Salah satu fitur penting dalam aplikasi web adalah sistem register dan login. Namun, sistem login modern tidak cukup hanya mencocokkan username dan password — kita juga perlu menambahkan validasi, keamanan password, dan pemisahan hak akses (role) antara Admin dan User.
Dalam tutorial ini, kita akan membangun sistem:
✅ Register (dengan validasi input dan hashing password)
✅ Login (dengan validasi dan session)
✅ Redirect otomatis berdasarkan role (Admin/User)
✅ Logout aman
Semua menggunakan PHP MySQLi (OOP) dan Bootstrap 5 agar tampil rapi.
Struktur Database
Buat tabel users:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(100) NOT NULL UNIQUE,
email VARCHAR(150) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role ENUM('admin', 'user') DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
File Koneksi Database (config.php)
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "login_system";
$conn = new mysqli($host, $user, $pass, $db);
if ($conn->connect_error) {
die("Koneksi gagal: " . $conn->connect_error);
}
?>
Membuat Halaman Register (register.php)
a. Form Register
<form action="register.php" method="POST"> <h2>Register</h2> <input type="text" name="username" placeholder="Username" required> <input type="email" name="email" placeholder="Email" required> <input type="password" name="password" placeholder="Password" required> <input type="password" name="confirm_password" placeholder="Konfirmasi Password" required> <button type="submit" name="register">Daftar</button> </form>
b. Proses Register
<?php
include 'config.php';
if (isset($_POST['register'])) {
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
$confirm = $_POST['confirm_password'];
// Validasi dasar
if (empty($username) || empty($email) || empty($password)) {
echo "<script>alert('Semua field wajib diisi!');</script>";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<script>alert('Format email tidak valid!');</script>";
} elseif ($password !== $confirm) {
echo "<script>alert('Konfirmasi password tidak cocok!');</script>";
} else {
// Cek apakah username/email sudah digunakan
$check = $conn->prepare("SELECT * FROM users WHERE username=? OR email=?");
$check->bind_param("ss", $username, $email);
$check->execute();
$result = $check->get_result();
if ($result->num_rows > 0) {
echo "<script>alert('Username atau email sudah terdaftar!');</script>";
} else {
$hashed = password_hash($password, PASSWORD_DEFAULT);
$role = 'user'; // default user biasa
$stmt = $conn->prepare("INSERT INTO users (username, email, password, role) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $username, $email, $hashed, $role);
$stmt->execute();
echo "<script>alert('Pendaftaran berhasil! Silakan login.'); window.location='login.php';</script>";
}
}
}
?>
Halaman Login (login.php)
a. Form Login
<form action="login.php" method="POST"> <h2>Login</h2> <input type="text" name="username" placeholder="Username" required> <input type="password" name="password" placeholder="Password" required> <button type="submit" name="login">Masuk</button> </form>
b. Proses Login
<?php
session_start();
include 'config.php';
if (isset($_POST['login'])) {
$username = trim($_POST['username']);
$password = $_POST['password'];
$stmt = $conn->prepare("SELECT * FROM users WHERE username=? OR email=?");
$stmt->bind_param("ss", $username, $username);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
// Redirect sesuai role
if ($user['role'] === 'admin') {
header("Location: admin/dashboard.php");
} else {
header("Location: user/dashboard.php");
}
exit();
} else {
echo "<script>alert('Username atau password salah!');</script>";
}
}
?>
Membuat Dashboard Berdasarkan Role
a. Folder Struktur
/admin/dashboard.php /user/dashboard.php /config.php /login.php /register.php /logout.php
b. Dashboard Admin
<?php
session_start();
if ($_SESSION['role'] !== 'admin') {
header("Location: ../login.php");
exit();
}
?>
<h2>Halo Admin, <?= $_SESSION['username']; ?> </h2>
<a href="../logout.php">Logout</a>
c. Dashboard User
<?php
session_start();
if ($_SESSION['role'] !== 'user') {
header("Location: ../login.php");
exit();
}
?>
<h2>Selamat datang, <?= $_SESSION['username']; ?> </h2>
<a href="../logout.php">Logout</a>
Logout (logout.php)
<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php?logout=1");
exit();
?>
Tips Keamanan Tambahan
-
Gunakan
password_hash()danpassword_verify()untuk enkripsi password. -
Selalu gunakan prepared statements untuk mencegah SQL Injection.
-
Regenerasi session ID setelah login (
session_regenerate_id(true)). -
Gunakan HTTPS untuk transmisi data sensitif.
-
Jangan simpan password mentah di database.
Hasil Akhir dan Alur Sistem
Alur sistem login dengan role:
-
Pengguna mendaftar → data tersimpan di tabel
users. -
Saat login → sistem validasi input & password.
-
Setelah sukses → session dibuat & redirect sesuai role.
-
Admin → ke dashboard admin.
User → ke dashboard user. -
Logout → hapus session & kembali ke login.
Kesimpulan
Sistem Register dan Login dengan Role Admin/User di PHP MySQL adalah dasar dari hampir semua aplikasi web modern.
Dengan menambahkan:
-
Validasi input,
-
Password hashing,
-
Session management, dan
-
Redirect berdasarkan role,
Anda sudah memiliki fondasi autentikasi yang aman dan profesional.
Langkah selanjutnya, Anda bisa menambahkan fitur:
✅ Remember Me
✅ Reset Password via Email
✅ Role Management Dinamis