Login System Tutorial with PHP and MYSQL Database

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys what's going on it's clever tikki welcome back and in this video we're going to learn how to create a fully functional login system in PHP including user registration login forgot password or reset password functionality and gonna be able to log in here and we're gonna have a profile page gonna be able to log out and all of that is gonna work so let's go ahead and get started so first of all what you want to do is download the source code for the system it's included in a description in this video and it's called login - system that zip so when you first download it here's a here's a file that you download login system you're going to go ahead and go ahead and extract the file into your Apache root directory and once you extract all the files you're gonna have a log in system folder with all the files and source code included okay so all these files the PHP code is already typed up and the system is basically ready to go we just need to modify database settings and create the actual database using the SQL but if you prefer to actually type the PHP code yourself you can I've included this new folder here and all these files they have HTML in them but they're missing the PHP code so this is in my opinion it's a good way to learn PHP by typing the actual PHP code yourself so if you want to follow this video inside the code PHP go ahead and do so by by using this folder this new folder here okay before we move on and create it out a base and all that let me just show you something here if you open up the image folder and click on the login system chart this chart that I created is gonna give you a good overview of how the login system works and where all the files are what the function what the main functionality of each PHP file is in a system where the mail has been sent out and just how the whole system is interacting and how the all the PHP files are interacted in the system okay so I've labeled all them or most of the PHP files in yellow so you can see where they are I also have messages in green so those are the messages that are gonna be displayed and as you can see for the air and success pages all they're gonna be doing is displaying the error and success messages for us now from the index page which is the main page a user can take three actions registered login and they can go to forgot that PHP page where they reset their passwords so for the register by the way the gray text is the main functionality of the file so for the register page it sends the calendar application link it's it adds the user to the database and it generates unique hash now you can also see how the files are connected so from register they go to profile page which is where the user is redirected right after registering and from the profile page that can go go to logout which is what they can just click on the button and they'll be logged out in green you can see all the messages is gonna be displayed so for example in the profile page you're gonna have a account not verify message when they use the first registers and it's also gonna show it's gonna display the confirmation link sent message once okay so same way for the login and profile and you know you can see here what the login page does it verifies credentials and sets the login to true and you can see how that's all connected now the important part here is verify that PHP and reset that PHP and I've well I've gotta had to label them blue because they've been sent through the mail so they're kind of unique that way but I just wanted you to know where they are in the system and how they're connected so from the register page you can see that one of the registered page functionality is send activation sent account verification link and that's where the verify that's how user will access verify that PHP from from the email message and in the same way for God that PHP has a send password reset link and that's how they get to the reset that PHP page and from the reset PHP page is gonna have a different form action which they will [Music] basically direct them to reset underscore password which til then make sure the passwords match and update the password in the database so I've just created this chart you can look back on it as we as we move along this video and all the code so you can see the big picture and how the files are interacted and hopefully this will clear up some confusion ok so there's also two other files inside the image folder one of them is MySQL and this is just a basic review of how the MySQL works and especially you want to understand sessions so you understand that we start a session with a session start function and we're able to access session variables on another page and we can also call session destroy' to remove session and unset session variables and that's how we're gonna be logging out so make sure you understand our sessions work because we're gonna be using them a lot in this video ok so anyway once you have all your files let's go ahead and create the database along with a user's table so there's two ways first of all you can open up this SQL file you can copy this text go ahead and open up the command prompt and connect to your MySQL and then you can just right click here to paste the code I already have this database created so and I have the users table created as well and I should just go to my PHP at my admin and I'm gonna log in here go to accounts and you can see that my users table is already here I'm gonna delete this user and if I go to structure you can see that all the user feels have been created which are the main ID first name last name email password hash and active so that all worked and an alternative way to create this database and user stable is to run this PHP script I've created for you guys just make sure to fill out the user and password and then just run the script and it'll do exactly the same thing as you can see it's creating they counts database here and it's also creating the users table with all the fields that you just solve from the PHP myadmin okay so once you have your database and you have your users table we're pretty much pretty much ready to go let's just go ahead and I'm gonna go ahead and create a new project in that beans actually I already have it created but I'm gonna delete it so I can show you what's going on okay so I'm just gonna