How To Create A OOP PHP Login System For Beginners | OOP PHP & PDO | OOP PHP Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video i'm going to show you how to make a login system using object oriented php programming now before we get started i do want to mention that this is not an html and css tutorial which makes sense since we're doing optic oriented php but if you want to have the html on css you can go to my patreon and get it from there just know that it isn't necessary to have my specific html css a login system like the one we're making in this video is going to work no matter how your website looks like so you could just make something very basic or maybe have a website beforehand it's going to work for every sort of website i also want to mention that this is going to be a basic login system that you can implement into your own website so if you want to add extra security to it like for example user roles inside of database or if you want to add extra error handlers you know it is not a perfect login system because otherwise the videos will be very long but it is a very good start if you want to have a login system that you can then implement into your website and then make adjustments to it so that is what we're going to be building in this episode here but i will go and leave links to things that you might want to consider in the description of the video so if any of you have anything else to add to that list just go ahead and write it in the comments and i'll go ahead and include that inside my description as well so we have this small library of you know different places we can go if you want extra security and learn about exo security when it comes to php now just to mention it since i know i will get asked about this we will be using object oriented php and we're also going to be using pdo in order to connect to the database regarding pdo i get a lot of people coming to my procedural php video telling me that oh you should be using pdo that's so much better but something that people don't seem to know is that pdo is for optic or into php so in this example here it would work but when it comes to procedural php we don't use pdo we use something called mysqli so for people who are a little bit confused about this mysqli works for procedural and for when it comes to optic or into php we use mysqli or pdo and i just want to mention that pdo isn't inherently better than mysqli it really depends on what exactly you're working with when it comes to databases and what exactly you're trying to build so i will go and leave a link the description for a place where you can see the comparison to mysqli and pdo if you want to see that either way as you can see in front of me here i do have a very basic website and this is exactly what we're going to be using for making our login system don't get fooled by the fact that it might look just a little bit pretty this is all html and css and the only thing that works on this website is the sign up form and the login form down at the bottom now just to kind of show you what exactly we're going to be making what i could do is i could sign someone up which i have done i have a couple of uses inside my database trust me it works and once you've signed up we can go into the login field over here and just sort of sign in with one of the users that we created so crossing one two three is my password login and then you can see up in the corner changes from uh sign up and log into crossing which is the name of my user and logout so if i were to click lockout it locks me out and then we go back to sign up and log in now these two buttons up here don't work i just wanted to have them up there so it could show you that we can change part of the website depending if we're locked in or locked out so it will change to you know the name of the user and lock out once we're logged in so now that you've seen the completed version that we're going to end up with let me go ahead and close it down and focus on the one that we will be creating together now like i said you don't have to have a website ready you just need to have the sign up form and the login form which i'll show you in just a second how i made so i'll go ahead and pull this out to the side and i'm going to open up my text editor which you can see over here and as you can see inside the text editor i have all the basic html that you should know by now how to make and i also have a style sheet that styles my website you know just to have something to look at but all that doesn't matter what do matter however is that we go down to the bottom and as you can see i have a very basic html section and then a basic section with my sign up form and my login form so all you need to have on your website is basically the form for the sign up and the form for the login so what i just highlighted here is all you need inside the sign up form we will have an action that is going to be where we're going to send this data once we sign up as a user and it's going to be sent to a page that is inside an includes folder that we haven't created yet so none of this has been created we will do that together we're also going to be using a post method because we don't want to show the data once we send it so once the user types in their username their password their repeated password and their email address we don't want it to be seen inside the url which is basically what we're doing with the post method so as you can see four inputs text type password type password type and a text type for the different four pieces of information if you want to include more you can do that like i said this is a basic login system you use to implement into your own login system on a website you don't need to have it spot on like i have it here you can make adjustments to it if you want to and then i also have a button at the bottom here that is just a basic submit type that has a name set to submit and then it just says sign up and then the login form is even simpler we have a basic form that sends the user to another page called login.inc.php we also want to do this using a post method we also have just two inputs so we have a text type called username and a password type called password and of course they have names as well so do double check that all the names and all the different inputs are there because that is going to matter once we grab the data on the next page and then i just have a basic button down here that is also a submit button so that is all you need to have when it comes to html you don't even need to have any css just this html and the login system is going to work with all the html that you have you may think i'm wasting a lot of time on this but a lot of people actually get really confused if i don't tell them that they don't need to have the exact same html and css as me like they think that it's gonna break if they don't have everything that i have in front of me here it's not okay you just need to have this form and this form then everything is going to work so with that said let's go ahead and go inside our root folder of our website now right now i am inside my htdocs folder so as you can see i have my root folder in front of me here i have a couple of different files i have a image folder which is just basically the images i'm using inside my website to make it look pretty again you don't need to have this folder it is purely to make my website look pretty so i have a background image and i have something inside this square here i also have a index page which is called index.php that is important and i also have a styled css what i'll do is i'll right click and i'll go ahead and say new folder and i'm going to create a folder called includes i also want to create a folder which is called classes the includes folders basically where we insert files that we don't actually see inside the website so you know how you have like an index page and you have a contact page and a cases page where like the user can like click back and forward to see the pages on your website that is not going to be that type of file an includes file is a php document that only has a script in it that is going to run that the user will never see inside the website the classes folder is going to contain files that are only containing classes we're going to be using in object or into php programming so that is basically what that folder is there for and it will make sense in a second once you do actually get into the text editor and start making these files so going back inside the text editor what i'll do is i'll go up and create a new file and i'll just go ahead and save this one and i'm going to save it inside my includes folder i'm going to call this one sign up dot inc dot php now something very important to point out here that also seemed to confuse a lot of people is that the dot inc part of the