$_SESSION['status'] = $datauser['status'];
echo '<script>window.location.replace("index.php")</script>';
exit;
}
}
catch(PDOException $e) {
echo $e->getMessage();
}
}
if (isset($_GET['action']) && $_GET['action'] == 'joined') {
$successMsg = 'Registration successful Now you can <a href="/">login</a>';
}
?>Login :
<?php
require 'config.php';
if (!empty($_SESSION['user_id'])) {
header('Location: index.php');
}
if (isset($_POST['login'])) {
$errMsg = '';
// Get data from FORM
$mobile = $_POST['mobile'];
$password = $_POST['password'];
if ($mobile == '') $errMsg = 'Enter mobile no';
if ($password == '') $errMsg = 'Enter password';
if ($errMsg == '') {
try {
$stmt = $connect->prepare('SELECT * FROM tbl_users WHERE user_mobile = :mobile && user_pass = :pass && otp_verification = :verification');
$stmt->execute(array(':mobile' => $mobile, ':pass' => $password, ':verification' => 1,));
$data = $stmt->fetch(PDO::FETCH_ASSOC);
if ($data == false) {
$errMsg = "User $mobile not found.";
} else {
if ($password == $data['user_pass']) {
$_SESSION['user_name'] = $data['user_name'];
$_SESSION['user_id'] = $data['id'];
$_SESSION['user_mobile'] = $data['user_mobile'];
$_SESSION['role'] = $data['role'];
$_SESSION['status'] = $data['status'];
header('Location: index.php');
exit;
} else {
$errMsg = 'Password not match.';
}
}
}
catch(PDOException $e) {
$errMsg = $e->getMessage();
}
} else {
$errMsg = 'Error in Logging In.';
}
}
?>Logout :
<?php
require 'config.php';
session_destroy();
header('Location: index.php');
?>