Building a Secure Login & Registration System in Symfony (Beginner-Friendly Guide)

Symfony is a powerful PHP framework that makes it easy to build secure web applications. In this tutorial, we’ll create a complete login and registration system from scratch.

By the end, you’ll learn:
✅ How to set up a Symfony project
✅ Creating a User entity with Symfony’s security system
✅ Building registration and login forms
✅ Securing routes with authentication

Let’s get started!

Step 1: Install Symfony

First, make sure you have PHP 8+ and Composer installed.

Create a new Symfony project:

composer create-project symfony/website-skeleton symfony-login-system
cd symfony-login-system

Start the Symfony local server:

symfony serve

Visit http://localhost:8000 to see your Symfony app running.

Step 2: Set Up the Database

Symfony uses Doctrine to interact with databases.

Configure .env file:

DATABASE_URL="mysql://root:@127.0.0.1:3306/symfony_auth"

(Replace with your database credentials.)

Create the database:

php bin/console doctrine:database:create

Step 3: Create a User Entity

Symfony provides a make:user command to generate a secure User class.

Run:

php bin/console make:user

Follow the prompts:

• Class name: User
• Use email for login: Yes
• Store hashed passwords: Yes

This generates:

• src/Entity/User.php
• src/Repository/UserRepository.php

Update the User entity (optional):

Add more fields (e.g., firstName, lastName):

// src/Entity/User.php
#[ORM\Column(length: 50)]
private ?string $firstName = null;

#[ORM\Column(length: 50)]
private ?string $lastName = null;

Create & run migrations:

php bin/console make:migration
php bin/console doctrine:migrations:migrate

Step 4: Install Security Bundle

Symfony’s security-bundle handles authentication.

Run:

php bin/console make:auth

Choose:

1. Login form authenticator
2. Name: AppAuthenticator
3. Controller: SecurityController

This generates:

• src/Security/AppAuthenticator.php
• src/Controller/SecurityController.php
• Login template (templates/security/login.html.twig)

Step 5: Create Registration System

Generate Registration Form:

php bin/console make:registration-form

This creates:

• src/Controller/RegistrationController.php
• templates/registration/register.html.twig

Customize Registration Form:

Edit src/Form/RegistrationFormType.php to include firstName and lastName:

->add('firstName', TextType::class)
->add('lastName', TextType::class)

Update templates/registration/register.html.twig:

{{ form_start(registrationForm) }}
    {{ form_row(registrationForm.firstName) }}
    {{ form_row(registrationForm.lastName) }}
    {{ form_row(registrationForm.email) }}
    {{ form_row(registrationForm.plainPassword) }}
    <button type="submit">Register</button>
{{ form_end(registrationForm) }}

Step 6: Secure Routes

Edit config/packages/security.yaml:

security:
    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/profile, roles: ROLE_USER }

Now:

• /login → Public
• /register → Public
• /profile → Only logged-in users

Step 7: Test Login & Registration

Register a new user:

Visit http://localhost:8000/register and fill out the form.

Log in:

Go to http://localhost:8000/login and enter credentials.

Access protected routes:

Try visiting /profile—it should work only if logged in.

Bonus: Adding Flash Messages

Improve UX with success/error messages.

In RegistrationController.php:

$this->addFlash('success', 'Registration successful!');

Display messages in Twig (base.html.twig):

{% for message in app.flashes('success') %}
    <div class="alert alert-success">{{ message }}</div>
{% endfor %}

Final Thoughts

You’ve built a secure login & registration system in Symfony!

Recap:

✅ Installed Symfony & set up a database
✅ Created a User entity with Doctrine
✅ Generated login & registration forms
✅ Secured routes based on user roles

Next Steps:

🔹 Add email verification
🔹 Implement password reset
🔹 Try OAuth (Google/Facebook login)