name is just naming that inc does nothing you could also just go ahead and say you want to call it sign up inc if you want to do that you could also call it sign up dash inc dot php if you want to do that it is just a way to name my files so i know that this is going to be a file that is included inside my includes folder if i were to make this a file that should be inside the classes folder i would call this one signup.classes.php okay so don't get confused about it it's just a naming convention that i have i'm going to say dot inc dot php i'm going to save it inside my includes folder now that i've done that i'm also going to create one for the login system so i'm going to open up a new file and i'm going to save this one inside my includes folder as well and i'm going to call this one login dot inc dot php just like so now these two files are going to be what we are going to send our data to once we click this sign up or the login button inside our login and sign up forms so once we send that data somewhere it is going to end up in here then we'll grab the data and then we'll do whatever code we need to do using php using the classes we're going to build in a couple of minutes from now so just basically files that handles the data that we send and then use them inside the classes that we're going to be building together so the first thing we need to do is we need to check if we actually accessed this file or this page using the submit button or the signup button inside the form because it is possible to go inside the url of the website and just type in the path for this file but we don't want people to access the file using the url we want them to actually hit the submit button or the signup button and get to this file the proper way so what we're going to do is we're going to open up the php tags we're not going to include the closing tags by the way we don't have to do that if we're doing a pure php file then i'm going to run a if statement that is just simply going to go in and check if we have a submit button set so i want to run an iset php build in method which is going to go in and say okay so whatever's inside the parentheses we need to check for that if that doesn't exist then we don't want to run the code in here so what i want to check for is if we have a dollar sign underscore post method which is a super global that we have inside php and i want to go ahead and check for something called a submit because that is what we gave the name for our button inside our form so as you can see we have the name set to submit and the name to submit down here so that is what we're checking for and i'll go ahead and grab the data that we send over from the form so want to say we have a variable called uid that is equal to we can actually copy this up here dollar sign underscore post then we just want to make sure we grab the user id or the uid from the form again the name inside the post method is going to be the exact same name that we had inside our name tag when it came to the html that is why those name tags are so important otherwise we can grab the data paste down four times because i send over four pieces of data and i'm going to change them to whatever they were called so pwd for the password pwd repeat and then the last one is going to be email so now these variables are going to contain the different data from the form so in order for you to understand this next part without confusing you too much if this is your first time making something like a login system using optic granted php we're going to go ahead and tag or write some comments for this so this is going to be grab being the data just so we know what this does go down below here instantiate sign up controller class and then this one is going to be called running error handlers and use to sign up and then the last comment is going to be going back to front page we're going to be inserting a little bit of php code in between each of these nodes and once we have all these filled in we're going to have a complete signup system and don't worry too much if you don't understand explanations of the different comments i will go through them when we get to them so in this first part we're going to talk about instantiating a signup controller class which basically means that we're going to be creating a object based off of a class that we haven't created yet and inside that class we're going to have all the different properties and methods that is going to allow for us to lock in the user into the website or sign them up into the website and that now means that we have to create a new document and i'm going to save it inside my classes folder and i'm going to call it signup.classes.php and then i also want to create a new file and i want to save it the same place and i want to save this one as sign up dash controller or just c-o-n-t-r dot classes dot php so now inside these two files we're going to be creating two classes so inside the sign signup the class is the php we're going to do all the database related stuff so if i want to run a query inside the database using php i do that inside the class inside this document here if i want to change something inside the database then i want to do it using the sign up controller class that we have in here just to have a little bit of separation of tasks that we have when it comes to optical into php so let's go ahead and start inside these signup controllers since that makes more logical sense when it comes to like the chronological order in which we're going to be using the code inside the classes so what i'll do inside my signup dash controller class is i'm going to say i want to start off some php code and i want to create a class and i want to call this one sign up controller with these particular capitalized letters as well then we're going to say curly brackets and then all the code for the class is going to be in here so all the properties and all the methods which is basically if i had to put it to someone who hasn't done optic or into php before it basically means that we're creating variables and we're creating functions inside this class here but we don't call them variables and functions we call them properties and methods instead because they're part of an object so to start with let's go ahead and create the properties and the constructor that is going to be part of this class here once we instantiate it inside the signup.psp file because remember i said we have to instantiate this particular class so we need to have the properties and a constructor to assign the data that we have up here to the different properties inside the class so going back inside our sign up dash controller and then going into the controller class we're going to create a property and i'm going to go ahead and call this one a uid and i'm going to just go ahead and set this one as private then i'm going to copy it paste it down four times because we have four pieces of data we have the username we have the password we have the password repeat and we also have a email now regarding the protection level that i decided on which is calling it private because we could call it private protected or public a good rule of thumb is to make your data inside classes the least amount of accessible if it doesn't have to be so right now the signup controller is the only thing that is going to access these properties so unless we get to a point where other classes need to access them without extending to this particular class let's just keep them private for now next i'm going to create a constructor so i'm going to create a public function underscore underscore constructs parentheses curly brackets and then we want to grab the data that the user submitted using the up form and assign them to these properties in here that is basically what we're doing with the constructor so when we're instantiating the class and creating an object we want to make sure that all these different properties have assigned something to them which is going to be the data from the user so inside the construct parentheses i'm just going to include my variable uid or the the property uid i should call it variable pwd and pwd repeat email like so and then inside the constructor we want to actually grab the data we get from the user and assign it to the properties now i just want to point something out which some people might get confused about the variables inside the parentheses are not these variables up here okay these variables are the properties inside the class these variables are the data we graphed in the user so now we need to say that these variables up here or these properties are equal to the data from the user once we actually create this object okay so inside the constructor i'm going to say that we have variable this and then we want to point to this property this is how we point to properties