44: (UPDATED VIDEO IN DESC) How To Create A Login System In PHP For Beginners | PHP Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today you're gonna learn how to make a login system completely from scratch and before we get into this episode is very important that you listen to this short introduction here because we're going to talk about how we're going to make this login system because there is many different ways you can make a login system so I'm going to explain specifically which way we're going to do it in this episode what we're going to do in this episode is we're going to create a basic login system using procedural programming not optic go into programming this guide is also going to be a beginner's guide meaning that if you haven't done a lot of PHP before this is going to be a very easy to understand guide when I'm going to explain everything from scratch so you don't have any sort of questions when it comes to the PHP code or how to make the login system when we do actually program it in this episode here after this episode I'm also going to upload other episodes that are going to continue on this login system here for example how to create a forgotten password system or how to create a profile page for the users in this website we're building here so I'm going to have other episodes that I'm going to upload to my channel and I will go ahead and leave a link the description once that you actually have those episodes ready so you can just go ahead and find them in the description of this video here now in case you already know a bit about connecting to databases using PHP I do have some additional infra-red you need to know before you get into this episode now if you're completely new at creating PHP code just go and ignore this next part because it's only going to confuse it even more and it's not something you need to think about right now until you get a little bit better with PHP we will be using MySQL I in order to connect to our database in this lesson here do bear in mind MySQL I is not the same thing as MySQL MySQL was outdated three years ago MySQL I is the newest version and do still work today and is relevant today because MySQL I is the newest version and is what we need to use today if you're not using videos to connect to database and that sort of thing so MySQL is not outdated and it's what we're going to use in this episode here so what this means is that we're not going to be using PDO in order to connect our database in this episode now a lot of people mistakenly think the PDO is a procedural programming thing it is not PDO is actually designed to be with after don't programming and I do know that you technically can use PDO with procedural programming and it will work but it is not designed for it so not going to be using it in this episode however I will have separate video lessons on how to create a login system using PDO with object-oriented programming and MySQL I with up to terms of programming so I will have that in a separate episode and I'm also going to link that in the description in case you need to see it when I do actually get around to making those episodes of course now I do also want to mention that when it comes to security in the login system in this video I will show you how to protect yourself against SQL injection as well as how to hash your passwords when you upload useless passwords to the database so even if a person were to gain access to the database they can't even read the password so there's a little bit of security in this episode here and do bare mind there's always a lot of things you can do to add security to a locking system and lastly I want to welcome back to people who are new at PHP programming because now it's relevant for you again I do want to mention that this is going to be a long video so if you want to take a few coffee breaks you more than welcome to but I do promise that this is going to be one of the easiest guides and how to create a login system that you can find at least that's what I'm aiming for it to be so I do hope that you enjoyed this video here oh and one more thing if you want to skip ahead in this video I do have timestamps in the description so do go ahead and skip ahead if you don't need to for example know how to create the HTML markup in order to create a login system so just go ahead and take a look in the description if you're not completely a beginner when it comes to PHP code so now that we went through all that I can actually go to close down my notes that I wanted to talk from in order to make this beginning intro as you can see in front of me here do you have a couple of different things open I do have a text editor with a couple of different documents what I simply did here is I took a basic index dot PHP page with just a basic start up and I split it apart and put the top part of my document inside a headed up PHP I put the main content inside a index dot PHP file and then the footer I insert it into a footer the PSP document and then I simply link to the header and the footer inside my main document which is the index the PHP page this is a very normal thing to do when it comes to creating an disorder PSP website again if this is completely new to you I do recommend you go back and watch my PSP course before you learn how to create a login system because you do need to know the basics of PHP before you get into this episode here what we're going to do is I'm going to make sure I have my exam or ma'am or whatever program you might be using started so we do have access to a server on our computer a local server if you could have that if you don't know how to install xampp or man-boy any sort of program then I do have a tutorial I will also link the description they will explain how to get a server started on your computer so you can have a database on your computer as well so go ahead and watch that episode it is a very easy guide it takes literally two minutes to set up a server it doesn't hurt your computer at all so go ahead and watch that video if you're a little bit confused about setting up server on your computer it is not that complicated even though for beginners it might sound complicated to set up a server this is basically all I did to get prepared for this episode so what we're going to do is I'm going to start the HTML and CSS markup in order to create something inside the web site here so when you want to create a login system that's a couple of different things we need we need to have a login form at the top of the website at least that's what we usually have a login form we do also need to have a logout button and we do also need to have a signup form inside the website where a new user can go into the signup form and type in their information and then get signed up inside the website so that we need to create using HTML and CSS and again you should know HTML by now so this is not really something I should go in-depth explaining so we're just gonna go ahead and I'm just gonna go and talk and then write it out so you can see what I'm doing and hear me say it at the same time I'm not gonna go into deep detail about anything unless it's related to PHP code so going into our head of document and do I have my notes in the side here just in case you're wondering because I want to make a few mistakes as possible so inside my header the PHP document we're going to go ahead and set up the navigation at the top of the website that will have some basic things inside of it like logo menu and then of course we're going to have a login form so I'm just gonna really quickly set that up so going inside the header that I have here I am going to create a navigation tag or a navigation element and inside the navigation I want to include a anchor tag that is going to have just a basic logo for the website inside of it so I'm just gonna include a image that I do by the way have inside my root folder so as you can see I have my documents here I do also have a style sheet that I'm not going to apply until the end of the video when we do actually have to the whole thing set up actually we could apply it after the HTML so I'll go ahead and do that just know that you shouldn't get confused about me adding styling to the website it's not going to work and it differently it's just going to look differently by the way if you want to have access to my lesson file from this episode including very specific describing comments that says what code does what inside the files you can go ahead and download them from a patreon in the description for this video just so you know that it's down then ready to get downloaded if you want to support me on patreon but like I said the styling doesn't have any impact on how the login system works in this episode it's only going to be visual so if you want to style the website you can go ahead and just do that yourself or you can get access to my files on patreon just know that the styling doesn't really matter when it comes to functionality of the login system it's only going to be a bonus thing for this episode so getting back into what I was trying to do here as you can see I do have a image folder inside the root of my website and inside the image folder I have a very basic logo that I'm going to include inside the header of my website here just to have something looks like a normal website because it is nice to have something looks like a normal website when you do these sort of tutorials so I'm just gonna go and link to it here so I'm gonna say the image source is going to be inside an image folder and it's going to be called logo dot PNG I'm just gonna go ahead and include logo inside the alt tag here and now that we have this we can actually go ahead and go down to the next section here I'm going to create an unordered list and I'm just going to create a very basic navigation for the website just to have something filled in to the website that looks normal so I'm going to say we have a anchor tag and inside the anchor I'm just gonna conclude some text I'm gonna say home then I'm just gonna go ahead and copy paste just I think we should have about four different navigation items gonna say we have something called portfolio I'm gonna have something called let's go ahead and say a bounce me and then something called contact again just to fill something in and I'm gonna go and change the home link to index dot PHP so now that we just created some basic things for the website I'm going to go and include the login form and locked out form that we have inside the header that allow us to type in some information then click login and as well as log less out if we are locked in already so right below the you are a ul tag I'm going to include a div tag and I'm just gonna go ahead and include both forms inside of here so you can sort of group them together inside one HTML element so what I'm going to do is I'm going to create a form tag again this is just a basic form tag so you shouldn't be confused by anything here if you already know HTML and CSS the action should not be indexed at HTML instead the action tag is going to send a user to a PHP file that is going to run through a script that is going to determine if this user is the correct user who is trying to lock in if the user is the correct person then we're going to lock them in to the website so we're going to link to a PHP file that is going to have a bunch of PHP code inside of it and don't worry we will get to that file and create it together in just a few minutes so we're going to link to a folder inside our website root folder called includes and we're going to link to a file called called login dot Inc dot PHP and the method is just going to be a post method do bear in mind anytime you send sensitive data using a form inside a website user you need to use a post method because if you use a post method you can't see the information inside the URL if you use a get method you can see everything so it's not really safe when it comes to sensitive data now I should also mention the reason that I want to create a includes folder inside my root folder it's actually going to do that together right now if I were to go back to the root part of my root folder if it were to right-click and create a new folder I'm going to create this includes folder the only reason for this folder is that I want to include any kind of pages inside the website that is not a direct page inside the website that the user can actually visit because these are going to be PHP document that are only going to run a script and the users not actually gonna see this page inside the website I want to put them inside a common folder and I'm just gonna call this one include so inside the includes folders what we're going to insert the file that is going to have the login script we're going to include the file is going to have to sign up script and also the lockout script so we're going to include that inside the includes folder the reason I decide to call my file login Inc the PHP is just for naming purposes the dot Inc does nothing except for as part of the name of the document the basic idea behind a think inside the name is gesture to stand for include file so I'm just gonna include that as part of the name so we know that this is not a page that the user can visit inside the website but it just has some scripts inside of it so now that we have this we can actually go and fill in the input we need to have inside the form so I'm just gonna go and create an input and he'll we need to decide what do we want the user to give us in order to lock into the website now the most