The basic rule is: all business logic runs on the server, client is just a dumb terminal. Your client will connect to a server that runs code (PHP, Java, Python, Node or whatever) which does all the database work and data validation.
(It is possible to secure a direct connection to the database by using triggers, but ultimately you’re still running business logic server side. This is more dangerous because you need much more MySQL knowledge to lock it down than you’d need by making a server-side application that can only what you program it to do).
But, unless you have lots of resources and previous knowledge on such things (which doesn’t sounds to be your case), I strongly advice against rolling your own login systems nowadays. There are solutions out there for login systems (oauth) and game server back-ends (like GameSparks, which does have an UE4 integration).