remove this project and file new project PHP next you're gonna call the project login system and on their sources folder I'm gonna navigate to localhost log in system select that folder it's gonna let me know that the projects folder project sources directory is not empty that's fine i'm gonna click finish and right away it's gonna open the index dot PHP but first we need to open up the DB dot PHP and make sure they use your name and password are both set mine is set so it's all ready to go now I can press shift f6 to run this and and this is a fully functional form that's gonna show up here so you can go ahead and test this out by a registered name user I'm gonna register mine here just to show you what's going on just to show you that in fact it works and it does it lends me on the profile page and it's got the confirmation message and the account not verified message because I haven't verified this account yet and remember this is exactly what was showing up on our chart from the register we went to profile and on a profile we got these two messages letting us know that the confirmation link has been sent and that the account is not verified okay so that all works now let's go behind the scenes and see how how the magic happens okay so first of all we're including their database PHP file which is our which is our database connection sayings we're also starting a new session so that the set so that we can create new session variables okay so he down here not sure why this icon is showing a loading thing but let's just keep going okay so first of all we we check that the form has been submitted with a method post and if you look down here the forum action method equals post so when this file is submitted it calls itself and this PHP code is executed because the method is posed now you can also see here okay so if post login is set then we want to require the code from our login page which is the login process and if the post register is set then we want to include our register dot PHP file which is the registration process here ok so how does it know about the post login and post register variables easy if we look down here on their login form we have a button named login and that's the that's how it knows that this variable is set so it's able to access the post login and so the same thing for the registration form has got a button name register down here okay so based on which form is being submitted we include different code so let's examine oh my god this this icon is really annoying I don't know why hole what's causing this it's like something is loading I'm not sure what it is anyway um okay so let's examine in the register dot PHP first okay so we set all the session variables from our post variables so that we can use them on the profile page and then we get ready we basically use escape string function to to escape all of our values to protect against the SQL injections and so these are all the values that are we're going to be inserting now the two that I want to explain are the password and hash variables okay so passwords for security reasons passwords can't just just be inserted in the MySQL database because that's not secure so we first must hash the password with a password underscore hash function which takes in the parameter for the parameter one it takes in the raw password that user entered and then this is the algorithm it's gonna use called password decrypt which is gonna basically it's gonna what it's gonna do is create a random string out of the password and that way it will be secure also we want to generate a new hash key which is gonna take in one function called Rand and this function is gonna generate a number between 0 and 1000 and then it's gonna use md5 to generate a unique hash from that number okay so if I output the password variable here and hash and then I'm just gonna terminate the script I'm gonna click Save I just want to I just wanna show what these two variables look like so you can just quickly understand what's happening sir enter something random here random password okay so these are the two variables this is our password and this is our unique hash key and as you can see they're just a bunch of random letters and numbers and you're gonna find out what the hash is for later on as we verify the account and reset the password we're gonna use that a lot and basically this is a safe way to store the password inside our database okay so hopefully that makes sense let's go ahead and go back to register delete this okay so next check if the user here with that email already exists obviously we want to check if the user already exists before registering them so we run a simple Kure select from users where email because equals our email and this result is gonna be the result object and it's gonna have a property of numrows now if the numerals is greater than zero then immediately we're gonna know that the user with our email already exists and if that's true which is gonna say we're gonna set the session message and we're gonna say user with our email already exists and redirect them to the error page and at that point the script ends okay and the reason we're able to connect to the database and use our session on this page without including them up here is because we've already included them on the main index page and since the register dot PHP page has been included from the index page then we no longer need to include it here we no longer need to include database and say session start here because it's already been done and it's like register page is already here on the index page okay so let's move on here if the user doesn't exist then we want to create an insert kiri or insert SQL to insert all of our variables into the database and this is exactly what we're doing here now since the active is 0 by default we're not gonna include it here is gonna do it by itself then we're gonna run the Curie by using the Curie method of MySQL and this is the SQL that we're inserting and if that goes all well then we want to set session variables like active equals zero because well because the user a newly registered user hasn't activated their account yet so we're just gonna set that to zero and then the logged in we're gonna set the true because the user is gonna be logged in and for the message we're gonna say that confirmation message link that we saw earlier okay so once that's done we're just gonna need to send the