typical is that they just need to give us a user name or email and a password so that's what we're going to include in this episode here so I'm going to give the name or set the name to mail UID and the name attribute here is something we're going to use when we do actually send this information from the form to the login dot Inc the PHP file because the name is going to be what we need to refer to in order to grab the information from this input so the name has very important to have inside your inputs I'm gonna go ahead and just delete the value and put a placeholder instead and placeholder and value does two separate things again that's basic HTML you should know what they do so I'm just gonna go and say that this is a username or email dot dot dot or something so the user knows what to put inside this input here then I'm going to copy it paste it below and I'm gonna change the type from text to password because then when the user starts filling in any sort of text inside the password field that they can't actually see what they type in is they're going to be those star symbols and the name is going to be changed to PWD and the place told this should be password then I'm just going to include a button at the bottom here and the types of ba submits type because this is what we used to submit the form the name is going to be log in - submits and then I'm just gonna go ahead and say log in inside the button name now the next thing we need to include is a link right after this login form that can take the user to a signup page where they can type in their information such as the name their email - username passwords and that sort of thing and then get signed up inside the website so we're just going to include a very basic link so I'm going to say we have an anchor tag and I'm going to link to a signup dot PHP page and again this is not a include file because this is a page that you can actually visit inside the website so it's just going to be signup to PHP and then I'm just gonna write signup like so then the last thing we're going to do inside the header document is we're going to include the lock out button now when we do get the login system working we do need to hide the logout button when the users not logged into the website and we to hide the login button when the user is already locked into the website and we do that using PHP once we do actually make the login system so we'll get to that at one point so right after the link that we have down here I'm just gonna go and include another form and we could actually just copy-paste what we have up here because it will have a little bit of the same inside of it and I'm going to delete the inputs because you don't need those I will go ahead and link to a lock out that the PSP instead because this is just going to be a include file that will lock the use out and send them back to the front page so this is a include file the method is going to be either post or get that's one of the matter because we don't have any sort of sensitive data down here and the button is going to be called something else we're just going to call it lockout - submit and then we're going to change the name to logout and that is a basic logout form' so now that we have all of this we just need to include one more thing inside the HTML in order to get it everything that I want to have inside the website which is that inside the index a PHP file inside the main tags that I have here which is going to contain the main content for the website I just want to include a basic piece of text like a paragraph that says if the users locked in or locked out so inside the main tags I'm just gonna go ahead and say that we have a logout message so you are logged out and then once we do login I want to have another paragraph that says you are logged in now again do bear in mind once we do have to log in system up and running we will using PHP hide one of these depending on if they're users locked in a locked out so for now just gonna have both messages in here so this is the basic HTML and the last thing I want to do before we get into the PHP code is I want to activate my style sheet so my style see it again if you want to have the exact same styling as me go ahead and download the lesson files in the description if not then just go and include your own styling and make it into whatever you want to look like inside the website here again right now looks kind of messy if it works just refresh as you can see we have just a bunch of very basic things so when I do activate my style sheet like so and I'm also gonna go and include my all the different classes and so I head inside my different tags in here so I'm just going to do that really quick and as you can see I just added a couple of different classes to all the different elements we have in here just so I could style it using CSS and I went ahead and activated my co-star see it up here so go ahead and go back to the website you can see as you can see we do have some basic styling going on in here just so we have something it looks just a little bit nice when it comes to the head up here with the forms inside of it I did actually forget to style this down here inside the main context I'm just gonna go and do that as well and as you can see we now have the content inside the main page styled as well now what we need to do before we get into the PHP part is we need to also do something inside the signup page so we include it inside the header because we do also need the user to be able to sign up inside the website so I'm just gonna go ahead and create a new document I'm gonna save it inside my main part of the root folder I'm just gonna save it as signup dot PHP then inside this document here we're gonna go ahead and just include the code or the mark-up that we need in order for the user to go to a signup page and then see a form where they can sign himself up just like the form you have inside the header so what we're going to do is we're gonna go ahead and just copy the index page because there is a little bit of things in here that we do need to have repeated I'm just gonna paste it in and the part that we need to keep in here is going to be the top part where we require the header as well as the footer that we have down at the bottom here then what I'm going to do is inside what we have inside my HTML markup now you probably won't have these specific tags here just go and ignore that just know that you need to have some sort of main wrap or something to have the content inside of so just if you have two main tags here it's fine you can just have that and it's going to be all good inside the taxi I'm going to include a form that the user can actually use in order to sign myself up into the web site so first of all I'm going to include a h1 tag that is going to say sign up so the user knows what this specific page is for and then below here I'm going to create a form and I'm just gonna go ahead and set my action to be signup dot Inc dot PHP and again would you need to remember that this is going to be inside a includes folder inside my root folder so we're gonna say includes forward slash and then the method is going to be a post method as well because this is going to be sensitive data that the user sees inside the website so inside the forum we're going to include any sort of input we want the user to fill in so we can save that information inside our database which we haven't created yet but we'll get to that as well so I'm going to include a input field and inside the input field I first of all would like the user to type in their email so I'm going to set the name tag to UID and we're not gonna have a value we're going to have a placeholder and I'm going to set this one to username then I'm going to just copy paste and I'm gonna do the same thing except this time I want them to include their email so I'm going to set the name attribute to mail and then I'm going to set it inside the placeholder to email then I'm just gonna go ahead and copy paste again and then below here the next thing I want them to type in is a password I'm just gonna go ahead and include it as a password type so again we can't see what they're typing in Esther writing it because in case somebody's sitting next to the user while they're signing themselves up and then they look over their shoulder and sees what password they're typing and we don't really want that to happen so need to have that sort of basic security here the name I'm going to set to PWD and the place hold is going to be password then I'm going to copy paste the password field now what I want to include here is a second password field that the user can repeat the password inside of because if the user type two different passwords of both of them then they made some kind of a spelling error so it's very important that we know that the user is using the right password that they intended which is why I want them to repeat their password as they're signing themselves up so the second password field is also going to be a password type it is going to be named something different because we don't need to have the same name well we don't want to have the same name so I'm going to call this one password - repeat and a placeholder is going to be something like repeat password' like so so now that we have this we do actually just need the button and then we have a sign-up form that we can actually use inside the website now the email is something that is very important to have in order for us to include a forgotten password script inside the website because if later the user forgets that password we do need to be able to send them an email that they can use note to reset the password so it's very important if you have an email field here so at the bottom here I'm just gonna include a button and the type is going to be submits and the name is going to be signup - submit then inside the button we're just gonna go ahead and say signup and then we have everything we need to have in here at the moment later on I will show you how to create error messages in case the user write something wrong or does something weird that we don't want them to do inside the signup form let's say they forget to in fill in a specific input then we do need to write an error message for them and I will show you how to do that later on in this video here so what I'm going to do now is I'm going to style the signup page just like I did with the header and the main content inside the website and again if you want to have the exact same code as me the files are going to be in the description of the video if not then just go and include your own styling if you do want to style whatever we're doing this video here so I'm just gonna go and do that really quick and there we go there wasn't actually a lot for me to style I just needed to include one class inside the document here so what I'm going to do now is I'm going to go to the website refresh and now when we click the signup button at the top here you can see we're taken to a sign up page with a signup form now what we're going to do now is we're going to go ahead and setup the database before we do any sort of PHP code because we do need to have a database ready with a database and a database table that we can use note to insert the information of the user when they signed himself up inside the website so what I'm going to do is I'm going to go inside my browser and I'm going to go to my local host forward slash PHP myadmin and in case somebody is completely new a PHP PHP myadmin is a place so we can set up databases for our websites right now I do have PHP myadmin installed because I have xampp installed so this is a local database on my local computer and again if you don't know how to install PHP myadmin just go ahead and watch that video a link to in the description where you learned how to install xampp because you do install PHP myadmin by installing xampp on your computer so go ahead and watch that episode if you don't know how to get into PHP myadmin I explain everything in that video so now that way inside PHP myadmin I'm going to go to the databases tab up in the top here then inside the databases tab I'm going to create a new database I'm going to call this one login system suits for login system tutorial you can call whatever you want to call in this episode and I'm going to say create now that I have a database create a color game system to it over here in the left side as you can see right now we have no tables inside the database so we need to when we sign the use up store information somewhere inside the database and that is going to be inside a table called a users table so I'm going to go inside the SQL tab at the top here and I do know that you could simply go inside PHP myadmin and use their own system where you can quickly set up database tables and columns and that sort of thing but I think it's a lot better practice to learn how to write the SQL yourself so going to do that right now now inside of here I'm just gonna go ahead and zoom in so you can actually see what I'm writing I'm going to write the SQL code that will set up our database table so I'm going to just go ahead and look at my cheat sheet here because I do have it on the side so don't make any errors and what we're going to do is we're going to first of all say create table and again it will automatically know which database you want to create a table inside of because right now I do have my login system to database selected over here the left side so we're going to say create table then we're gonna give it some kind