Simple PHP user register and login class

Featuring PHP OOP design with injection safe PDO MySQL queries, this easy to read class for a user registration, login and logout system serves as a backbone to any user/account protected system.

There is no frontend design or framework included, purely core backend code and a login, register and account page plain example.

When account activation by email is enabled PHPMailer is used to send the email, THe SMTP configuration for this must be filled out in the configAndConnect class.

If an IP address gets 4 login attempts wrong in a 10 minute period they will be exempt for logging in for the next 10 minutes. If they continue trying the 10 minutes just keeps getting refreshed, they simply must stop trying for 10 minutes to get another 4 attempts. The allowed wrong attempts number can be changed.

Login and registration form comes with a honeypot for bots, meaning when a hidden form is filled in that submission becomes invalid. These forms also cannot be viewed if logged in.

The classes are broken down as:

  • Config and connection details.
  • Registration and activation handler.
  • Login attempt handler.
  • Session handler (is logged in?, log out).
  • Account details (For account page and personalization).

GitHub link

Class link

Simply protecting a page that only a logged in user can view is done with 2 lines:

$session = new sessionManage();
$session->checkIsLoggedIn(true, '' . configAndConnect::URL . 'login/');

If the page user is not logged in they will be redirected to the login page else code execution continues down the page.