and methods by the way we reference to this class and this property inside this class okay and then we want to set this one equal to variable uid which is the data the user submits so i copy this paste it down three more times then i just simply change the names just to point it out because like i said some people might get confused i could call this one email address and then you know change it down here and this would do the exact same thing because like i said this and this are not the same thing and this is basically all we had to do with the constructor inside this class here so now what we can actually do is if i were to go inside my signup.ink the php file go down below my comment i can actually instantiate my class and create an object i know some people might be a little bit confused about what exactly we're doing with these classes if you're completely new to object oriented php just follow along for now and you will understand everything in time so in here i want to make sure that i actually link to these classes up here so i want to make sure we include and then have the classes included so we have a classes actually we need to go back one folder because we're inside the includes folder right now so we need to go back to the root directory and then inside the classes folder you need to go back one go into the classes folder and then grab the file called sign up the classes dot php and then we want to copy this line go down below and then we want to make sure we also grab the sign up dash controller so now that we included these classes i'm going to go ahead and instantiate the controller class by saying i want to create a object so i'm going to create a variable and i'm going to call this one sign up just something very basic i'm going to set this one equal to new sign up controller parentheses semicolon and now i'm basically instantiating the class i'm creating an object from this class and i also want to make sure i pass in the data that the user send us because that is going to be what we use the constructor for inside the class to convert to the properties inside the class so we're going to make sure we assign these you know we could actually just go inside here inside the class just copy and paste it in that is a little bit faster don't you think there we go so now that we're at this point what we want to do is we want to go inside the signup controller and any sort of error handling that we want to have inside our website when it comes to the sign up form is going to be a separate method inside this particular class here so if i want to make sure the username is a correct username type or the email is the correct email type if i want to double check that the password and the repeated password are the same you know these type of error handlers is what we're going to be doing in here and i'm not going to be doing all the different ones that exist on the internet because that would make this video quite long but you can go and just include more if you want to have more included for now we're just going to focus on the ones that i have prepared for this lesson here so the first thing i'm going to do is i want to make sure i want to check if there was any empty inputs when the user submitted the form so if i did submit my signup form over here but i left let's say the username empty then i want to make sure i grab that and say oh wait a second you didn't type in all the different data and then i want to throw an error message to say hey you need to fill in all the fields otherwise you can't sign up so we want to do that using a method so i'm going to create a private function which is technically a method since we're creating it inside a class and i want to call it something like empty input parentheses curly brackets now basically what i'm going to do with all these different error handlers is i just want to return a true or false statement if an input was not filled out i want to return as false if everything was filled out correctly i want to return it as true so i'm going to start out by creating a variable and we're going to call this one result just so we have an empty variable that we can insert the true or false statement into later on then i want to go below and i want to run a if statement and i want to make sure that inside this if statement we check if these inputs are empty so now what i want to do is i want to check if these properties inside the class are empty or if they're not empty because remember we assigned the properties to the data the user submitted so if the user didn't submit data then there's no data inside one of these properties right so what i want to do inside the if statement is i want to say i want to run a empty built-in php function and i want to say if this particular property called uid is empty then it's going to run whatever code is inside the curly brackets but we actually have four of these so we want to do this four times so i'm going to copy and i want to say or something else or something else you know so we have all the different data types so we have for the uid yeah for the password password repeat and the email i'm just going to go ahead and make sure we can see there's a multiple lines because it kind of cuts out in the edge here and i don't want to do that so it jumps down to the next line now if i get too far out could actually slide it over a little bit there we go so if any of these different properties are empty we want to assign results to false and then below here we want to say else curly brackets result is going to be equal to true and then at the very end here we also want to make sure we return the data so we want to return variable results like so and that is basically how we check for empty inputs now right now it is actually not checking for it but we do have the method ready we can call upon in order to check for the input being empty so what i want to do is i want to say do i have any other sort of error handlers i might want to use here and i do actually also have someone to check if the username is a valid username type and as you can see i just copy paste it from my notes here this method here does basically the exact same thing as this method we just created together up here the only difference is that i'm not checking for empty fields i'm instead checking if certain characters exist inside the username because i only want to allow these characters inside the username and again the prick match function is something you can look up online if you want to see what exactly it does it basically just checks a string for a particular set of characters and if something that is not included inside this fragments function like let's say a exclamation mark or a dollar sign or something that we don't want to have included inside the username then it's going to throw an error so inside the prick match we're checking for these characters and we want to check the username with these characters here and again we're referencing to the property inside our class and not you know the the variable called uid and it just so happens we also have one built into php that checks for email addresses being the right kind of email addresses so i'm just gonna paste it in here and as you can see it is basically a copy paste of all the other methods we just have up here the only difference is that inside the if statement i'm not checking for a empty field and i'm not checking for the pregmatch function but instead i'm using a built-in method into php and with this one i'm basically just going into saying that this email property that we have inside the class should be this type of email address filter underscore validate underscore email is just a default built-in to php way to validate an email address so you know this particular function here is how you would validate an email address without having to write your own custom code and then because we also have a password and a password repeat inside our form we do want to make sure that these two are the same right because otherwise it wouldn't make sense to have them write the password twice so going down to the bottom here i'm also going to create a method that is called password match and this one is going to do the exact same thing as the previous methods except inside the if statement we're not checking if password is the same as password repeat very basic stuff now there is one more error handler that we need to run but we can't do it just quite yet because i want to check if the username or the email exists inside the database already so if i signed up using crossing as my username or i have a particular email address i use then i don't want to have another user sign up with the same email address or the same username and that is something we can't do until we start writing code inside our database class which is going to be the model class that