of name I'm gonna call it users in this example here then I'm gonna say parenthesis double quote why not double quote semicolon and then I'm just gonna go down to a color different line so we have something - right in between here then I'm going to create the first column inside our table which is going to be called ID users then I'm going to set it as a integer and I'm going to set it to 11 inside the parenthesis here then I'm going to set this one to our two underscore increment which means that each time a new user signs up inside the website this unique ID vac rating here for each user is automatically going to change by one each time a new user gets registered inside the table here after order increment we're going to set a primary key and then we're also going to set this one to not no comma next line because we do need to include another another column inside the database this one is going to be called UID users UID stands for user name at least in my head it does you could also call user name users if you wanted to or any sort of other name and so I'm gonna call this one UID users and I'm going to set the the type of data we're going to insert as tiny text tiny text gonna set this one to not know which means that we can't have it empty and then I'm gonna go down to the next line and I'm going to create another one called email users then I'm going to set the the text type to tiny text as well not know and then the last one down here is going to be the password so we're going to say PWD users and I'm going to set this one to a long text because we want to allow for smart text as possible when it comes to the password the user types in because the longer a user's password is the safer it is so we don't want to put a restriction on how long the user can create their password so going to set this one to the long text now if you don't know anything about SQL and what we have here is the name of the column we have the type of data that we want to insert into the column in this case it's going to be a number which is just going to allow eleven different characters after each other tiny text means that we have a certain number of letters the user can insert into the Hollan without it cutting it off because it doesn't alarm wouldn't this specific amount of characters and long takes is the longest one that allow for the longest amount of text inside the column here Auto increment like I said means to you increase the number by one each time so we don't need to do anything to this specific column each time a user signs up it is done automatically primary key means that this is the primary column inside this specific table it's you should always have a primary key inside a table when you create a new table and not Namie so you can't have it empty inside this column here so it can't be so we can't have null as a value inside any of these columns here so make sure that the last one that they include down it does not have a comment behind it because then you're going to get an error so now that we have this I'm going to go ahead and say go down hit the bottom and as you can see we don't have any errors and inside my login system to database over here we do have a user's table inside the database with the different columns inside of it so once I do register a user inside the database we can see all the information on the users inside the database so now that we have a database set up we can go back inside our website I'm just gonna zoom back out and inside our website the next thing we're going to do is we're going to create the PHP code that will allow to use to sign up inside the website then afterwards we're going to allow for users to lock in and lock out so going to create all the PHP code now so going back into our code or inside our text editor I'm going to create a new file this file is going to be called sign up dot Inc the PHP and I'm going to save it inside the includes folder so I'm going to say sign up dot Inc dot PHP and I'm going to save it now this is the farm we refer to inside the signup page so if you were to go back to that specific page you can see that inside our form the action points to that specific page that we just created so inside this specific page we're just going to have PHP code that is going to run when you do actually click the sign up button and then it's going to make a bunch of error handlers to check if the user made any sort of mistakes inside the form and then if they didn't make a mistake then we're going to sign them off inside the website so inside this document I'm going to just open up the PHP tags and I'm not going to include the bottom closing PHP tags here because you only need to have a closing PHP tag if you want to include HTML or something after the PHP code so right now because this is going to have pure PHP code we're not going to include the closing tag inside of here the very first thing we're going to do is check if the user did actually click the submit button when they got to this page because you can technically access this page without clicking the submit button if it were to go back inside the website go to the top of the URL I could access that page that we just started creating inside our text editor by going inside the URL and say I want to go to includes forward slash signup dot Inc dot PHP if I want to click OK now then we are inside that specific document that were editing right now inside our text editor we don't want to use it to be able to get to the page this way so we need to make sure that we do a double check that says did they actually get here by actually clicking the sign up button inside the signup form so inside our document here I'm going to say that we want to create a if statement and inside the if condition here we can go ahead and check for if the user did actually click the button by running a is set method and inside the is set we're going to check if we do have a post method called dollar sign underscore post brackets and then we're going to check for the name called sign-off - submit because they were to go back to the signup page you can actually see that the name down here for the submit button the signup - submit so that's what we're checking for when that information gets sent to this document here so now that we check for this we now know that the user got here legitimately so the next thing we need to do is we need to go ahead and run the connection to our database which we haven't created yet so what we're going to do is we're really quickly going to create another file and going to include that inside our includes folder and it's going to be called dp8 dot Inc dot PHP which stands for database handler Inc the PHP and I'm just going to and saving and then inside this specific file I'm just really quickly going to just open up the PSP tanks just like before and we don't need to close it as well and then inside this file we're going to give it the information we need in order to connect to our database which is the one that I just created inside the browser here so the information we need to have is first of all going to be which server did we actually create the database on so I'm going to create a variable called server name going to set equal to a string now the value inside the server name is going to be localhost because right now I'm using a local server on my computer because I'm using exam so if you're also using exam or Mayibuye anything like that then you're also going to have localhost inside here as your value if you're using an online server then you need to put in the server name for the online server using on a online website just log in to the dashboard of your hosting company and in there you can see what the server name is of your website inside the online version of your site now the next thing we're going to include is to use the name and the password for a database now for the local database that I'm using with exempt the DB username so I could write that in a correct manner there we go it's going to be called root Roo T if you're using map is also going to be root but when it comes to the password DB password when you're using xampp like I am it's going to be left empty and then the last thing down here is going to be the database name so we're going to say DB name and I'm going to set this one equal to what we call the database inside PHP myadmin and I do thing we call it login system toot and again if you call it something else then go ahead and make sure it's called what you called it inside the database so now that you have all the different parameters we need to have I'm going to actually run a connection so gonna say we have a variable called cun and then I'm going to run in my SQL live function so I'm gonna say my sqli underscore connects parenthesis semicolon and then inside the parenthesis we just need to include these different parameters one at a time so I'm just going to say if you have to serve a name we have the username we have the password and then we have the database name and there we go so what we can also do is we can actually go ahead and check if the connection did actually fail because that is a really good thing to have so I'm going to run a if statement down here where I'm going to check if we were pecan does not work then I'm going to go ahead and kill the connection by writing died which is a function as well and then I'm going to write some kind of message and I'm going to write connection failed and then I want to write the actual error message that we got when it failed so I'm going to say we have a function called MySQL i underscore connects underscore error but is this going to throw out the specific error you might have if it does actually fail so this is all we need to have inside our connection this line up here is going to be the connection to our database so by going inside our signup page again we can then require this specific page that we just created called dp8 dot Inc dot PHP and now we have access to the variable Kon that we have inside the database file so now we can use in this specific variable gain access to the connection to a database do bear in mind we don't need to have includes behind here because we are right now inside our signup that Inc the PHP file which means that inside our includes folder that's what we are inside our website so the DPH file is right next to it so we don't need to to write a path to it right after here the next thing we're going to do is we're going to go ahead and fetch the information from the form when the user signed up inside website so we're going to do the exact same thing as we did up here where we used a post method in order to grab the data from the user so I'm going to go down here and say we have a variable and I'm just gonna go and call this one user name I'm gonna set it equal to a post method which is not going to be called son of DUT dad submit but instead it's going to be called UID because inside our signup form the name for the input will be ask the user to type in their username it is called UID that's why we're writing that inside the post method then I'm just going to copy paste this line and we need to copy paste it three more times and then I'm going to change the name to email and again inside the post method it is called mail inside the next one we're gonna write PWD or password then PWD inside the post method and then we can call the next one something like pass word repeat and then the name inside the post method is going to be PWD - repeat so now it just fits all the information that the user passed on from the signup form inside the website and we can now take this information and do something with it before we take the information and put it inside out database inside of the user we do need to check if the user made a mistake inside the web side so we need to have a bunch of error handlers that does this for us so I am just going to include the most basic error headless that I could think of at the spot when I was making this tutorial it can make so many error handlers for all sorts of things we can check the length of the username you can check if the wrote a valid email and that sort of thing I'm just going to write some of the most basic ones and you could always at one point just include more if you wanted to so the first thing we're going to do is we're going to check if the user wrote something in all the inputs inside our signup form so if the user were to go to a website and say I don't want to write any user name but I want to write an email and a password and repeat password we want to check if the left one of the feels empty so going inside our code I'm going to create a if statement and inside the condition I'm going to run a PHP function called empty and the empty function is just going to check if whatever we put inside the parenthesis is empty so if I were to take the username up here by referring to the variable called username then if the user wrote nothing inside the username input then we're not going to have anything set equal to this variable up here so it will be empty so if it is emptied them and want to create an error message and send a user back to the signup page saying oh there was an error here but before we do that we do also need to check for the other three that we have in here so I'm going to say or by creating two pipe symbols right afterwards here and then I'm going to just copy-paste the empty function and we can actually create a couple more these just so we have four in total because we do need to check for four different inputs now I do want to point out this is