Website Builder – Part 4: Authentication & Admin Panel

In Part 3, we learned how to build dynamic websites using PHP and MySQL. In this part, we will add authentication and an admin panel, which are essential for managing content securely in real-world websites.

1. What Is Authentication?

Authentication is the process of verifying a user’s identity. In websites, authentication is usually done using:

• Username or email
• Password
• Session management

Admin panels rely on authentication to ensure that only authorized users can manage content.

2. Database Structure for Users

First, we need a database table to store admin users.

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(100) UNIQUE,
    password VARCHAR(255),
    role ENUM('admin','editor') DEFAULT 'admin',
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);

Passwords should never be stored as plain text.

3. Password Hashing (Very Important)

PHP provides built-in functions for secure password handling.

Hash password before storing:

$hashedPassword = password_hash($password, PASSWORD_DEFAULT);

Verify password during login:

if (password_verify($password, $row['password'])) {
    // login success
}

This protects users even if the database is compromised.

4. Creating the Login Form

A basic login form collects username and password.

<form method="post">
    <input type="text" name="username" placeholder="Username" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Login</button>
</form>

5. Login Processing Logic

When the form is submitted, PHP checks credentials.

<?php
session_start();

$stmt = $conn->prepare(
    "SELECT id, password FROM users WHERE username=?"
);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();

if ($row = $result->fetch_assoc()) {
    if (password_verify($password, $row['password'])) {
        $_SESSION['admin_id'] = $row['id'];
    }
}
?>

Sessions keep the user logged in across pages.

6. Protecting Admin Pages

Admin pages must be accessible only after login.

<?php
session_start();
if (!isset($_SESSION['admin_id'])) {
    header("Location: login.php");
    exit;
}
?>

This check should be added at the top of every admin file.

7. Building the Admin Panel

The admin panel allows managing content such as:

• Adding blog posts
• Editing content
• Deleting records

Example admin dashboard structure:

/admin
 ├─ login.php
 ├─ dashboard.php
 ├─ add-post.php
 ├─ edit-post.php
 └─ logout.php

8. Logout Functionality

Logging out destroys the session securely.

<?php
session_start();
session_destroy();
header("Location: login.php");
exit;
?>

9. Basic Admin Security Practices

• Use strong passwords
• Limit login attempts
• Restrict admin folder access
• Hide error messages on live server

Never expose admin URLs publicly without protection.

10. Recommended Folder Structure

/website
 ├─ admin
 │   ├─ login.php
 │   ├─ dashboard.php
 │   └─ logout.php
 ├─ includes
 │   ├─ config.php
 │   └─ auth.php
 ├─ blog
 └─ index.php

This structure keeps authentication logic separate and organized.

Conclusion

Authentication and admin panels are core components of dynamic websites. With proper password hashing, session management, and access control, you can securely manage content and users.

In the next part, we will cover SEO, performance optimization, and analytics to make your website production-ready.