we haven't set up yet but now before we can set up the model class which like i said connects to the database we need to make sure we have a database connection that we can actually grab onto in order to actually run the sql statements inside the database so what we will need to do is we'll need to create a new file i'll save it and i'll make sure to save it inside my classes folder i'm going to call this one dbh dot classes dot php and this is going to be my database class that is just simply going to open up a database connection to our database so just to make this a lot faster i'm going to go to my controller class copy everything paste it in and delete all the methods we just talked about so all the way up till here actually we don't need these either so let's just go ahead and delete these as well and i'm going to rename the class as dbh with a big d inside my class here i'm going to say i have a private function and i'm going to call this one connects and this is basically just a method inside our deviate class here now do notice that we did not have to go in just like with our previous class and create properties and we don't have to create a constructor because we're not actually going to be creating an object based of this class here we're just going to create a class that has a very basic method inside of it that can connect to the database and then we'll refer to this method afterwards so inside this method i want to make sure that first of all we have the proper information for our database so i'm going to go ahead and run a try catch which looks like this it's just basically it's going to try to run this code up here and if there is an error it's going to catch the error and do the error instead in my example here i want to check for a pdo exception type error and i want to assign that error message to variable e which is just a default naming convention we use when it comes to try catch methods inside php so variable e is fine for now inside my try block i'm gonna go ahead and just say well right now i have a username and a password for my database right so i'm going to say i have a variable called username i'm going to assign it equal to root and i also have a password and i want to assign this one equal to nothing and again this is going to change depending on what kind of localhost server you're using some people need to write root both places but if you're using xampp like i am which is this one right here and you just have everything set as a default you didn't change anything it should just be root and then nothing for your password and then i want to actually run a connection so i want to say here that i have a variable and i want to call this one dbh because this is my database handler i want to set this one equal to new pdo parentheses semicolon and then inside the parentheses we're going to be you know running the information that it needs in order to connect to the proper database so i'm going to say single quotes and i'm going to say this is a mysql type database because we're using phpmyadmin and i want to say that the host is going to be localhost because that's what i'm using right now since i'm using xampp semicolon and then i want to say my database name is going to be equal to whatever name i'm going to pick inside the database once we get to it so for now let's go ahead and call this one oop login for example so once we actually get to create a database inside our phpmyadmin that is going to be the name we're going to create for it and then afterwards i want to include my username and my password so i'm just going to go ahead and copy them from up here so i have a username and i also have a password and then below here i just simply want to say i want to return my database handler because once we actually call on this method here it should return the database connection now inside the catch block down here i want to run whatever code i want to run if i get an error when it comes to connecting to the database and i do have some stuff for my notes here i just simply print out error and then i want to refer to the error message that we have up here so if we get an error it will be assigned to variable e and i want to grab the message that variable e has gotten and then i just simply run the message so this is just going to give us a error message and then it's going to kill the connection afterwards and with this we now have a database connection that we can refer to so going back inside our sign up the classes the php we can now start creating the necessary code that needs to be run inside the database that we haven't created yet so let's go ahead and go inside our browser and go inside phpmyadmin you should know how to access this by now and go inside databases and then i'm going to create a new one that has the exact same name as the one we gave inside our dbh method so i'm going to just paste it in op login create and then i want to go ahead and create a table inside this database because right now we don't have any place to insert our user once we actually create them inside the website so make sure you have op login selected on the side go up to sql let me actually go and zoom in and drag this out so you can actually see go inside the sql tab and then we're just simply going to create a create table query that is going to create a table called users then we're going to assign a couple of different columns inside our database table the first one is going to be users underscore id which is just the basic id we need to have for all tables inside our database i made this one a integer data type and i also made sure to auto increment it so whenever we create a new user it's just automatically going to increase the number by one each time so each user has a unique id inside the database this is also going to be the primary key for this particular user whenever i create one and it's going to be not null then i created another column that is going to be the user's uid which is the username and this one is going to be a tiny text type not null then we have the user's password which is going to be the one they submit and this one is going to be a long text type not no and then finally we have the user's email this is going to be tiny text not null make sure you don't have a comma at the end here because i see a lot of people get this error message if it's a last entry don't put a comment behind there now we're going to just say go and it's going to run the the table inside our database and as you can see inside our oop login over here we now have a table called users now there's no data inside of it so we can't see anything inside of it right now but we will create some data once we do actually have a working signup system so going back inside our signup.classes.php file we're going to go ahead and create the class that is going to be for our database whenever we need to query something so i'm going to just copy everything inside my signup dash controller class and just paste it in and then i want to delete all the different methods we have in here and this is going to be including our properties and the constructor we don't need to have those either so now we have this let's go ahead and change the name so it doesn't say signup controller but it says sign up and inside the class we're going to be creating the methods that we're going to use in order to quarry into the database now what we want to make sure we do here is we want to make sure we extend to our database class because right now we want to make sure we can use this connection here which means that we have to extend to that particular class otherwise we can't use any properties and methods from within that class so inside our class signup name i'm going to write extends dbh which is written with a capitalized d and something we have to change as well is that right now we can't actually grab the data from inside the database class as long as this is set to private but so we were to instead of private set it to protect it it now means that the database class can use these properties methods but if any class extends to this class then they can use it as well now the first thing i'm going to do inside the sign up class is i want to make sure that i double check if the username or the password submitted by the user already exist inside the database and we can do that simply by actually checking the database inside this class here and then sending that result as a true or false statement back to the controller so we can now do one of these error handlers that we have in here so going inside the signup class the first thing i'm going to do is i'm going to create a protected because remember we have to refer to this particular method from the controller so this has to be protected i want to run a protected function which is actually a method and i'm going to call this