Home/ Questions/Q 3277128
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T19:20:11+00:00

I would like to make a simple user login/registration system using PHP and mysql.

  • 0

I would like to make a simple user login/registration system using PHP and mysql. I don’t need to get any information beyond what is necessary for the user to log in and out. I want to make sure that the system is secure.

The way that I currently understand how it should work is:

Registration

User enters their email address and password and confirmation password.

The PHP script makes sure the passwords match and that the email is a valid address and is not already in the database.

It hashes the password along with a random salt and stores the salt and resulting hashed password in the database. (Is php’s md5 function suitable for this? I am not quite sure how this part works.)

Store an email confirmation code in the database and send the given email address a link back to the website that contains that code for verification?

Login

User input their email address and password.

The server looks up the email in the database and retrieves the salt. Then hashes the salt with the password the user just provided to see if it matches the one in the database.

How do I make the session persist after login. With a PHP session? A cookie? What should get stored in the cookie for remembering the user between visits?

I basically would just like some verification that the process I am describing is an accurate and secure way of doing user registration/login. Also, what are some good tutorials with more information.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is php’s md5 function suitable for this?

    MD5 is no longer considered secure; consider using PHP’s newer built-in password hashing with the bcrypt algorithm which has variable computational complexity: PHP password_hash() and password_verify().

    How do I make the session persist after login. With a php session? A cookie? What should get stored in the cookie for remembering the user between visits?

    Ideally, you would use a PHP session to maintain state during a single visit, and if you would like to have a “remember my login” option, you would use a cookie that contains enough information to authenticate a returning user and restart a new session. There’s a good article from 2004 on best practices regarding login cookies here: Persistent Login Cookie Best Practice. You might also be interested in a more modern (2015) solution to securely implementing “remember me” checkboxes.

    Apart from these, I think whatever you have described is fine.

    • 0