email a verification email to the user which is this down here and basically the mail function is what does all the magic takes him a parameter to which is the email where we're gonna be sending our message which is gonna be the user's email subject account verification from clarity key and the message body is gonna contain our link and you want to make sure to change this URL here if you're gonna make it work on your computer or wherever you have uploaded the script to but here's the magic part verify that PHP as you remember from the chart again verify PHP is right here and it's access through sent account verification link which is exactly what's happening here and we also include email and hash variables in the URL by by specifying email and hash and then the actual variables that we have for the user okay so that's how it's gonna verify there's gonna have that that's good that's going to have the verified PHP URL in the email message and now we just redirect the user to the profile page now here is what the actual verification is going to look like so hello Vladdy thank you for saying it now please click click this link to activate your account and then this is the verified that PHP with email vladat clarity comm and hash which is the unique hash and if I click on it it's gonna say success your account has been activated now if I go home and I real aughh in now it says your account has been activated and the annoying message about account activation is no longer showing up so I can go ahead and log out and the log out also works so that's so cool it's all working let's go back to coding now and let's actually examine the verify that PHP now ok so here we're requiring the database and starting a session and now what we're doing here is we're making sure that that we're making sure the thing email and hash variables are set and that they're not empty so those are the variables that are being passed along in the verify link so if we just accessed we just want to make sure that somebody is not doing something like this you know if they just enter the verify PHP we want to redirect them to the error page and I'm gonna say invalid parameters provided for the account verification which is which is the message here and this message is happening because because the variables are empty okay anyway moving on if the variables are in fact set then we want to escape them for security purposes and then we want to check if the user with an email and that unique hash that's what the hash is for if if the email matches the unique hash which is stored in a database and the active status is 0 then then if the result equals zero then the user has already been activated or something went wrong so we want to display an error message but if if the Rose is not equal zero well it's gonna be if it's not equals zero then we want to say your account has been activated because our Curie has been successful and then we want to set the active we want to update the database and set to active to one where the email equals our user email and then we also want to set the session active to one as well because we don't want to be showing any messages about account activation upon successful account activation okay so if we look at the database here and I go to browse and this is the user that I've just registered so you can see that a user has an email password and the unique hash so when we match the hash which is a unique number here an email we ensure that this user is in fact trying to activate their account and then we set active to zero to one so this is what this code is doing here so hopefully you can see where the hash what the hash is for it's a unique string and we're matching it with the email to make sure that we're in fact very fine that user that wants to be verified okay so anyway then we redirect to the success page and that's that completes the verification process for our user now let's move on and look at the login okay so in case our form our login form has been submitted this is the login page so so the first thing we're doing here is we're basically setting the email variable and we're escaping it before running SQL Curie on it and we want to check if the user already with that email exists before logging in a min because if they don't exist well we don't want to log them in so so if the result returned numrows equals zero then we want to say user where that email doesn't exist if it's not equal to zero then the user exists so here what we're doing is we're storing the user data inside of a user array so if I go ahead and print out the user array let's see what its gonna look like here I'm just gonna try to log in with my email and password okay so so this is the array with all the user data and as you can see it's got all the keys like ID first name last name email password hash and active status so that's awesome now we're ready to work with this user array and that's where all these variables come from here including email first name last name and active so basically that happens by calling a fetch associative function so it's fetching the from the result that's returned result is an object and the fetch associative returns that object and puts it into associative array and that's exactly what our user variable become becomes it becomes an associative array with all the data with all the user data in it okay moving on here we verify the password with a password verify a function and what it does it just matches the two passwords together so we make sure that the password entered equals user's password which lives inside the database then we set all the session variables that we're gonna display on a profile page upon successful login like user email first name last name and also the active status we also set the session logged in the true so that we know the user has been logged in and finally we ready direct them to the profile page if the password entered has been wrong by the way so if this if statement fails else you have entered wrong password redirect or error page so that's the functionality for the for logging in just gonna head and login here and refresh the page and now we're showing the first name last name and email and we also have a logout here okay so that works now let's keep going here and okay so that's the registration login and account verification and and okay so the error page and the success page I just want to show you this real