[PHP] Registration system with email verifying in PHP

In this tutorial I will show how to write a sign up form with email verification or confirmation in php. If your website use a registration form, you need to use email verification to reduce the spam and to make sure the email supplied belongs to that member.

In this tutorial I create a 7 file like below.

1. index.php - I write a registration form in this file.
2. configdb.php - to connect the database.
3. register.php - In this file, we will do form validation, saving user data to database and sending email to user for confirmation.
4. confirm.php - In this file, we will set the confirmation code to null if the user click the link from his email.
5. login.php - In this file, we will test whether the email and password is correct and confirmation code is null.
6. member.php - In this file, we will test whether the member is or not.
7. logout.php - In this file, we will unset the user session data.
Creating database tableWe need to create a user table before writing our script. Import following SQL statement via phpMyAdmin or any other MySQL tool.

CREATE TABLE `user` ( `id` INT( 50 ) NOT NULL AUTO_INCREMENT , `username` VARCHAR( 50 ) NOT NULL , `email` VARCHAR( 100 ) NOT NULL , `password` VARCHAR( 20 ) NOT NULL , `com_code` VARCHAR( 255 ) default NULL, PRIMARY KEY ( `id` ) ) ENGINE = InnoDB 

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Sing Up</title> <style> label{ width:100px; float:left; } </style> </head> <body> <?php session_start(); if(isset($_SESSION['error'])) { echo '<p>'.$_SESSION['error']['username'].'</p>'; echo '<p>'.$_SESSION['error']['email'].'</p>'; echo '<p>'.$_SESSION['error']['password'].'</p>'; unset($_SESSION['error']); } ?> <div class="signup_form"> <form action="register.php" method="post" > <p> <label for="username">User Name:</label> <input name="username" type="text" id="username" size="30"/> </p> <p> <label for="email">E-mail:</label> <input name="email" type="text" id="email" size="30"/> </p> <p> <label for="password">Password:</label> <input name="password" type="password" id="password" size="30 "/> </p> <p> <input name="submit" type="submit" value="Submit"/> </p> </form> </div> <p><a href="login.php">Login</a></p> </body> </html> 

We use the PHP $_SESSIONvariable to show the form validation error that set in the register.php.
configdb.php

<?php $mysqli=mysqli_connect('localhost','dbusername','dbpassword','databasename') or die("Database Error"); ?> 

register.phpI divide this file into two parts to be clear when we discuss. In the first part, you will see the form validation.

<?php session_start(); include('configdb.php'); if(isset($_POST['submit'])) { //whether the username is blank if($_POST['username'] == '') { $_SESSION['error']['username'] = "User Name is required."; } //whether the email is blank if($_POST['email'] == '') { $_SESSION['error']['email'] = "E-mail is required."; } else { //whether the email format is correct if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9._-]+)+$/", $_POST['email'])) { //if it has the correct format whether the email has already exist $email= $_POST['email']; $sql1 = "SELECT * FROM user WHERE email = '$email'"; $result1 = mysqli_query($mysqli,$sql1) or die(mysqli_error()); if (mysqli_num_rows($result1) > 0) { $_SESSION['error']['email'] = "This Email is already used."; } } else { //this error will set if the email format is not correct $_SESSION['error']['email'] = "Your email is not valid."; } } //whether the password is blank if($_POST['password'] == '') { $_SESSION['error']['password'] = "Password is required."; } 

Firstly, we test whether the user is blank. And then whether the email is blank; if not, we also test whether the email format is correct. If the email format is correct, we will test whether this email has already exist. And then we will test whether the password is blank.

 //if the error exist, we will go to registration form if(isset($_SESSION['error'])) { header("Location: index.php"); exit; } else { $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password']; $com_code = md5(uniqid(rand())); $sql2 = "INSERT INTO user (username, email, password, com_code) VALUES ('$username', '$email', '$password', '$com_code')"; $result2 = mysqli_query($mysqli,$sql2) or die(mysqli_error()); if($result2) { $to = $email; $subject = "Confirmation from TutsforWeb to $username"; $header = "TutsforWeb: Confirmation from TutsforWeb"; $message = "Please click the link below to verify and activate your account. rn"; $message .= "http://www.yourname.com/confirm.php?passkey=$com_code"; $sentmail = mail($to,$subject,$message,$header); if($sentmail) { echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "Cannot send Confirmation link to your e-mail address"; } } } } ?> 

In this part, we will test whether the error exit; if not, we will add the user data to our database table and will send a mail for email verifying.
confirm.php

<?php include('configdb.php'); $passkey = $_GET['passkey']; $sql = "UPDATE user SET com_code=NULL WHERE com_code='$passkey'"; $result = mysqli_query($mysqli,$sql) or die(mysqli_error()); if($result) { echo '<div>Your account is now active. You may now <a href="login.php">Log in</a></div>'; } else { echo "Some error occur."; } ?> 

This file will active when your click the confirmation link from his/her email. It will update the com_code field from our database table by setting to null. Because when we write our login page, we will also test whether the com_code field is null.
login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> <style> label{ width:100px; float:left; } </style> </head> <body> <?php session_start(); include('configdb.php'); if(isset($_POST['submit'])) { $email = trim($_POST['email']); $password = trim($_POST['password']); $query = "SELECT * FROM user WHERE email='$email' AND password='$password' AND com_code IS NULL"; $result = mysqli_query($mysqli,$query)or die(mysqli_error()); $num_row = mysqli_num_rows($result); $row=mysqli_fetch_array($result); if( $num_row ==1 ) { $_SESSION['user_name']=$row['username']; header("Location: member.php"); exit; } else { echo 'false'; } } ?> <div class="login_form"> <form action="login.php" method="post" > <p> <label for="email">E-mail:</label> <input name="email" type="text" id="email" size="30"/> </p> <p> <label for="password">Password:</label> <input name="password" type="password" id="password" size="30"/> </p> <p> <input name="submit" type="submit" value="Submit"/> </p> </form> </div> </body> </html> 

If the form have been submitted, we will retrieve the data that is equal to the data supplied by user and com_code must also be null. If it is true, we will set the session variable.
member.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member page</title> </head> <body> <?php session_start(); if($_SESSION['user_name'] == '') { header("Location: index.php"); exit; } echo "Hi ".$_SESSION['user_name']; ?> <a href="logout.php">Logout</a> </body> </html> 

If the user has already logged in, our session variable will not be blank. If it is blank we will go back to index.php or registration form.
logout.php

<?php session_start(); unset($_SESSION['user_name']); header('Location: index.php'); ?> 

Download Source Code

Posted by Unknown