User email verification in PHP + Login & Signup | source code included | Quick programming tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to a tutorial where i show you how to do email verification for your users so you may want to uh verify each user's email after they sign up to your system and we're going to use of course we need to send emails to those people so i'm going to show you how to do that and how to check if somebody is verified or not okay so before we begin uh you need a few things to prepare so i'm assuming that uh this is the first tutorial you're seeing so make sure that you have a server on your system of any kind i'm using xampp currently so if you don't have any server on your computer just download xampp and then install it once you are done open the control panel make sure you run apache and mysql both of them by clicking these two buttons here once you're done with that you have a complete server and then we can continue and then if uh you can get any text editor of your choice and as usual i'll be using sublime text but you can use any pure text editor just don't use microsoft word okay so once we are done with that go to the internet and browse for phpmailer we're going to use phpmailer to send emails to our users so just go to the link is on github it's a github link just come here once you search for it and then you download the zip file and put it in your project folder so we're going to see how to use that later on when it's about time to send an email okay then after that go to your folder drive c zamp htdocs that's the folder that's your server folder so every project of yours needs to be in here create a new folder we're going to call it verify like that press enter and then i want to drag and drop it in my sublime text here now if you want to use sublime text it's totally free there's a free version so you can get that and now let me just drag and drop the verify folder into my system so here at least like this i get to create files directly here without having to go to the folder itself okay so once you have all that we are ready to begin so to start with in our website here we're going to create a few new files so the first file let me create one too so right click here and say new file okay so let's save of course we need an index page now in in our case the index page will be the profile page so we won't have any other pages this will just be the profile page so profile dot php there uh yeah let's save that and then let's go to the next one here let me save this one as index.php this will represent your website okay and then save this one and this one will be the verify verify.php that's where the user will do the verification right click again let's save this one will be functions.php because we'll put all our functions in there it's easier when you use functions if you know object oriented programming that's even better use classes instead so i'm going to create a new file again and this time because we need um we need a sign up page i don't know if we should be doing that but uh why not let's just do a simple sign up system here and then the login page as well so login.php like that so these are the files that we are going to need so save all those files and we are good to go so now if you go to your browser type localhost slash verify and then it's going to load the index page very nice so if i go to my index page here let me just add some html so that we have something to see and this is the home page like so and then down here i'm just going to put an h1 tag so that we know where we are and this one is the home page so i'm just going to write home page over there like so and refresh that then we are on our home page like that okay very good then i just want to create a small menu here so uh i will right click and create a new file uh save this file as header dot php like that okay and then i will put in uh some links in here so i'll just have a div like so just so it can separate everything else and then i'll have an a tag here so put an a tag for links that way i can uh go to wherever i want here this is index.php like that let me zoom in a little bit so you can see a bit better and then i'll say home so that's the home link there i'll put a dot i just want to put links here to specific files so that we don't have to struggle uh browsing between them so there's the home page and we'll obviously need the login page as well so i'll just put login.php and then put the name login over there like that just some simple navigation here is what we are after so sign up like that sign up.php and then put the word sign up itself and then finally uh the verify page will have to go there from the profile so i'll just put that as profile dot php and put that there as profile yes oops i think i missed something up there okay there we go profile like so okay so that we have a header now this header will simply be included when we need it uh yes so here i will go to all of these pages like verify and let me add some html as well just call it verify like that and then down here i will add some php tags like so and i just want to include the header right so include put brackets there header dot php like that and close that up like so okay so save that i'll copy this and go to my index page and put it right here like so so let's see how that looks like if we refresh our page so you see now we have a basic navigation down here which is awesome okay so if i go to my login page here so the first thing we have to do is sign up a user because if we can't sign up we have nothing so let's click on sign up here and let's go to our sign up page where is that right here and at this point let me just add some html and say sign up like that okay great and then i will put in a uh let me put my navigation there and also i need to put a title to tell me this is the sign up page so sign up like that and then let's put another div down here and this time we'll put a form inside it like so and let's put an input in there so we want that input to be of type text and then the name of this input will be email yes let's put a break tag like so and then let's put a placeholder as well so please hold up email so that we know uh this is for the email let's duplicate this a few times so in here i will say name and then username something like this so here will be the username username here as well okay so username email and then we will need a password like that okay and placeholder is password and then we'll need