the point where a lot of people make mistake when they watch my tutorial because they forget to include all the different parentheses inside the if statement here do make sure that you have a opening and closing parenthesis at the end and the beginning of the if statement as well as an opening and closing for each variable inside the if condition here check for it if you have a unexpected simple something as an error inside your website then you made a typo so make sure you check for it because I do see a lot of people making typos claiming and writing in the common field of my videos that there's no typos but there always is so if you get a unexpected I don't know semicolon parenthesis or something as an error code check for typos it's very important so now that we have this and went ahead and checked if any of these were left empty we can go ahead and create an error message the way I'm going to do that is by sending the use of back to the signup page with the error message so I'm going to create a header function that is going to link them back to whatever page I referred to inside the header parentheses so I'm going to say double quotes location : and then I want to take them back to the sign up page I'm going to go back into rectory because right now when site includes folder and I want to take them to the sign up dot PHP page then I'm going to write question mark because I want to add some extra data behind the URL and I'm going to include era it's equal to empty fields and I do also want to send back some of the information because let's pretend for a second that the user went to your website inside the signup form wrote some information click Submit and then they make an error and gets taken back to the signup form when this happens the signup form is going to be completely empty again so if you have a signup form where the user had to correct user name but not the correct password or something then they need to retype the information all over again so in some of these cases we do want to send them back with some of the fields filled out again with the previous information they typed in so they don't have to type everything in once again so we can fix this box is sending them back and including the information they already typed in inside the URL when we send them back to the signup page and then we just take that information put inside the signup page so it's already there when the user gets back to the page so in this case he I do want to include the username if they did actually write it in I'm going to set it equal to the variable we have up here called username so I'm just gonna go ahead and say we have a variable included do make sure you put it after the double quote like I just did here then I want to create another string and then I also want to include the email if they did actually write it by saying + % email it's going to be equal to the email we have up here punctuation and then the variable maybe we shouldn't put email because I do think that we need to have as little text as possible inside the URL so I'm just gonna write mail here so if any of these inputs were actually filled out it's going to get sent back to the signup page so we can actually go and check that if you want to so let's actually go back inside our website refresh the browser and then let's go ahead and just type in let's say the email just gonna write some gibberish password repeat password sign up then he consents at the URL we get era equal to empty fields and then the UID is going to be left empty right here because there was no UID but the email that we did type in do get sent back inside the URL so we can take that information from up here using a get method and then put it inside the form again once we do get back to the website so one thing I do want to point out here is that we don't send a user back with their password because we don't want the password to be visible inside the URL so they do need to repeat the password each time to make a mistake inside the form here now before we continue we should probably fill in the correct variables inside them two functions we have down here so there we go everything is like it should be and what we want to include as well right after the header that we have down here is a exit method because what is going to happen here is that if the user made a mistake and gets sent into this code in here then the exit method is going to stop the script from running we don't want to continue any code below here if they made a mistake inside that the empty fields here so that is what this specific function here does inside the code now the next thing I want to do is I want to check if the user submitted a valid email and a valid user name inside the signup form so what I'm going to do is I'm going to include a else if statement down here at the bottom so I'm going to write else if parentheses curly brackets and I do want to point out that you can write the else if statement like this or like this it doesn't really matter when it comes to PHP does the exact same thing so inside the else if statement I want to include some kind of condition that says well if we have a invalid email then create an error message just like up here so I'm just gonna go and copy the error message and paste it in inside the else if statement down here the only thing you need to do to the error message is that we need to make sure we change the error message so it doesn't say empty fields but instead it says invalid email or something so we say invalid mail and then of course we don't want to send the email back to the signup page because it was invalid so they need to type it in again so I'm just going to delete the email from inside the URL that we're going to send them back with now inside the condition of the else if statement can write a very basic function that we have inside PHP that goes in and checks for a valid email so I'm going to say we want to check not if it's valid but invalid by writing a exclamation mark before the function and then I want to write something called filter on the score ba parentheses then inside the function we need to have two parameters the first one is going to be the email that the user submitted the second parameter is going to be how we want to check the data that we just submitted inside the function here which in this case is going to be if it's a valid email so the first parameter is going to be our email variable that we have up here comment and then we want to check for a filter on the score validate on the score email and then it will automatically check if this is a valid email or not in the past we did AXA need to write a search pattern that went into the whatever the user submitted and we had to manually create different parameters to check if this was a valid email so this is a very simple easy solution in order to take for a email that we have today so now that we have this the next thing we can do is we can go ahead and check for a valid password now when it comes to passwords we don't have the same luxury as having a function that just simply does everything for us we do actually need to create a search pattern that searches to username to make sure we have proper characters and no symbols and that sort of thing so what I'm going to do is I'm just going to delete what we have inside the condition and I'm going to go ahead and run a prick match function which have inside PHP and I want to check if it doesn't match so again we're going to write exclamation mark I'm going to write prac underscore match parentheses and then I'm going to write the search pattern they want to check for now I'm not going to go through search patterns in this episode because it is quite and detail then and not really something or to go in this episode but I do have a link in the description for a video where I explain everything when it comes to search pattern so check that out if you need to check what we're doing here so inside this function I'm going to create a search pattern it's going to be called forward slash then I'm going to create that upward pointing arrow I'm not sure what it's called in English and then I'm going to save brackets and inside the brackets is going to be what we allow inside the search pattern so in this case it's going to be 8 through sets and also capitalized Aid through capital I set we're going to allow 0 through 9 because you also allow for numbers inside the username and then afterwards I'm going to say star and then I'm going to say dollar sign forward slash so this right here is going to be the basic search pattern we're going to use in order to validate a proper name afterwards you want to add a second parameter inside the pragmatic function so I'm just going to say comment and then I want to include the username because that's the one we're checking for in this example here so now we have this we need to go back down to the error message and change it up so it doesn't match the email one exactly because I do want to create another error message if the username was too incorrect one so down here I want to say we have an invalid UID which is username in my head again and instead of sending back to username I want to send back to email so I'm just gonna write mail and set it to the mail variable we have up here and send that back because the use of probably don't want to write the email one more time inside the signup form wants to get pushed back to the signup page because they made an error so now that we have this there's a third era hand that is very similar to these two that I want to include which is in case the user didn't write a proper email and they didn't write a proper username then we need to send them back with a third URL type inside the URL let me send it back with an error so right before these two else if statements I'm going to create another else if statement we do need to run this one first that's very important because otherwise it's just going to run one of these two even though this specific error is actually thrown inside the website so I'm going to copy paste what we have inside the addition for the improper email I'm going to paste it inside the condition that I'm going to say and write afterwards using two ampersands symbols and then I'm going to include the preg match that checks for a valid username and include that as well so right now it is checking for a valid email and a valid username and then again we can send them back using the header function and throw them some kind of arrows so I'm going to set the era for invalid mail and use the name so I'm going to say mail UID and we're not gonna send any information back to the user because we don't want to give them information back filled in to the form if it's not correct so we don't want to send a username or the email back and like I said the password is sensitive data so we don't want to send that back either so we don't send anything back in this example here so now that we have this there's one more error handler I want to check for which is if the two passwords to user typed in do not match each other so right below here I'm going to create another else if statement an inside of the condition I'm just simply gonna check is password or at least a variable called password equal to password repeat now here we do need to check if they're not equal to each other and then give them an error message so right before the equal signs I'm going to say exclamation mark which is going to say does this password not match the password repeat then I do want to create another error message and send them back to the signup page and in this case I want to say password check which is going to be the name of the error so password check don't need to that keval tip we don't need to have that capsule I'm just going to minimize it again and I'm just gonna go ahead and send back both the email and the username so I'm going to say want to just copy-paste from up here because you don't you just have everything in again and paste it in there we go now that we have this there's one more error handler that I want to include which is not going to be inside an else if statement because in this example here I'm just gonna create an else statement if the user tried to sign up using a username that already exists inside the database meaning that the username is already taken then we also need to create a message for that so we're going to create an else statement and inside the else statement we do X need to connect to the database and check if we have any matching users inside the database so inside this else statements I'm going to first of all create a SQL statement that we want to run inside the database so going to say we have a SQL variable constant equal to double quotes semicolon then inside the double quotes I want to select M UID users from the users table where UID users is equal to the username that the user chose when it tried to sign up inside the website now we're not gonna take the username up here copy it and paste it inside the SQL statement because we want to make sure we do this in a safe and secure way using something called prepared statements prepared statements is a way for us to run SQL statements inside the database without any person coming to a website and destroying our database by writing code inside the input fields to give an example if I were to go back to the website go inside the signup form I could technically go inside the username input and write SQL code inside the input here and then I'll actually get run inside the database and destroy our database and again this