I’ve created a complete real-world PHP OOP Login System API project in the canvas 👉
What this project includes:
- ✅ OOP structure (Database + User class)
- ✅ Secure password hashing (
password_hash) - ✅ Login with
password_verify - ✅ REST API (register & login)
- ✅ JSON responses (ready for frontend / mobile app)
- ✅ PDO (secure DB handling)
🚀 How to use this project:
1. Create Database
- Create DB:
test_db - Run the SQL (already included at bottom of code)
2. Run API
Put file in:
htdocs/login-api/index.php
3. Test API (Postman / JS)
🔹 Register API
POST http://localhost/login-api/index.php?action=registerBody (JSON):
{
"name": "Aditya",
"email": "test@gmail.com",
"password": "123456"
}🔹 Login API
POST http://localhost/login-api/index.php?action=loginBody:
{
"email": "test@gmail.com",
"password": "123456"
}<?php
// ===============================
// DATABASE CONNECTION (PDO)
// ===============================
class Database {
private $host = "localhost";
private $db_name = "test_db";
private $username = "root";
private $password = "";
public $conn;
public function connect() {
$this->conn = null;
try {
$this->conn = new PDO(
"mysql:host={$this->host};dbname={$this->db_name}",
$this->username,
$this->password
);
$this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo "Connection Error: " . $e->getMessage();
}
return $this->conn;
}
}
// ===============================
// USER CLASS (OOP)
// ===============================
class User {
private $conn;
private $table = "users";
public $id;
public $name;
public $email;
public $password;
public function __construct($db) {
$this->conn = $db;
}
// REGISTER USER
public function register() {
$query = "INSERT INTO {$this->table} (name, email, password) VALUES (:name, :email, :password)";
$stmt = $this->conn->prepare($query);
$this->password = password_hash($this->password, PASSWORD_DEFAULT);
$stmt->bindParam(':name', $this->name);
$stmt->bindParam(':email', $this->email);
$stmt->bindParam(':password', $this->password);
return $stmt->execute();
}
// LOGIN USER
public function login() {
$query = "SELECT * FROM {$this->table} WHERE email = :email LIMIT 1";
$stmt = $this->conn->prepare($query);
$stmt->bindParam(':email', $this->email);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row && password_verify($this->password, $row['password'])) {
return $row;
}
return false;
}
}
// ===============================
// API HANDLER
// ===============================
header("Content-Type: application/json");
$db = (new Database())->connect();
$user = new User($db);
$action = $_GET['action'] ?? '';
if($action === 'register') {
$data = json_decode(file_get_contents("php://input"));
$user->name = $data->name;
$user->email = $data->email;
$user->password = $data->password;
if($user->register()) {
echo json_encode(["status" => "success", "message" => "User registered"]);
} else {
echo json_encode(["status" => "error", "message" => "Registration failed"]);
}
}
if($action === 'login') {
$data = json_decode(file_get_contents("php://input"));
$user->email = $data->email;
$user->password = $data->password;
$result = $user->login();
if($result) {
echo json_encode(["status" => "success", "user" => $result]);
} else {
echo json_encode(["status" => "error", "message" => "Invalid credentials"]);
}
}
// ===============================
// SQL TABLE
// ===============================
/*
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100),
email VARCHAR(100) UNIQUE,
password VARCHAR(255)
);
*/
?>