one check user parentheses curly brackets then i want to make sure that we check for first of all the username so the uid comma and the email now it is important to note here that these two variables are actually not variables they are the properties from inside the controller class so once we actually call on this method from within the controller class we need to paste in the properties for these variables here again if you're confused it's going to make sense once we actually get around to do it the first thing i want to do is i actually want to create a new statement because we have to make sure we run a prepared statement when we query anything inside the database because that is going to be more secure than just querying it without running a prepared statement so i want to make sure that we have a variable statement and i want to set it equal to this class and point to connect parentheses and you may notice something here because we're actually referencing to the connect method from within our function or the method we have inside the database handler so this method inside our database connection is actually what we're referring to here so we're grabbing the connection then i want to say with this connection i want to run a sql statement and query it inside the database so i'm going to use a method called prepare parentheses semicolon and then inside the parentheses here we're going to write whatever sql code we need to write to run inside the database now i just went ahead and pasted it in for my notes here but i will explain it so basically what we're doing is we want to say want to select users underscore uid which is one of the columns from inside the users table where user's id or the user's email is equal to something so basically what we're doing is we're checking if the username from up here that the user submitted is equal to any username inside the database and we're doing the same thing for the email address so we're checking if there is an email address that exists inside the database that is the same as the one that user gave us then we want to make sure we actually know this by running the statement here oh how nice it started raining nothing like a little bit of ambient sounds while i'm teaching and now basically with this we have a prepared statement that we can now execute into the database and actually get a result from so what i'll do is i'll go ahead and say i have a if statements because i want to actually make sure we also check if this one actually returns with an error message so if the you know the actual execution of the sql statement fails then i want to know about it so inside the if statement i just want to copy paste the statements and i want to say that i want to point to a method called execute parentheses and inside this execute statement we're going to insert the data that is going to replace the question marks up here because i didn't actually address the question marks basically when it comes to prepared statements we can go in and assign question marks instead of actual data so instead of doing this you know we're assigning a question mark and these act as a placeholder that we then later on can assign to this query and the whole idea is that we can actually run the query into the database first and then afterwards we can then submit the data that needs to be filled in and in this sort of way we can actually prevent sql injection into our database because we separate the data from the query so what i'm going to do now is i'm going to take the data and i'm going to assign it to the question marks now since we have more than one piece of data because right now we actually have a username and a password we need to insert this as an array because you know we have more than one piece of data so it has to be an array so what i'll do is i'll copy these put them inside the array and then i want to check if this one fails so i want to check if it returns as a false statement because this is actually going to be true or false depending on if it fails or if it succeeds so if this one fails by putting exclamation mark in front of it then i want to not run the rest of the code and the way we're going to do that is first of all i want to make sure i close off my statement so i want to make sure this one is set equal to null that is how we can actually just delete the statement entirely and then i want to create a header function which is going to send the user back to the front page with an error message so as you can see i simply send the user back to the index page and i did that using a error message called error is equal to statement failed and that is going to be what the url says back on the index page if this fails and then the last thing is i want to exit this entire script so i want to say exit parentheses semicolon the next thing i want to do is i also want to run an if statement and i want to check if we had any rows that returned from this query up here because right now we're just checking if this particular statement failed executing into the database but we haven't actually checked if we got any results back in the database now some people will tell you that this statement up here is going to return as false if the user does not exist inside the database um but i've tested it and it does not so you do need to check if you get any sort of rows returned from the database quarry meaning if we had a result then we actually grabbed the result and if we grabbed anything then this should actually be false so the first thing i want to do is i want to create a result check variable sort of dollar sign assault check just so we have it so we can actually return the result later on as a true or false statement then inside the if statement what i want to do is i want to grab the statement from up here i want to point to a method called row count parentheses and this basically just tells us how many rows was returned from this quarry here so if there was a user inside the database it is most likely going to return at least one user from inside the database so if this one is greater than zero then we want to set dollar sign results equal to false else i want to make sure that this one is going to set result check equal to true and then of course at the end here we want to make sure we return our result check so we say return result check and this simple method here basically goes in and queries the database finds out if the username or the email exists inside the database already and if it does we don't want to sign up this user here because the username or the email has already been taken so this is going to return a true or false statement depending on this so going back inside our controller what i can do is i can just copy paste another one of these error handlers go down a couple of lines and instead of checking if the passwords match each other i can actually go ahead and say i want to run this and point to a method from inside the signup form called check user parentheses and then we need to make sure we insert the username and the email because remember we need to have a username and an email inside the parameters so going back inside our controller we want to make sure that we reference to these properties up here so i'm just going to grab the uid and i'm going to paste it in as the first parameter and then for the second one we're pasting in the email and this is basically all the error handlers that i want to create for this particular system here of course there's a lot more you could create these are the ones that i just want to focus on so now that we have all the error handlers the last thing i want to do is i want to actually create a method that allow for us to sign up the user if none of these error handlers returns an error so what i can do right underneath the constructor inside my controller class is i can go ahead and create another private function and i'm going to call this one sign up user and i'm just going to go and delete everything we have in here so inside the signup user method i actually want to go in and i want to say if for example the first empty input so i'm going to say this and point to empty inputs is equal to false then i want to run some sort of error message inside the curly brackets so in this case here i'm just going to copy paste i'm just simply going to run a header statement that is going to send the user back to the front page with an error message inside the url called empty input which we can then use to output an error message inside our sign up form inside the website we also want to make sure we exit this entire script so just write and exit statements and now all you have to do is copy paste and do the exact same thing so the next error handler is called invalid uid we paste that in if that is equal to false it means that we now have a uh invalid username so we can actually