is not something we want the user to be able to do again there is some really evil people out there that might want to destroy our website so we need to make sure we use prepared statements now when we create a SQL statement that we want to run inside the database you want to use placeholders inside the SQL statement so right here where we want to actually include the user name and paste it in we don't do that instead you create a placeholder using question mark and do bearman you don't need to put that I actually shouldn't put that inside single quotes because otherwise it's not going to work so just go ahead and write a question mark now in some cases where we might also check for a password so we could say let's go and say and PWD users is equal to something else then we can also include a second place holder if we need to but in this case it would just need to check does the username already exist inside the database so now that we have this we can go down to the next line we can create a prepared statement so we create a variable called is TMT stands for statements and I'm just gonna go ahead and run a my SQL I'm on the score there's TMT underscore in its which stands for initialize let's actually write that correctly in its parentheses and then I want to make sure I run the connection that we have inside our database connection inside this specific parameter here so I'm going to make sure that we have the database linked inside this page we do and then I'm gonna go and go back down to the bottom and refer to our connection variable they have inside the database page right here now we have this we can actually go ahead and check if we can prepare this specific SQL statement and if it does actually work with our connection that we have down here so I'm going to create an if statement inside the condition don't say exclamation mark because they want to check if it does not work always check for errors first when they create PHP code at least as a rule of thumb you don't have to but it's a really good rule to to sort of follow when you create PHP code so I'm going to check if MySQL I'm on this course is TMT on the scope repair failed so I'm just gonna go and insert the statement we just created on top of it inside the parenthesis down here and then we're also gonna go and include the statement that we have up here the SQL statement and if it does fail then we want to write some kind of error message in here again we can just copy paste one of these up here paste it in send them back to the front page or not the front page but the signup page with an error message says something like let's go ahead and write SQL error just so we have some kind of error message so now that we have this going to close it off properly like so we can go ahead and keep going inside our script here now I do want to point out that the way I'm writing else statements or else if statements inside my code here is that going down to the next line because some people do recommend you do this because it looks more proper when it comes to PHP markup but just to make sure it looks organized for you guys I'm gonna go ahead and write out statements at the bottom here it doesn't make any difference is just a layout that I decide to create for the code so now we have this we can actually go ahead and continue our script because there was no arrows running this statement inside the database now what we need to do is we need to take them from Basin to user gave us and put that inside database and run it with this specific SQL statement now because the statement up here was run first inside the database and we then later give it the information from the user it is much safer to pass in information from the user into the database because doing it this way is going to be run using a different method inside the database so inside the else statement I'm going to run a MySQL I'm on the score is TMT underscore bind underscore param which stands for parameters and then I'm going to find the parameters from the user to the statement we created up here which means that we're going to take the information from the user and then send it later on to the database using this statement we created so what I'm going to write inside the parameters inside this specific function is going to first of all be which statement you want to bind the information from the users to in this case we have the statement up here just gonna include that the second information is going to be what datatype are we passing in to this statement we do you need to write that if you write s then we insert a string into the statement if you write B then it's a boolean and if you write I it's an integer at least I do believe that is the letters have used in order to indicate what kind of data type were passing in here if I made a mistake saying these letters then I will write on the screen here but this is just basically the data type that we want to pass in and because we just have basic text which is going to be a string that I'm just going to write s now remember perform and I said that we could have multiple placeholders inside the SQL parameter up here right now we just have one question mark inside our SQL statement mean that I'm just going to have one s inside this specific parameter down here if I had another one then I needed to include a second s because we need to tell it how many strings are we passing into this statement here so after this specific parameter I want to actually insert the information the user gave us inside the signup form so I want to go back up here I want to grab the user name and I just want to pass it in as a parameter again if we also had the password then I wanted to include a second s as well as a second parameter over here so it would be password if we had to have multiple parameters but we don't at least not in this example here so now that we've found the parameters the next thing we need to do is we need to actually execute our data from the user together with the SQL statement from up here so I'm going to run a MySQL live function must rely on the score is TMT underscore execute parenthesis and then we just need to go ahead and grab the statement and execute it into the database so now that we did this it will actually run this information from the user inside the database after running the information inside the database we now need to check did we get a match when we ran it inside the database if we did get a match then it means that there is already a user that has that specific user name therefore we cannot have this used to sign up with the same username so the way we do that is again using a another function so going to say MySQL eye on the score is TM team on the score store on a score results parentheses what this basically does is that it just takes the result we got from the database and stores it back into the variable called s TM T then one can do afterwards is we can go ahead and we check using a function how many results we have inside the variable called s TM T so I'm going to create a variable called result tick going to set equal to MySQL i underscore is TM t underscore num underscore rows so not taking how many rows of results did we get from the database when we get information from a database table we get them returned as rows so if I have two matches inside the database then I'm going to have two rows returned to me and in this case we should probably just have one row turn to us then I want to grab the statement and insert it inside the parentheses and now variable result check is going to be equal to the number of results we got from the database so it should either be 0 or 1 because if you had one user inside the database that had the same user name then it's going to be 1 so now that we have this we can actually go ahead and run another if statements and we can go ahead and check is result check greater than 0 if it is greater than 0 then again we should return the user back to the signup page with an error message that says username already taken so I'm going to just copy paste the header function and then I'm going to just change it so we have the error message saying on SQL error but user taken and again in this case you might also want to return the email so they don't have to write everything again so I'm just going to copy paste the ampersand mail equal to email and then paste it right after here there we go so now we did this we just created the last error handler I wanted to include inside our login system so the next thing we need to do is we need to actually sign up the user into the website because from now on there shouldn't be any sort of errors when it came to the user so I'm going to create a else statements inside the else if I'm going to do almost the exact same thing I suggested before here we're going to run a SQL statement inside the database that is going to insert instead of selecting and then we're going to do this using prepared statements like we just did here so inside the else statement I'm going to run another SQL parable I'm just gonna couldn't copy paste because you can just do that instead of selects actually we can just going to lead everything we have in here and we're going to say insert into users and then we're going to give it parentheses values parentheses then we need to write the name of the different columns we have inside to use the table or the users table we have inside the database so if we go back inside the database you can see we have an ID users we have a UID users and email users and a password users this is actually quite tiny so you can see it but do bear in mind when we created the table I said that we set the ID users to auto increments which means that it automatically updates each time we get a new user inserted into the database so we don't need to do anything when it comes to the ID users these three however we do need to include inside the insert statement so going back inside our code I'm going to make sure the first parameter inside the first parentheses here is going to be UID users the next one is going to be mail users and then the last one is going to be PWD users and let's go ahead and check that this is actually correct so I'm just going to say it's called email users that do need to change that so don't get an error there we go and inside the values we need to insert placeholders because we don't want to just paste in information from the user like I said before it's not safe so we're going to use placeholders in this example here on the next line we're going to go ahead and run a new statement like we just did up here so I'm just going to copy it paste it in and then I'm going to do the exact same thing I'm just gonna run a if statements so I'm just gonna copy paste again and I'm going to check if this statement here and this SQL statement and do in fact work together if we can actually run this SQL statement inside the database then I'm going to throw them back to the signup page with an error if that did not work else we're going to continue here just like we did before up here you need to run three different MySQL life functions however when we do insert the data inside the bind parameter function in this case here when we copy pasted it there's just one parameter would you axe need to have three because inside our current SQL statement you have three different placeholders so we do need to have three different s's meaning strings inside this specific function down here which means that we're also going to have three different variables called password and also going to have a email which is going to be the second one these do need to be in the same order as we wrote it up here do keep in mind of that so I'm going to say variable I think we called it email something now this is what we're going to hash the password because right now if I were to just grab the user's password from when he submitted it from up here then when I inserted into the database it's going to be completely identical to what he wrote inside the input and you might be thinking isn't that what it's supposed to be because he wrote in the passwords assured me take that password and insert that password into the database well no because if a hacker were to gain access to our database in some sort of way then we don't want to have the password written out as it is inside the column inside the database table because then the hacker can tell what the passwords are of all the different users inside our database the way we get around that is by hashing the password which means that we're going to take the password and turn it into a bunch of different characters and letters and numbers that doesn't make sense and then when the user logs into the website we're going to take that bunch of random characters from the database and we're going to rehash it back into the original password and then check if it matches with the password the users have been when he tried to log into the website so we're not gonna have this specific password here as a binding parameter inside our statement instead right before we do this I'm going to go ahead and hash the password so I'm going to create a variable called hessed PWD I'm going to set it equal to password underscore hash parentheses and then inside of here we need to include two different it says we need to include the original password so going to say dollar sign password and then we need to tell what kind of way we want to hash the password in this case we're going to be using bcrypt which is the latest version of hashing bcrypt is always going to be updated