PHP Login Script

Created: July 25, 2013
Last Modified: July 15, 2019
Subscribe to Internet Tips and Tools Feed



  • Complete PHP and MySQL Login Script with Register and stay logged in cookie
  • Auto activate account or choose to do email verification
  • If you have header.php and footer.php then login.php, register.php and activate.php will display these.
  • Passwords are secured with SHA1 encryption and salt
  1. dlc_b


    Downloaded 0 times.
    Please make a donation to reveal the download link.
  2. Open settings.php and edit the following variables:

    	$title = "Sea Breeze Login Script"; // Title of your website
    	$logo = "sea2.gif"; // Used as the logo in emails and on some pages
    	$folder = "images/"; // the images folder (including logo)
    	$email_activation = 1; // 1 = yes; 0 = no email activation.  Just activate and log them in immediately
    	$from_email = "Your Name <>"; // $from_email is only used if $email_activation is set to 1
    	$notify_email = ""; // Enter your email if you wish to be notified every time a user logs in
    	$db_username="abc_user"; // Name of your sql database user
    	$db_pw="password"; // password for your sql database
    	$server="localhost"; // Usually keep this as local host
    	$database="abc_login"; // The sql database you created
    	/* Salt is text that is added to passwords so that it is more difficult to decrypt them.
    	  Change salt to any random text and numbers and make sure no one else knows it */
    	$salt = "random123"; 

    The file settings.php is called by every other file included with this script. It will automatically create a table called users in the mysql database.

  3. Add the following code to the very top of your index page and every other page that will be interacting with the user:

    	<?PHP session_start(); 
    	$_SESSION['return_page'] = $_SERVER['REQUEST_URI'];	
  4. To add a login button to your index page and to have your page display when the user is logged in with a logout button then add the following code to your header or menu section:

    	if (isset($_SESSION['user_id']))
    		echo "<font color='green'>Logged in as ".$_SESSION['display_name']."</font>".
    				' - <a href="logout.php">Logout</a>';
    		echo '<a href="login.php">Login</a>';

    Note: login.php includes a link to register for a new account. The very first user to register is created as an administrator and the rest are created as users. So make sure that you are the first user to register.

  5. After a user logs in you will have the following PHP session variables as set in log.php available to your web pages:
    $_SESSION['last_login'] = SQL DATETIME of users last login
    $_SESSION['last_activity'] = SQL DATETIME of users last activity
    $_SESSION['user_id'] = Users id (Row in users table)
    $_SESSION['email'] = Users email address
    $_SESSION['display_name'] = Users display name
    $_SESSION['type'] = User type (User, Moderator or Administrator)
    $_SESSION['timezone'] = Timezone of user as set by javascript


10/10/2014 - ver 1.0d - Previously the stay logged in cookie was created using salt and email address. With that method a hacker that stole the database and the salt would then be able to instantly login as any user by creating fake cookies. Changed to store a version of the password that is stored in new 'cookie' column in MySql.

10/03/2014 - ver 1.0c - Changed $_SESSION['refer'] to $_SESSION['referer'] in log.php

07/28/2013 - ver 1.0b - Fixed security bug in cookie.php

07/26/2013 - ver 1.0 - Created PHP Login Script and realsed to public

Back to
Subscribe to Internet Tips and Tools Feed        

User Comments

There are 11 comments.

Displaying first 50 comments.

1. Posted By: Simone - - March 15, 2014, 7:39 am
It's actually very difficult in this full of activity life to listen news on Television, thus I only use internet for that purpose, and get the most up-to-date news.

2. Posted By: Jen Gettler - - March 29, 2014, 2:35 am
No database file in zip so no good unless someone goes threw the files and works it out for them selves.... unless I'm missing something?!

3. Posted By: Jeff - - March 31, 2014, 12:34 pm

The very bottom of settings.php starting at line 109 builds the users table if it does not exist. Every other php file includes settings.php at the top. So the first time any file is run on the server the users table is created.


4. Posted By: Camile - - November 12, 2014, 7:36 am
How is it that when I'm trying to log on, it's not showing that i'm logged in and going back to my main page, where the button "login is " ?

5. Posted By: Jeff - - November 13, 2014, 12:41 pm
Hello Camile,

In order for the login button to change to logout and say that you are logged in you must put the following code at the very top of your page before <!DOCTYPE html>:

<?PHP session_start();

Then the login button code should look something like this:

if (isset($_SESSION['user_id']))
echo "<font color='green'>Logged in as ".$_SESSION['display_name']."</font>".
' - <a href="logout.php">Logout</a>';
echo '<a href="login.php">Login</a>';

Most pages usually return to the main page after login but with some extra stuff that can be done with a logged in user. If you would rather go to a different page after login then edit line 82 of log.php and change $location to go to a different page. Or change $_SESSION['return_page'] in the code above to go to a different page.


6. Posted By: Tim - - January 2, 2019, 12:55 pm
Hi Jeff,

Can this script be used in multiple instances?

i.e. to give individual articles/pages unique ratings than the site as a whole?

Cheers, Tim

7. Posted By: Jeff - - January 2, 2019, 5:10 pm
Hi Tim,

Yes, the rating script can be used for multiple ratings. If it is not modified then it uses the currect url (web address) to keep track of the rating for that page.


8. Posted By: mark - - May 6, 2019, 6:23 am
there was not a file to include 'file_with_errors.php' in the include login.php

9. Posted By: Jeff - - May 6, 2019, 10:00 am
Hi Mark,

I'm not sure what you mean. There is no file called 'file_with_errors.php'. If you are getting a blank page and you need to see the errors and your server is not set to display errors in php.ini then you can look at the file called error_log inside the same folder as the script or you can put this at the top of login.php right at line 9:

error_reporting(E_ALL); ini_set("display_errors", 1);


10. Posted By: mark - - May 6, 2019, 12:57 pm
hi mark thanks for getting back t me
On the settings there is an include : @include('realsettings.php')which was not available with files
2 session httpm refrerre was not recognise - gives the error : Notice: Undefined index: HTTP_REFERER

11. Posted By: Jeff - - May 6, 2019, 2:22 pm
Hi Mark,

The login script is kind of old and has not been updated to use mysqli. So you may not want to use it. But since those are "Notice" errors they should not cause a problem. But you can remove them if you want. You can remove the @include('realsettings.php'). Or you can create a realsettings.php to put your real settings into if you want to put fake settings in settings.php.

You can remove the Notice: Undefined index: HTTP_REFERER by changing lines 18-23 of login.php to:

if(isset($_SERVER['HTTP_REFERER'])) // Version 1.0e
if (empty($_SESSION['referer']) || !isset($_SESSION['referer']))
// Where did the user press login
if(isset($_SERVER['HTTP_REFERER'])) // Version 1.0e
if (empty($_SESSION['return_page']) || !isset($_SESSION['return_page']))