write that as the comment here and we can just go ahead and write username as the error message inside the url and we're just gonna copy paste this one more time and we're gonna do the exact same thing so this time we have invalid email that's the next one we have down here paste that in and then we want to say invalid email and then do the same thing here we'll just write email inside the error message and that's just how you're going to keep doing it so i'll just go ahead and copy paste what i have here we have two more error handlers so i'm going to copy paste my password match and my uid taken check which is the the one that checks if the passwords are the same and the one that checks if the user or the email already exist inside the database so you can just sort of like copy my my little comments and you can also just sort of copy my error message inside the url for both of these two and now if you go through all of these and we don't catch any errors we can actually sign up the user so what i'll do is i'll go ahead and say i want to reference to this class and a method called set user and now we haven't actually created this one yet so let's go back inside our signup.classes.php because this is where we interact with the database remember and at the very top here i'm going to create another method and i'm just going to go ahead and copy paste the one we have already and i'm going to call this one set user then i want to make sure that we have the username we have the password and we also have the email because we need those three things in order to sign up the user and just to make sure the words don't go outside the screen here i'm just going to go ahead and word wrap it so it jumps down you can do that by going up to view and then going down to word wrap all right all set for the shortcut there so in order to sign up the user we need to do a couple of things inside this method here first of all we need to change the statement inside the sql statement here so we're not trying to select something from the database we're actually trying to input something into the database so what we'll do instead is i'm going to go ahead and paste in what i have from my notes here which is a basic insert statement we insert into a database table called users and then we want to include first of all the column names from inside that database and then afterwards the values that are going to be inserted into those column names and again we wrote question marks because these are placeholders because we're running a prepared statement and afterwards what we want to do is we don't want to execute this sql statement just quite yet because when it comes to database security we need to make sure that we has the password before inserting it so i'm going to go and do that below here i'm going to say we have a variable called hashed pwd oh my god this rain uh the rain is all over the place we're gonna write password underscore hash which is a built-in method into php that is going to allow for us to hash any sort of password or string that we might throw at it so with this i first of all need to tell it okay what exactly do we want to hash here we want to hash the password that we have inside the constructor properties and then we also want to make sure we include what kind of hashing method we want to use now as a default just write password underscore default like so and this is going to assign a very messy looking password to has password here that we are then going to unhash once we actually want to lock in the user so we need to match these up against each other so we're technically not unhashing we're just like hashing again and then checking if they're the same basically so what i want to do now is inside my execute statement which looks the exact same thing as the one we copy pasted we want to make sure we include three pieces of data instead of two oh i can actually see we do need to make sure it says array that is a typo also do it down with the other one make sure you do that um so we just want to copy paste them in like so but in this case here we actually want to replace password with hashed password because remember we want to insert the hashed version into the database and then at the very end we also want to make sure that we end off our statements and then we can just delete everything else and with this we can actually go ahead go back inside our controller and then we need to insert the properties that we're going to pass on to set user which is going to be these three pieces of data okay so the username password email so gonna go ahead and say we have first of all let's go and grab it up here a username which is a property then i also want to insert the password pwd and the email and you may not believe it but this is actually all we need to have in order to sign up the user inside the website everything should be working now so if i were to go back to my signup.ink.php file which is the one that we actually send the data to once we submit the forms we want to make sure we also include a database file because right now we have the signup class and the signup controller class but we also need to make sure we have the database class here so dbh.classes.php otherwise these other files down here can actually access these methods and properties from within the other classes it is also important that you have the database file first because the signup form needs to have something from within the database file so that needs to be loaded first and the signup controller needs to have methods from inside the signup class so that needs to be run first okay so this is important with the ordering and once we have this we can actually go down and with this new object we created called sign up we can go ahead and reference to a method we created called sign up user and again this is the exact same one that we have inside at the top here so sign up user that is running all the different error handlers and also actually running the code at the very end that is what we're running inside our sign up to link the psp file here and then the last thing we need is just to send the user back to the front page so we're going to say we have a header file or a header function and we want to send the user back with an error is equal to none message inside the ul to tell the user there was no error signing up so with this i can go and save it let's go inside our website and refresh [Music] now before we continue i did actually notice that i have three arrows inside my code and this is a very good time to talk about the fact that i'm getting a lot of comments underneath my php project videos from people who tells me that they copied my code exactly and they're getting error messages 9 out of 10 times it is because you made a typo or you wrote something wrong and you just didn't notice it just like i did three times just now so inside my code here i first of all inside signup.inc.php want to double check the password repeat has a capitalized r that is important also inside my signup controller class i want to scroll down to my sign up user method and i want to make sure this one is not set to private this one has to be public otherwise we can't use it inside our sign up that inked the php file right otherwise it can only be used inside the class also going down to the bottom i did not change the name of my last error handler so i do want to make sure this one is called uid taken check and do make sure this is the same name that you have when you go up to the error handlers inside our signup user function or the signup user method at the very last one here okay make sure you have that there is one more error that we need to make sure we fix because i have accidentally been leaving dollar signs in front of my properties which should not be there so let's go ahead and delete those whenever we have this pointing at a property make sure there's no dollar sign so it's fine here it's fine up here here we do need to remove them make sure we don't have them inside the empty checks also we don't want to have them up here inside the set user and also inside the actual constructor we don't want to have dollar signs okay and the last thing i just noticed here is that i don't actually extend my signup controller to my signup class which we need to do as well so we say extends to sign up and we also need to make sure we go inside uid taken check which is inside our controller class and make sure we check if this is not true inside the check user methods that were actually running inside the if statements and with this let's go ahead and go back inside the website and try and sign up so i'll sign up as crossing password123 test.gmail and sign up and as you can see we now get error is equal to none so if i were to go back inside my database you can actually see that by refreshing it we now have a new