because it automatically updates whenever there is some kind of security breach using bcrypt the people behind PHP always updates this hashing method so this will be much better than a lot of hashing methods today if somebody told you to hash using something called md5 or shout 256 and then your login system is not going to be safe it's very important you don't use those hashing methods because they are outdated and not safe anymore so you need to use bcrypt when you want to create a secure password hash so inside of here I'm going to tell that I want to hash it using a default bcrypt hashing method so I'm going to say password underscore default there we go and then I want to take this hash password and insert inside the database down here so now that we did this we just need to run the MySQL I statement execute and we don't actually need to have this last MySQL a statement down here because that is if we want to fetch information from the database right now we're just inserting into the database so this is all we need to do so not only did this the user just signed up inside the website so the next thing we need to do is we need to return them to the signup page with a success message so I'm going to say we send them back to the signup the PHP file with a success message that says something like well actually we could say sign up equal to success like so now before we test this out I do want to do one more thing which is to go down at the bottom here and I do want to close the statement that we created for these different statements up here and I also want to close my connection to the database this is not something you have to do when we connect our database using MySQL I it does automatically close afterwards but we still do it in order to save resources when it comes to PHP and MySQL so it's very important to be close it if you want to make sure that the website doesn't run unnecessary resources so if we go down to the very bottom here right after the second-last that curly bracket that closes off whatever statements we have up here now we probably should have done this at the very beginning because going down after we wrote all this code trying to figure out which bracket belongs to which if or else if or whatever statement we have up here it's a little bit confusing but just go and trust me that this is the place we need to insert this code so right after the second last bracket we need to go ahead and run a MySQL I'm underscore is TMT underscore closed parenthesis and then we want to insert the statement that we used in all the previous statements here the statement variable we we created which means that we're now closing off the statements then we also want to close the connection so we're going to say MySQL I I'll just go close and then I want to close the connection we have from inside the database file which is variable conn then as the last thing inside the website here if i go down to the very bottom here and create a nother else statement we could also go ahead and send a use of back to the signup page if they try to access this page without clicking the what he called the signup button from inside the signup form because room at the very top we did check if we had a is set signup dot submit which means that the code is only going to run if the user actually tried to sign up using the signup form so just in case they gain access to this specific page without clicking that button we just send them back to we just send it back to the signup page so we're just going to just send them back to the signup page like this so now we have to sign up script script done and we can actually go ahead and test this out so if we were to go back inside our website refresh and then go inside the signup form and say we want to for example say i want to create a username called Danny Danny nine four eight a which is a typical sort of username I'm going to create an email so I'm going to use my username toots emailed and I'm also going to create a password I'm just going to say test one two three test one two three sign up and as you can see inside the URL we get signup equal to success so if we were to go back inside our database and refresh it you can now see we have a new user inside our database table where the IDS set to one eye UID for the user is called Danny nine four eight eight the emails in here and has password is in here as well if you get an error here because it doesn't insert the the password into the database it is because you did not allow for enough characters inside this specific column so make sure you use the exact same SQL code as I did in order for there to in order for to allow the proper amount of characters inside this column here so now we signed up a user into the database the next part is how to lock in the user inside the database because we haven't done that yet okay so I'm back again I took a long coffee break because it hurts my throat if I speak too much want to make these long tutorials so I'm back again and while I was on my coffee break I decided to edit the first part of this video just as even made any sort of typos in that sort of thing I did actually make two typos one of them being one that you guys might have made as well so I'm just gonna go ahead and go through them before we get on to the next part of this tutorial here so inside the sign up that ink to PHP file that we just created here if you were to go back up to the error handlers and go to the password check where we do actually check if the two passwords are identical if you go inside the header function right after the error is equal to password check we need to make sure we include a ampersand right before we check for the username so error equal to password check and UID equal to blah blah blah so make sure you have that as well another error that you guys may not have I'm not sure of it is if you were to go inside the header file header dot PHP go down to the bottom where you have to lock out form I inside my code here inside my markup have the name attribute set to lock in death submit it's actually supposed to be lock out dad submit so just make sure you have that before you continue so now we have this wax it ready to get started on the next part what we're going to do is before we get on to the error messages that we're supposed to show the user when they try to sign up in case they make some kind of mistake or if they do actually succeed in signing up then we want to create some kind of error message or successful message inside the signup form now we're not going to do that just quite yet because I want to create the login script before we start creating the error messages inside the website because the login script is very similar to the signup script so while it's still fresh in our minds I want to get started on the login script before we do anything else so in order to create the login script we're going to just make sure we have everything saved and we're going to create a new file I'm going to save this file inside the includes folder inside our root folder and I'm going to save this one as login dot ink dot PHP now the login file is going to be very similar to the signup file if we were to go inside to sign up that Inc the PHP file and go to the very top you can see that we have a if statement that checks if we did actually click the sign up button in order to access this page in here we're going to do the exact same thing inside the login script so going into our login file I'm going to open up the PHP code just like this we don't need to have the closing tag because this is a pure PHP file and I'm just gonna go and create a statement that checks did we actually click or do we have a name attribute called login - submit inside this page here because if we don't have that you want to send the user back to the front page because he tried to access this page in a not legit manner so we don't want him to actually run this code inside the file here so inside is set function I'm going to go ahead and check for a post method so dollar sign underscore post brackets and inside of here I want to check for a login - submit now we're just gonna go and create the header function that sends them back to the front page if they did not get to this page legitimately we didn't do that immediately in the signup script when we started creating the signup script so I'm just gonna go to make sure we do that first so going to create an else statement here and inside the else statement I want to create the same functions as we have inside the side of scripts I'm just going to copy/paste one of these actually we can actually go and copy-paste the bottom one that might be better because it's more simple and I'm just gonna go and paste it in now I don't want to send them back to the signup page so I want to sit in the back to the index page with some kind of message now we're not really gonna create the message for the index page here we're only going to do that for the signup page because it's the same process so we're just going to do the signup page and then you can do there are messages an index page if you want to inside the if statement the first thing we're going to do is we're going to grab the connection to the database just like we did inside the signup script so I'm going to say want to require the DPH dot Inc dot PHP file I want to make sure we close it off you at the end and then afterwards I want to grab the information from inside the login form that the user tried to submit to us so we're going to say we have a variable I'm going to call this one mail UID and the reason for this is that when the user sign signs up into the website you want to give them an option of either using the username or the email to try to sign themself up with inside the website so if they decide to use the email at the username we need to make sure we can actually do that inside the website we're going to do that later so for now we're just gonna go ahead and grab the information so we're going to say we have a dollar sign underscore post brackets semicolon and inside the brackets we want to grab the mail UID I'm not sure what we call it so let's just go back into the head of the PHP file it is called mail UID so we're just gonna go ahead and paste it in here and then afterwards we're just gonna go ahead and copy paste and then we're going to change the second one to password and then we're going to change the post method to PWD at least a name for the post method so now we have both the username or the email and the password and the next thing we need to do is we need to go ahead and check if any of these were left empty when they used to try to login to the website it's the same process as inside the signup form so a lot of this you will find familiar from inside the signup form we just created so what we're going to do is we're going to go ahead and check one if statement I want to check if these were empty so we're going to run a empty parenthesis and again this is the spot where a lot of people make mistakes because they don't have enough parentheses or maybe they delete a parenthesis or something so make sure that all the parentheses are there when you do actually get what do you call when you get to this part and you receive an error so inside of here we're just gonna go and paste in the mail UID and then we're going to go and say or if password is empty and then is just gonna go ahead and copy and paste it in here then we're going to copy paste ahead of function down here because again this is a error message so we want to send them back to the front page with an error message if they did actually make a mistake and we're just gonna go and include something inside the URL so index dot PHP M question mark and then we want to say something like era it's equal to M T fields again I have my cheat sheet over in the side so I'm just gonna make sure we write this correctly and then we can also go ahead and send back what you call the the username or something in this case here when it's not a signup form I don't think you should send back information so but just if you want to you could send back the username so you don't have to type it in again again it's the same process as inside the signup form so if you want to do that just go and do that I'm just gonna go and send them back with an error message now what I want to do is I want to create a else statement again there's a lot of different error handlers you could possibly do here but right now I just think we need to go ahead and take if they left anything empty I think that's good enough for now now that we got to this point we just need to take the database to see if there is a use of the has this use the name or the email that the user tried to use when he tried to login to the website and then we need to get the password from that you sends out the database and check if it matches with the password the user tried to give us when you try to lock in that might have sounded more complicated than it really is but you will see it's very simple once we get started here inside the else statement I'm gonna go ahead and run a SQL statements that we want to send to the database so I'm going to say we have a variable called SQL double quotes inside the double quotes here I want to run a select statement and I want to select all from the users table just gonna go and make sure you write this correctly from the users table and I want to run it where UID users is equal to question mark because we need to run prepared statements in order for in order for this to me in order for this to be a