fast okay so the error page all is doing is displaying all the error messages and the success page has exactly the same code with the exception that is called its title is success and the heading is success and in the error page its title is error and its head heading is error and always doing is displaying a session message and we first make sure that the session message just said it's not empty and if it's empty we just simply redirect back to the home page so that's the functionality of error and success that PHP and again this is exactly what we have here on the chart okay finally let's go through the password reset functionality starting with the forgot that PHP page which is where the user lands after clicking on a forgot password link it sends them to the forgot that PHP page which asks them for the email address and again this is the first step here forgot a peach piece and password reset link and then once the password link has been sent the user is gonna end up on the reset that PHP page and that's the functionality of our forgot a PHP page so it's gonna send this reset that PHP link through the URL in the email as a link okay so we require the database we start the session variable we make sure the form has been submitted with a post and then we set our email email variable and escape it from the post which has been submitted then we make sure that the user exists by by running a simple SQL statement select from users where email equals email which has been entered in the form which has been entered in this form okay so we make sure the user exists if they don't we want to redirect them to the error page if the user exists then we do the same thing we store the user inside of a associative array called user and then we have all our variables so we just set all these variables because it just makes it easier to read next we set the session message to display on the success that PHP page and it's gonna say please check your email for confirmation link to complete your password reset okay so we're gonna do this right now I'm gonna enter my email I'm going to click reset and it read directed us to the page with this please check your email for the confirmation link message so so this is our session message and then on the success page we're displaying the session message on our success page here because that's where we're a direct in next after all this code is completed and the final part here is of course the email which again uses the meet mail function takes any parameter to subject and message body and this is where our URL for the reset is being constructed so again make sure you replace this part with your own URL and then here's the reset that PHP so that we can direct the user to the reset a PHP page again just like we saw in the chart here and it's gonna have to parameters again just like the in the account verifcation it's gonna have an email and hash so that we know the correct user is trying to reset their password so that's that's it for the forget PHP now let's look at reset let's see what happens on the reset page okay again we require the database we start the session and now we make sure that the email and hash variables are set because if they're not set and something is not right okay so once we make sure that those two variables are in fact set and these variables are being set right here in this part of the URL we then want to escape email and hash for security purposes to protect against SQL injection and now we make sure they use the email with a matching hash exists just like we did for the account verification so this should look familiar we again run the security to make sure the email is matching the hash and then if if they don't match then we want to redirect to the error page and you want to say you have entered in Val your URL for password reset if it's successful oh if if these variables are not set then we want to say sorry verification failed try again so basically all this code here basically it's gonna fail if any of this is true here inside of this okay so so next so basically we don't we don't want this happening here we want to make sure that our num rows is equal one so if it's equal one if it's not equal to zero then it's not gonna read directors to the error page and if the EES variables are not empty it's not gonna read directors to error page again and then the code is just gonna continue executing so we're gonna see I reset that PHP form okay let's go ahead and test this out I'm gonna go ahead and uh okay so I'm gonna go ahead and go to the email and click on the link so I've got the email with a password reset as you can see it's got the reset dot PHP here so this is the form that the user is going to see if everything went well so I'm gonna pick a new password one two three four five six and I'm gonna put a confirmation password and click apply and now it's supposed to redirect us to the reset that password that PHP let's see why it's empty though okay so I figured out what the problem was it was in this SQL statement it was a little bit wrong so so now I've corrected the SQL statement and it works basically it redirected to the success page and your password has been reset successfully okay so that's pretty much it for this video please like share and subscribe and just play around with the system see how it all how it all works and make sure everything is working and be sure to set the proper Apache mail settings before before testing out the PHP mail function in order for that to work and just refer back to this chart here if you get lost to see how the whole system works and just just to see the big picture alright you guys please like and share this video with your friends clever take it out
Info
Channel: Clever Techie
Views: 659,312
Rating: undefined out of 5
Keywords: login system, php login, login system using php with mysql database, php and mysql, php reset password, php login tutorial, php login and register tutorial, php login with mysql database, php login form with mysql database, php login and register tutorial mysql, php password reset, php logout login tutorial, login tutorial in php, how to make a login system, how to make a login system in php, how to create a login system in php, php authentication tutorial, php login system
Id: Pz5CbLqdGwM
Channel Id: undefined
Length: 32min 45sec (1965 seconds)
Published: Thu Feb 02 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.