Mfumo wa User Registration ni msingi wa user management kwenye website yoyote.
Kwa mfano: forums, e-commerce, au school system.
Makala hii itakuonyesha hatua kwa hatua:
Kuunda database na table.
Kutengeneza registration form.
Kutumia PDO na prepared statements kwa usalama.
Kuhifadhi password kwa hashing.
βοΈ 2. Kuandaa Database
Kwanza, unda database na table ya users:
CREATE DATABASE user_system;
USE user_system;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
π‘ Maelezo:
UNIQUE inahakikisha hakuna watumiaji wenye email au username sawa.
password inahifadhi hash, si password wazi.
𧩠3. Faili la Database Connection (config.php)
<?php
$dsn = "mysql:host=localhost;dbname=user_system;charset=utf8mb4";
$username = "root";
$password = "";
try {
$pdo = new PDO($dsn, $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("β Connection failed: " . $e->getMessage());
}
?>
β 4. User Registration Form (register.php)
<?php include 'config.php'; ?>
<h2>π User Registration</h2>
<form method="POST">
<input type="text" name="username" placeholder="Enter username" required><br><br>
<input type="email" name="email" placeholder="Enter email" required><br><br>
<input type="password" name="password" placeholder="Enter password" required><br><br>
<button type="submit">Register</button>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Sanitize input
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
// Hash password
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
// Check if username or email already exists
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username OR email = :email");
$stmt->execute(['username' => $username, 'email' => $email]);
if ($stmt->rowCount() > 0) {
echo "<p style='color:red;'>β Username or email already exists!</p>";
} else {
// Insert new user
$stmt = $pdo->prepare("INSERT INTO users (username, email, password) VALUES (:username, :email, :password)");
$stmt->execute([
'username' => $username,
'email' => $email,
'password' => $passwordHash
]);
echo "<p style='color:green;'>β
Registration successful! You can now <a href='login.php'>login</a>.</p>";
}
}
?>
π 5. Usalama Muhimu
Password Hashing:
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
Hii inafanya password kuwa salama kwenye database.
Usihifadhi password wazi (plaintext).
Prepared Statements:
Zinazuia SQL Injection.
Validation & Sanitization:
trim() kuondoa whitespace zisizo na maana.
filter_var($email, FILTER_VALIDATE_EMAIL) unaweza kuongeza validation.
π 6. Login System (kwa ufupisho)
Baada ya registration, unaweza kuunda login.php:
<?php
include 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email']);
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
session_start();
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
echo "β
Login successful! Welcome, " . $user['username'];
} else {
echo "β Invalid email or password!";
}
}
?>
<form method="POST">
<input type="email" name="email" placeholder="Enter email" required><br><br>
<input type="password" name="password" placeholder="Enter password" required><br><br>
<button type="submit">Login</button>
</form>
π§ 7. Vidokezo vya Kuongeza Security
Tumia HTTPS kwa forms.
Ongeza CSRF tokens kwa forms.
Limita idadi ya majaribio ya login ili kuzuia brute-force.
Tumia session management salama (session_regenerate_id(true)).
β
8. Hitimisho
Kwa hatua hizi:
Umeunda User Registration system salama.
Users wanaweza kujiandikisha na data yao kuhifadhiwa salama kwa password hashing.
PDO na prepared statements zinahakikisha usalama dhidi ya SQL Injection.
π Tembelea:
π https://www.faulink.com/
Kwa mafunzo zaidi ya PHP, MySQL, na web development ya kisasa.