secure system so we need to use placeholders and then run prepared statements afterwards now this is the poem need to think for a second because in this specific login system I want to allow the user to log in to the website with either a username or an email so we need to make sure we include that into the select statement down here so right now we want to check for a username or I want to check for a email users that is equal to question mark again it's the exact same thing here and then we just want to add a semicolon at the end here just by including the email users column inside the statement here we can go and take for either a username on email so it's very simple to do here so now that we have this what we want to do is you want to actually initialize a new statement so I want to create a variable called s TM T or something else I just like to call a statement because it makes sense then I'm going to write my SQL I'm on the score is TM t underscore ini T parentheses and then we just need to initialize this new prepared statement by referring to the connection we have inside the DBH file again this connection we have in here so going back into the login form or the login script I am just gonna go ahead and write variable con inside the initialize statement so we make sure rhiness initialize it with the correct connection then afterwards I want to actually run the SQL statement and at the same time check if it does actually work inside the database and we do that the exact same way as we did before so I'm going to create a if statement and inside the condition I want to check if it doesn't work when we run a my sqli underscore s TMT underscore prepare so we're preparing the statement by actually running the SQL string inside the database and checking if this specific statement to be created up here have any kind of errors inside of it that doesn't make sense compared to the database that we have if we do get an error it means that there's something wrong up here that they need to change so make sure you look out for that and I'm just gonna go and include the statement that's the first thing and the SQL statements that we actually want to run there we go so now that we have this we need to go ahead and create an error message if we did actually do this and it gave us an error because something was wrong up here so I'm just gonna go ahead and refer it back to the front page with a SQL error just so we know specifically what kind of error we're receiving here afterwards I'm gonna go ahead and run a else statement and then inside the else statement do actually want to grab the information that we got from this specific select statement up here so we're going to go ahead and run a MySQL I'm on the score is TMT underscore binds on the score param because now we want to pass in the parameters from the user that they gave us when it tried to login to the website into the database and see if we can actually get a result from this SQL statement up here so inside the parentheses here we first of all want to include these statements that we want to send it in with and then after what you want to tell it what kind of data that we're trying to send to the database right now it's two strings so I'm just gonna write SS comment and then we want to send in the actual data into the database so right now we have a mail or username that's the first one and then we have a password so I'm just gonna paste those two n afterwards we need to actually execute this specific are these specific parameters we just added here so we can actually get a result from the database so I'm going to run a my SQL i underscore STM team underscore execute like so and then I want to execute this statement up here to just bind it to these parameters over here so now we executed it we can now go ahead and grab the actual results and insert them into a variable we can then do something with afterwards so in the next line here I'm going to create a variable called result and I'm going to set it equal to MySQL i underscore s TMT underscore get underscore result prentices and then I want to actually get the result from the statement up here so right now all the information that we got from the database using deselect statement is going to get inserted inside this variable here now even though we have a variable called result that is that equal to the data from the database we can still risk that we didn't actually get any sort of data from the database meaning that dollar sign result is going to be equal to nothing now the reason for this is that the first take who did up here only checks if this statement works with the database it doesn't actually check if we got a result from the database so down here where we did actually run the actual data from the user into the database we need to run another if statement that checks if we did actually get a result from the database meaning is dollar sign result empty or is there actually something inside this variable here so the way we're going to do that is by saying we have an if statement and then in here I want to check if we have any sort of results and then I want to set it equal to a variable if we do actually have any result from the database so we're doing two things at the same time just like we did up here so inside the condition here I want to set a dollar sign row equal to a my SQL I'm on the score fetch underscore a suck which means that were fetching the data from this result variable we have up here and we're going to put it inside a associative array that we can actually use for something inside our PHP code because right now dollar sign result is just a raw data that we got from the database but we're needed to be a sort of format that we can work with in PHP which right now is going to be a associative array now if we didn't get any data from the database to create an error message so underneath the if statement I want to create an else statement and I want to go ahead and just include another error message just like we did up here and this time we could call it something like no user because there's no you say inside the database that matches the either the username or the email that the user tried to log in with and what I want to do here is inside the if statement I want to go ahead and grab the password from the user if we did actually have a user with that user name or email and then I want to take that password from the database and then I want to hash the password that you used to try to log in with and see if the two matches and that's basically we're trying to do here in order to tell if the user to correct user who tried to login to the website so inside the if statement what I want to do is I want to create a variable that I'm going to call something like password check PWD tick and I want to set it equal to password underscore verify and what this function basically does is like I said it's going to take the pass with the user tried to use to log in and then it's going to take the password from the database and then it's going to has to pass with the user tried to use and see if they they met together so the first pair am so we're going to heaven here is going to be the pass that the user tried to use to log in to the website and then the second parameter is going to be the password from the database of the user that the user tried to log in as so we're going to do is we're going to say we have dollar sign row brackets and then I want to say I want to grab the what is it called the PWD users column from inside the search result that we got from up here and then I want to check if the database password matches with the login password he tried to give us then afterwards what we have here is a true or false statement because password check is going to be equal to either 0 or 1 which is a boolean and we can use that true or false statement in order to check if the user should actually be logged into the website so I'm going to run another if statement here and inside the condition I'm going to check is password check equal to false if it's equal to false then we shouldn't love to use n to the website because it's not the right user so I'm just gonna go and send them back to at the front page with a error wrong password but if he is the right user then it's going to be a true statement so we're going to say we want to run a else if statement you could also run a else statement but I do want to make sure that we check if it's equal to true now you could argue that password check is either going to be true or false there's no other answer here because it's a boolean but in case some kind of mistake happens and password check is equal to a string or a number or something that is not a true or false statement then I want to make sure that we don't just run an else statement that is going to lock in the user because some kind of error happened inside our code so I want to make sure Ronnie else if statement in order to lock in the user down here then inside the condition I want to check is password check equal to true and then we can actually go and run an else statement down here that says in case some kind of mistake happened and password check is not going to be a true or false statement I don't know how it could happen but it's good to have because we need to make sure to cure then we could send a user back with the same error message just to have it here so inside the else if statement we want to lock in the use of to the website because the user just typed in the right username or the email and the right password so now we need to lock them in to the website what we need to do in order to do this is we need to start a session because the way to log in systems work is that we create a global variable that has the information of the user when he signed into the website and then we just simply inside the website check is the global variable available or is it not available so the type of variable do we want to store globally is going to be what is called a session variable so in order to have the session variable visible inside the website we need to start what is called a session so the way we start a session is by saying session underscore start right down here what we do actually create the login and then we want to set session variables equal to information we have about the user inside the database so what I want to do is I want to create a session variable by saying variable underscore session brackets is equal to and then I want to grab information from inside the database so just like we did up here when we grabbed the password of the user I want to set it equal to not the password but I want to set it equal to let's say the ID of the user inside the user table then I want to give the session variable and name so inside the brackets I want to call it something like let's call it user ID then I want to go and copy this paste it below here I didn't want to create a second session variable that could be called something like user UID so we also have to use a name so I can say UID users again decent names of the columns we have inside the database so if we were to go back inside the browser and like I said inside our database the names I'm referring to is the column names of our users table so ID users UID users email users and password users now you probably shouldn't save the password users inside your website because it's not really secure so just go and save informations that is not sensitive inside the website now we could also store the email of the user but I don't think we're going to use it inside the website so I'm just gonna go and store the ID and the UID of the user for now so now that we have this the next thing we need to do is to basically just need to take the user back to the index page but this time with a success message so we're going to say something like success or we could actually say login it's equal to success and then we just want to exit the script like you would at any any other time and now we do actually have a working login system okay so before testing is out added action notice I made a few errors so before we test out the locking system I do want to make sure that you guys don't have the same errors as I made I did actually make two errors inside the code here going back up to the top where we have D MySQL I statement by Prem function we need to make sure that the second parameter that the use of passed in is not going to be the password but the same variable as we used before because remember when we run in the Select statement we check for the username and the email we don't take for the username or email and the password we want to make sure we have the same Mirabal in both places the second thing we want to fix is that down here we have the if statement that says dollar sign row equal to MySQL I fish a suck you want to make sure we include the dollar sign result inside the function we have down here so we do actually get something so insert inside dollar sign row so having fixed those errors there's one more thing we need to do because remember I said that we have session variables we need to check for in order to tell if the users logged in or not in order to access seed assess in variables we need to make sure we have a session started on all the pages inside the website meaning if I were to go to the index page of the website which is the front page and try to log in when there's no session started inside the index page then we can't check if their session variables available to us inside the website so we need to go inside the head of the PHP file