A simple, but secure PHP login script in one file and a flat-file SQLite database. No installation needed, ready to go in under 60 seconds. Uses the ultra-modern & future-proof PHP 5.5. BLOWFISH hashing/salting functions (includes the official PHP 5.3 & PHP 5.4 compatibility pack, which makes those functions available in those versions too). Follow the project on Twitter, Facebook or Google+ and have a look on the official support blog Dev Metal. Ask questions in the Official Support Forum.
This script is part of the php-login project, a collection of 4 different login scripts. See php-login.net for more info.
- One-file version: Full login script in one file. Uses a one-file SQLite database (no MySQL needed) and PDO. Features: Register, login, logout. https://github.com/panique/php-login-one-file
- Minimal version All the basic functions in a clean file structure, uses MySQL and mysqli. Register, login, logout. https://github.com/panique/php-login-minimal
- Advanced version Similar to the minimal version, but full of features. Uses PDO, Captchas, mail sending via SMTP and much more. https://github.com/panique/php-login-advanced
- Professional version Everything comes with a professional MVC framework structure, perfect for building real applications. Additional features like: URL rewriting, professional usage of controllers and actions, PDO, MySQL, mail sending via PHPMailer (SMTP or PHP's mail() function/linux sendmail), user profile pages, public user profiles, gravatars and local avatars, account upgrade/downgrade etc., login via Facebook, Composer integration, etc. https://github.com/panique/php-login
Live demo here, live demo's phpinfo() here
- PHP 5.3.7+ (with PDO and SQLite extension activated)
Run the install script _install.php
in the _installation
folder which will create a users.db
file (the database).
That's it.
A very detailed guideline here in this blog post.
In the default setup the database - which is only a simple users.db file - can be downloaded directly.
To prevent this, change the path of your database file! A path that is not accessable by public is perfect.
The .htaccess in the project only works if you have set AllowOverride
to All
in your vhost / apache config.
The index.php
does all the action, please look into the code for more info, everything is commented. The install script
_install.php
creates a database (a file named users.db
) right into the root folder. The .htaccess
protects your
database file from being downloaded. The password_compatibility_library.php
is only loaded automatically when you
use a PHP version older than 5.5 to add the new PHP 5.5 password hashing functions to these older PHP versions.
The _debug.php
is a little helper tool, it simply echoes out the content of the database.
- How to install SQLite and Ubuntu and Debian
- How to use PDO
- A little guideline on how to use the PHP 5.5 password hashing functions and it's "library plugin" based PHP 5.3 & 5.4 implementation
Licensed under MIT. You can use this script for free for any private or commercial projects.
If you think this script is useful and saves you a lot of work, then think about supporting the project:
- Say Thanks via PayPal or GitTip or Flattr.
- Rent your next server at DigitalOcean, it's just $5.
- Contribute to this project. Feel free to improve this project with your skills.
Please commit only in develop branch). The master branch will always contain the stable version.
I'm available for freelance work, feel free to mail me if you like. The email address can be found easily.