database entry with a new user inside the database so with all those arrows fixed i have some good news which is the fact that right now we just did the hardest part of this entire login system because the easiest part is actually locking people into the website and the more complicated part is actually setting them up into the website so what we're going to do now is we're going to go ahead and create the login part which is much more simpler and much more fast to do so i'm going to create a new document i'm going to save it inside my classes folder and i'm going to call this one login dash controller dot classes dot php then i'm going to copy paste my controller from inside the sign up form copy it paste and i'm just going to delete all the different error handlers that we have down here at the bottom except for the one that actually checks if we have any empty inputs so i'm just going to delete everything else and then i'm going to also delete the part where we check for password repeat and the email because we don't need to have that so just going to delete so we only have the uid and the password i'm also going to go and delete all the error handlers inside the signup user method that we have up here so we're just going to delete them all except for the empty input check that we have up here when it comes to the properties we're also going to delete the last two because we don't need those we just need to have the username and the password i'm also going to delete the two inside the constructor so we're just going to delete those make sure we also delete them from up inside the parentheses and then we're going to rename the method from sign up user to login user and instead of signing the user up inside the website using the set user method we have down here instead we're going to create a get user method so we're just going to go ahead and change the name from set user to getuser and we're also going to go and delete the email because we don't need to have that inside the parameter here and with this we now have everything we need to have inside our controller class and of course if you have any other error handlers that you want to check for you can just go ahead and copy paste this one and include it inside the if statement and then include them inside the login user method but just with this tutorial here this is everything we're going to have so with that we're going to create a new file and i'm going to save this file inside my classes folder and i'm going to save it as login dot classes dot php and with this one we're also going to go ahead and just copy paste from signupclasses.php so we're just going to copy paste it in i'm just going to change the name from signup to login and we do also need to go back to the controller class we forgot to change these up here so we want to say instead of signup controller this one is going to be called login controller and then we want to extend to login which is the one we just created up here so with this created we basically just need to create one method that is going to go in and lock in the user it is going to be a little bit longer though than these that we have here so it is probably going to be the same length of these two combined but let's just go and delete the second one and just focus on the first one up here so instead of set user i'm going to change this one to get user i'm also going to go ahead and delete the email from in here because just like if you were to go back to the controller you can see that right now we're just referencing to the uid and the password so we need to make sure that that's the only two inside the parameters i'm just going to go in word wrap so we can see everything the first thing we need to do is we need to go inside the database and just grab the user that the user is trying to sign up with with the username and grab the password from that user because we need to check that password from the database with the password the user has tried to submit so instead of doing an insert statement we're just going to do a select statement and this one is just going to select one column from inside the database called user's underscore password from users where the user's uid is equal to question mark and user's email is equal to question mark and these question marks again are going to be placeholders that we're going to include a little bit later on so i'm just going to go ahead and delete our password hash here then we want to make sure to execute the statement and we don't want to execute three different parameters we just need to have the password and the username and again this is just checking if we have any kind of errors when it comes to executing this statement inside the database and once we've done this we want to do the same thing where we go in and we check for how many columns or how many results are we getting from this query here so i'm just going to copy paste because this is something we have done before paste it in so basically what we're doing here is we're checking if we have zero results from the database then we want to throw an error message because we're trying to get the user now so if we don't get the right user then we're not gonna be able to log in so if we don't have any results in the query we just simply say we want to end off our statement exit the script and return the user back to the front page with an error message afterwards we then want to take the password if we did actually have a result and we want to take the password from the database and we want to match it with the one the user gave us so the way we're going to do that is we're going to say we have a variable called pwd hashed and we want to set it equal to the statement that we have up here and we want to point to a method called fetch all which is a built-in method into php and then what we can do is we can say okay how do we want to return this data like in what sort of shape or form do we want to have it and in this case here i want to say that we want to grab this as a associative array so i'm going to say pdo colon colon fetch underscore sock which is going to return it as an associative array and yes i do know that this is something that we can set when we do actually create the connection to the database up here there it is possible to create you know different uh optional parameters for how we want to connect and return data but for now let's just go and do it directly inside this one statement here then with this i'm going to go to next line and i want to say we want to check password so i'm going to take the two passwords and check against one another so i want to say is equal to password underscore verify which is a built-in method we have inside php and the first parameter is going to be the password that the user has submitted so we're just going to paste that in and then we want to get the one from the database now in this case here we're actually getting the data that we query it for inside a associative array so what i want to do is i want to say that we have our password hashed i want to paste it in and we actually want to say that because this is a multi-dimensional array that we want to go inside the first dimension of results and remember when it comes to programming the first one is always going to start at zero and then one and then two and it counts up that way so we want to get the zeroth index is what we're calling it and then we want to grab the associative array that has a name set to users underscore password and this is the exact same name that we have as a column name inside the database so where to go in you can actually see that the users have users underscore password here set to the name for that column and this now means the text password is going to return as true or false it's going to be true if these are actually the same passwords and it's going to be false if they're not the same so what we can do is we can run another if statement i'm just going to copy the one we have up here go below paste it in and instead of running this particular statement i instead want to check if check password is equal to false because that means that the passwords are not the same so what we can do is we can then return another error message this one is just going to be wrong password and then we can say else if check password is equal to true then i want to start locking in the user and we do that first of all by actually going back up here copying the statement with the sql code and the way we need to do that is actually by doing the exact same thing as we did up here we're going to take the statement with the sql code and we're going to prepare a new prepared statement so we're going to go into the else if i'm going to paste in my sql statement here but of course this time we're going to check for something different this time we're going to check for