which is the file that is on top of all the regular pages inside the website and at the very top up here before anything else we're going to open up our PHP tags and then we're going to start a session to make sure that we have a session started on all pages inside the website so we're going to say session underscore start and there we go so now we do actually have a fully working login system if we were to go back to the website and try to login to the website we should actually get locked in to the website now there is something you need to do before we do that because if I were to go into the website and actually lock into the website that's access too much so it's normal right now we have two messages inside our index page we have one that says you are locked out and one that says you are locked in meaning that none of these are going to change if I'm logged in or if I'm locked out of the website so we need to make sure we do just have one message if we're locked in a locked out going into our index page I'm going to go down where we have our paragraphs and I'm going to open up the PHP tags like so then inside the PHP tags I'm going to create an if statement that checks if we have the session variables available to us inside the website if we do not have available to us then like I said what locked out of the website there's nobody locked in but if we do have decision variables then we're locked into the website so what I want to do is I want to create a is set function that checks if we have something available to us so I want to check do we have a dollar sign underscore session brackets not curly brackets for brackets and then I just need to check one of the session variable so I could just take for a user ID just to check for something then inside the if statement I'm just going to copy paste one of these paragraphs down here now we can actually delete both of them after we copy just one and I'm going to echo out one of these paragraphs inside of the if statements and then afterwards I want to run a else statement because if we're not logged into the website then I want to run another echo so I'm just gonna go in Cocke pace to echo now inside the if statement is going to be the message if we're logged into the website meaning that we're going to say you are locked in inside the else statement going to say you are locked out so going inside the website and refreshing you can see that right now it says you are locked out now I do want to point out I created another user because they couldn't remember the password for the first user in here so I created another one called test so I'm just gonna go and login with test and the pass for being test and then when I lock in you can now see that we get a lock in success message and we are also logged in to the website and the content changed on the pace depending on if you are locked in or not and believe it or not this is actually the exact same process that we use in order to change a lot of content inside websites when a user's locked in or not because like Facebook if you were to log into Facebook then Facebook changes quite a lot if you're locked in compared to when you're not logged in and it's basically done just by running a if statement that checks if you're locked in or not and then an else statement that shows other types of content if you're not locked in this is a very basic thing and this is how it change all the content on your website if you're logged in or not again I'm mentioning this because a lot of people ask me about how do you change content when you're logged in or not into a website and this how you do it so now do we have this we just need to create the lockout button because right now we're locked into the website but how do we lock back out again so before we create the lockout script I just want to make sure that if we're locked into the website we cannot see the login form inside the header if we're locked out of the website I want to make sure that we can't see the lockout button so going inside our header file I just want to go down to where we have the login and the lockout buttons I want to make sure we run a bit of PHP code so we're just going to open up the PHP tags and then I want to make sure that inside the PHP tags we do the exact same thing as we did inside the index page in order to show that message so I'm just gonna go and copy-paste the if statements and the else statement and I want to paste it in inside what we have here then I want to just replace everything inside the if statement with the logout form' because we only want to see the logout form' want with who actually signed into the website so I'm just going to delete it and paste it inside the first day I come up here and then I want to grab the login form and the signup button and just go ahead and delete them and paste them into the else statement down here just like this then if I were to save it and go inside the website refresh you can now see that the cursor locked into the website we only see the logout button so now we're gonna go ahead and open up a new file we're gonna save it inside our includes folder as lock out dots Inc dot PHP and then we just need to lock out the user inside this file here this is a very small file we're going to create we're just gonna go ahead and open up the PHP tags and then inside the PHP tags we're just gonna go ahead and run a session underscore start because we need to have it started in order to actually end it so we need to actually start the session and then we need to run a session on the score on set now with this function basically does is that it takes all the session reports were created when we locked in and it deletes all the what he called the values inside the session miracles so right now the ID and the username are deleted from those days and miracles then afterwards you want to actually destroy the sessions we have running inside the current web site so we want to say session underscore destroy parentheses and this is basically all we need to do here then afterwards we just want to run a header function because we need to take the person back to the front page and just go ahead and say want to include a location I set it to dot dot forward slash index dot PHP and there we go that's all we need to do so going inside the website refreshing clicking lock out you can now see that we're locked out of the website we have the message here that says you are locked down and we also have the login form and the sign up button up here so again just to test it we log in as you can see we're locked in and we lock out so it's very simple as you can see so now you have a fully working login system but before we end off the episode I want to create a few error messages inside the signup form when the user tries to sign up and he makes some kind of error or something so just to show you how to do that before we end off the episode I'm going to go inside the signup form and I'm just gonna go ahead and do something like I'm not going to fill in the username bum bum bum bum bum bum and as you can see we get a few errors up here we get error into fields a UID is equal to nothing because I didn't write a username and email is equal to blah blah blah so what I want to do here is I want to I want to go inside my signup the PHP file and at the place where I want to create an error message I'm going to open up my PHP tags so I think we should create an error message right below the h1 tag that says sign up so I'm just gonna go and open up my PHP tags like so and inside the PHP tag say we're going to create an if statement now if we get a error inside but you called the URL up here so right now it's error equal to empty fields then I want to run some error messages and I want to run a specific error message depending on the error so what I want to do is I want to check if we have a era set inside the UIL so I'm going to run a is set function then I want to check for eight dollar sign underscore get because when we have something equal to something inside the UL we can grab it using a get method and I'm just gonna go and check for a error inside the UL because right now when we check for something era is equal to empty field so we're just checking if we have this error get method inside the UL so going back inside our code I'm just gonna go ahead and create a specific error message depending on what era is equal to so I'm going to create another if statement inside this if statement and then I want to check if we have gets era equal to a specific string so right now we have empty fields so we can actually go and take for that one and if we have it equal to empty fields then I just want to create a paragraph that has some kind of misses in it now I'm just gonna go and copy what I have over in my notes because it's very little code and I don't want to just write it as you can see we just need to echo a paragraph and then write a message inside of it so right now wrote fill in all fields we're just going to show inside the website if I do actually refresh the browser so as you can see here we do get a error message the reason if styled is because it did include a class inside the paragraph and because I have a Stars you to text to my website I do ice to get a style so just go ahead start if you need to style inside your style sheet now that we have this we can actually run any else if statements so I'm just gonna say else if and then I just want to do the exact same thing but this time I want to check for something besides empty fields so this time you could take for invalid UID email and again these are just what we have inside these signup scripts over were to go in here go back up to the top where we have all the error handlers you can see we have empty fields we have invalid mail UID invalid mail we have invalid UID we have password check we have a bunch of different error messages in here that we get inside the UL depending on the error message we get from inside the sign of script so I'm just gonna go back inside our sign up the PHP file and I'm just gonna go and fill in all these different ones that we need to have depending on what kind of area we want to get and I'm just gonna go and copy them from over here so as you can see I'm basically just copy pasting and then I'm just changing the error message and then writing something else inside the website depending on the error message now what if we do actually get a success message instead of an error message well then what we need to do is we need to go down below the first if statement that we have up here we'll just take for a error inside the URL and we're going to create a else if statement so I'm going to say else if parentheses curly bracket and then what I want to do is I want to check for a whatever message who wrote if we did actually get a success message so if it were to go inside the signup script and go to the bottom you can see that if we do get a successful sign up we get a sign up inside the URL that is equal to success so I'm going to go inside the signup form and I'm just going to copy paste what we have up here so I'm just gonna call paste the get method and I want to check for a sign up that is equal to success there we go and then I just want to run another echo inside this else if statement so I'm just gonna go and copy and paste from over here inside my notes so I'm just gonna say want to check for what we want to run a sign of successful message inside the browser so if I were to go back in here refresh and say I want to I don't know say test one then let's go and actually run a proper email because otherwise we're going to get an error message and we're going to say test and test sign up and as you can see we get a sign of successful message inside our website here okay so this is how you create a basic login system inside a website and again there's a lot of things you can do to improve and do different things to a login system but this is how a login system basically works when you want to create one for a website so I will create episode where I teach you how to create a forgotten password system I will teach you how to create a user profile page inside the website I'm just gonna go ahead and get around to the episodes after this one and once they're ready I'm gonna go and link to them in the description of this video here now in case you got a error message during your tutorial here I will go ahead and include any kind of error messages and fixes for them in the description as well so if you get some kind of error missed it's going to check the description to see if my solution for it did help you out in order to fix your error so I hope you enjoyed this episode it is a long episode it is going to take me a lot of hours to edit this out because there's a lot of cuts in this episode because I I screw up worse than that sort of thing so I hope you enjoyed and I hope to see you in the next episode [Music]

Info

Channel: Dani Krossing

Views: 979,473

Rating: 4.9179516 out of 5

Keywords: how to create a complete login system in php, how to create a login system in php, login system in php, login system php, php login system, how to make a login system in php, easy login system, how to make a login system, how to make a php login system, php tutorial, php login, php login tutorial, login tutorial in php, learn php, php for beginners, simple php login tutorial, php beginners, how to make a login form, php, login system security, php login and register tutorial

Id: LC9GaXkdxF8

Channel Id: undefined

Length: 109min 36sec (6576 seconds)

Published: Wed Oct 10 2018