PHP MySQL Login System with Remember Me, Online Status, Forgot Password & User Profile

Howdy folks,
As I promised to you, I’m back with PHP MySQL Login System with Remember Me, Online Status, Forgot Password & User Profile option. This tutorial is much advanced than the previous one and it is a extension of that. If you are a beginner, then you should start reading with the previous article – PHP MySQL Login System – A Super Simple Tutorial
PHP MySQL Login System Advanced

Skills that you need for this Login System

Files That you need for this Login System


At first, run the query as below and create users table in your database. You can also download the users.sql file and import it via phpMyAdmin to create the same table.
mysql users table structure
MySQL users table structure in phpMyAdmin


Change the values with your server details as required.


Nothing fancy, two simple functions that works.
The logged_in() function checks for if a user logged in or not and returns true or false respectively.
The redirect_to() function take a URL as argument and redirects to that URL. You can also use simple header(“Location: $url”).


At the first of this file, it includes required PHP files and start the session at the beginning (line 2-4). Note that you must start the session before any output is made. Then we check if a user logged in, then he/she will be redirected to profile.php (line 5-7). After that we have a very simple HTML registration form which has Username, Password, First Name, Last Name and Email field. On the line 18, we’re checking for if the form has been submitted or not. If its not, then we’re showing the form to the new user – else on the line 31 we initiate a MySQLi connection and check if username and email exist otherwise we insert user input data to MySQL database (line 45-72). On a successful registration, we’re redirecting the user to login.php with a success message in the URL (line 66). Now register some users for testing.


Like the register.php first few lines are similar (line 1-8). After that we have a simple login form with Username, Password and Remember me field (line 18-26). On the line 28, we’re checking if the for has been submitted or not and If its submitted we process it further (line 29-63).
If the Remember me option is checked then we’ll set session cookie expiry time (lifetime) to one week+ from now (604800 seconds) using session_set_cookie_params() function. The session_regenerate_id() function is used to avoid session fixation (line 33-36).
Like before in register.php we instantiate a new MySQLi connection and check for username and password combination (line 45). Now if the username and password combination get matched then it’ll return one row – else zero. So, on the line 48, if returned number of row is not equal to one, then we’ll show an error to the user. Otherwise we’ll fetch the users data from database, register the session, authenticate the user and redirect him/her to profile.php.
We’ll talk about update status to online/offline later (line 56) on this article.


If someone forgot his/her username or password or both then we can take his/her email address, check our users database and if any account exists with that email address then we’ll send login credentials to his/her email address.
Beginning of this file is same as before and has a similar form with just one field – email address. We take input email address from the user and then initialize a MySQLi connection (line 26). After that we find the email address and if it exists then we’ll send it to the user via PHPMailer (line 46). If email doesn’t exists then we’ll simply show an error to the user.
Please see this article below to configure phpMmailer with your gmail account or own server.
PHPMailer Tutorial – How To Configure with Gmail Account


This profile.php is the place where a users data is visible. Here, profile.php is restricted and visible only to the logged in users. If there is no id specified in the URL then profile.php will show the user account owner’s profile itself. If a ID is specified in the URL like …/profile.php?id=10 then profile.php will show the user profile of user ID 10.
So, similar to the previous files – we’ve done file inclusion and started the session (line 1-5). Then we check if the use r is logged in or not, and if not – he/she will be redirected to login.php. Otherwise we’ll process further. On the line 19, we’re check if the id in the URL exists and if its not blank, then we’re assigning a variable $id with that value from URL. Else we’ll assign its value with user ID from session.
After that, we’re initializing a MySQLi connection and fetching the user WHERE id = that $id in the MySQL query (line 34). Now if MySQL returned number of rows = 1, then its a valid ID and if 0 – its not.
If the user ID is valid then we’ll calculate the user’s online status and echo the user profile data. Otherwise we’ll show an simple error message.
Calculating online status will be discussed later.


The main functionality of the logout.php is to unset and destroy the session and update user’s status to offline instantly. On the line 23, we’ve unset all session variables. On the line 25-27, we’ve destroyed the session cookie. Along with on the line 29, we’ve finally destroyed the session. We used three methods all together because its much risk free.
Update status to offline (line 13) will be discussed later on this article.


In this script.js file, we’re doing some very basic AJAX. We’re triggering a function called update_status whenever any click or keypress is made within the page. The function will send a GET request to update-status.php as-synchronously and update-status.php will do the job for us in background.


The main code of update-status.php will be executed if the user is found logged in. It will initiate a MySQLi connection and updates the user table’s status field with current timestamp value (line 16).

Setting online-offline status

To calculate whether a user is online or offline we’re using timestamp instead of using regular online-offline flag. Whenever a user logs in, his/her user status field will be updated with current timestamp value. Whenever a logged in user clicks anywhere in the page or press any key from keyboard, the JavaScript do an AJAX GET request which calls update-status.php. Now, on each click or keypress from keyboard on the page will call the update-status.php same number of times. On calling update-status.php, it will update the users status field with current timestamp value.
So, each click or keypress from keyboard on the page = status field updated with the timestamp when the click is made or keypress is done. When a user do not click on anything or keypress on the page for about 5*60 = 300 seconds, he/she will be treated as a offline user. Of course you can edit this value as you want.
In the login.php, its updating users status field with current timestamp. So, the user will be treated as online instantly (line 56).
In the logout.php, its updating users status field with current timestamp – 300 seconds. So, the user will be treated as offline instantly (line 17).

Thank you very much for your time.
If you’re facing any problem, please write it here, I’ll try to solve it.
If you like the article please like, share and comment.
Thank you!

Post a Comment