everything from users where the user has a username that is equal to what the user submitted or the user's email inside the database is equal to what the user submitted and the reason i have this included is because in some cases some of you guys might want to allow the user to either log in using their username or the email address and in this case here we actually allow for both so you can use either the username or the email address which is kind of neat it does confuse a little bit because we're going to have to use uid for both checking username and email but this is how you would do it and then of course we also want to make sure we check for the password so we have user's id or user email and we want to make sure the password is the same so with this we go below and then we just simply run a execute statement so i'm just going to copy it from up here copy it below but this time we have three parameters so we want to check the username the email and the password and like i said the username is going to be the same when it comes to the email here because the user is submitting either the email or the username and no matter what the user submits is going to be inside uid so that is going to be what we insert into both of these here and then below we can actually go ahead and lock in the user so the way we do that is first of all i want to check did we actually get any results from this database query because what if we actually run through all of this code but the user wasn't actually returned to us so what i can do is i can again just like before do a row count if it's not zero then we want to continue and actually lock in the user so underneath the row check i want to say that i have a variable called user i'm going to set it equal to the statement so variable st mt i'm going to point to fetch all just like we did above parentheses semicolon and of course i also want to make sure i get this as an associative array so we just want to copy what we have in here like so and then we just simply create a new session underscore start parentheses because we need to start a session before we can assign session variables into the you know the session that we have going inside the website so we need to start a session and then i'm going to say we have a session super global this one is called user id and i'm going to set this one equal to user which is up here which is the one that contains all the data from the database user and then the zeroth index just like we did above and then we reference to whatever column inside the database we want to grab so in this case here i want to grab user's id or user's underscore id and then i'm just going to go ahead and copy paste and then i want to do user uid like so i'm just going to take the ending off statement down here i'm just going to move it inside what we have going here so with this all the classes when it comes to the login part should be working so let's go back to login.inc the php which is going to be the one we actually submit the data to when the user clicks submit on the login form so i'm going to copy everything from within signup.inc.php paste it into login.php i'm just going to change some of the information in here so we don't want to have password repeat in email we don't want to have our sign up classes but we want to have log in the classes and the same thing for login controller we also want to make sure we have the log in controller when we create a new object down here so log in also make sure you delete the last two parameters inside of it as well and then we of course want to change them inside our actual method down here that we're calling upon so we're not calling for sign up user but log in user then if we were to go inside our index page which is where we actually have the form we can do something really quick to test out if this is actually working inside the website so if i were to go up to my navigation this part right here is what you can see up inside the top right corner of my website so what i can do is i can actually go ahead and with php say if i'm logged in change this information into something else which in my case is going to be the name of my user that is logged in and also a log out button so what i can do is i can actually go ahead and copy what i have my notes here because this is actually very simple so with this here basically what i'm doing is i'm starting up my php tags and i'm saying that i have an if statement where i'm checking if i'm currently signed in and have a session id running inside my session then i want to have this navigation here showing if i'm not logged in then i want to have this navigation here showing that's basically all we're doing here don't get confused by the fact that i'm opening and closing my php tags constantly we could also if we wanted to remove all of this like so and just run regular php code but the reason i'm not doing that is because i would actually need to echo all of my html code each time so instead i'm opening the php and then i'm writing the php code that i need which is write down if statement with the opening bracket then i close to php insert the html open my php again and then i close off the bracket so this right here is an if statement okay it's just done in a way so that i can actually write html without having to echo it out each time and then afterwards i just have a basic else statement that is going to say if i'm not logged in then show the regular sign up and log in button that i have up here as a default so with this saved we should technically have a working login system well we also need to have a lockout button so let's go and make that really quick so i'll make a new document this one is very easy to do it takes literally one minute to do if i'm fast about it so inside my includes i'm going to save this one as logout dot inc dot php and then i'm just simply going to open up my php code i'm going to start a session so session underscore start parentheses because we need to start a session in order to destroy a session so right now if i'm logged into the website i have a session running so in order to destroy that we need to start it up first so i'm also going to copy paste two times the second one is going to be session underscore unset to unset all the different session variables and then the last one is going to be destroy and then underneath here we're just going to send the user back to the front page and we can just do that by copying the header we have inside the signup.inc the php file and paste it in with this we should be done so let's go ahead and go inside the website refresh i spoke too soon because there's actually one last thing we need to do in every single page inside your website you need to make sure there's a session running at the top of the page otherwise you can't see whatever you need to see when the user is logged in so at the top of our index page i'm going to run some php tags opening and closing and i'm just going to go ahead and start my session at the top of my index page like so with this we should now be done so going inside the website i'm going to refresh and i did actually try to lock myself in so i am logged in so i can just lock myself out again and now i can try and go down log in as crossing so crossing one two three log in and now i can see i'm locked in as crossing and we have a lockout button instead so i can click it and then we lock out again and this is basically how we can create a login system using object-oriented php and again like i said at the beginning it is meant as a starting thing we need to like take this login system and tweak it in order to add extra security to it or add extra error handlers you know so you can actually catch something like the password being too short or something so this is how you can create a basic login system i had way too many typos in this video so i hope you could follow and it wasn't too confusing i'll go ahead and leave notes so you can actually see what is going on when whenever i do a typo so you know do what the note says on screen and not what i'm writing when i actually get to a typo so so with this i hope you enjoyed this video and i will see you guys next time you

Info

Channel: Dani Krossing

Views: 26,389

Rating: undefined out of 5

Keywords: how to create a complete login system in oop php, how to create a login system in oop php, login system in oop php, login system php, how to make a login system in php, how to make a php login system, oop php tutorial, php login, php login tutorial, login tutorial in php, learn php, oop php for beginners, php, login system security, php login and register tutorial, oop php, oop php login system for beginners, oop php login system from scratch, oop php login system tutorial

Id: BaEm2Qv14oU

Channel Id: undefined

Length: 69min 58sec (4198 seconds)

Published: Tue Oct 12 2021