the password verification so just say password two there and then we just say retype password oops password is already there so that's it and then let me put another break tag like so so there will be no styling in here because i just want to keep it basic i want to rush to the php as quickly as possible so i'll put an input here of type submit like that no name for it let's just sign up here but i'll change this name value to value like so okay very good let's come back here and see what we have okay so we have somewhat some resemblance of the signup page which is awesome so at the top of the sign up page here we are going to need to add some php so make sure you don't leave a space at the top there okay do not leave a space here before the hd php tags make sure it's right at the very top there okay and then we're going to include a file here now we don't want to just include the file we want to require the file because include if the file isn't found we just ignore everything but require will give you an error if it's not found so we just have to make sure because this is a required file let's just put curly braces there and that file is functions.php because it will contain all the functions that we need okay great now we need to know when somebody posts something here so that we react to the posting only and in that case we want to check for the submit method because when we refresh a page that's a get method when we send a post when we send a form usually that method is post but we have to mention here on the form and say method is equal to post that way when we post it's going to use a post method otherwise it will use a get method so here we're going to inquire from the server information and ask it so we're going to say server like that so make sure you put the underscore dollar sign underscore like that okay so the server we're going to ask for the request method so what method was used here to request your services sir and then if this is equal to post then somebody posted something and so we can react to that okay so once we do that uh everything here that was posted that has a name variable uh here will be posted there this is why i omitted the name here to make sure that the data from this is not posted only that is posted so all we need to do now is verify the information is good and then we are good to go now we're going to create a function in functions.php that will do the sign up for us all we have to do is call it like this and say sign up like that pretty cool right and then we'll get all the post information and put it there but then we'll ask this function to return if there are any errors right if there are no errors it's just going to return an empty array otherwise it will return an array of errors if there were any so if there were no errors here we would check by checking to see if the errors array is empty or not i'm not sure if empty works like this but just to be sure let's just say count errors like that okay is greater than zero so that means there are errors or let's check for when there are no errors which is is equal to zero so count will return how many items are in an array so it will count if they zero it to be zero so if zero is equal to zero which means there are no errors then we can redirect the user to the login page okay so we redirect by saying header we tell uh php to head over to a different location and say location this is just one of the headers you can add and we are going to the login.php page like that and make sure you put die so that the script will end there because sometimes there are clever people who will uh limit or prevent a browser from redirecting and then they'll get to see all the information down here that you don't want them to see so better you put that die there to exit the script whether the redirect happens or not okay so if nothing happens here if there are errors we will not be redirected we'll come down here instead and in this case we can query to see to ask it if there are any errors so it can show us so right here inside the div here i will add um i don't know maybe another div here for the errors and then i will say something like let me put some php tags over here and i'll put an if statement and say if we want to actually check for the same thing here if count but this time we're checking if it's greater than zero so if it's greater than zero then there are errors in here so i'll do this because i want to use some php down here i want to use some html in between those two so say ndf like that and put a semicolon and close that tag like so the reason i've done this is because this area i don't want this area to be under the influence of php so which means i can put some actual html so here each error now will be i don't have to write echo i can just say oh yeah i do have to write echo unfortunately this was a poor choice of coding but in any case let's do this equal sign and then we say errors like error okay so this question mark like this opening php tag if i just put an ecosign without the php it's as good as saying php echo like that so all that is summarized an ecosign like that but we need to loop through each item here so i'm just going to say four each like so for each errors as we don't need the key we just need each error separately like so so for each errors as error now this is what i was trying to avoid to having to do echo here so instead what i will do is close this up like that with a full colon of course and then duplicate that to end the for each here so say end or each like that and then echo out the air so i went through all this trouble because i thought i would need some html here but turns out i don't so this is a waste of php tags but in any case this is okay i can now add a break tag here to make sure that each echo era is on its separate line okay great this is awesome so now what we need is to create the sign up function here okay so i will go to functions.php and create that function so in here let's add a php tag like so we don't need to close this file because we won't be adding any html so we can just put the opening php tag and then i'll say function sign up like that and then put those there so i'm expecting to receive some data like that let me put let me use small letters just for consistency okay so that data is all the post information that we got so let's begin by creating an empty array of errors first of all so we just say is equal to array this way we can return this regardless what happens in the middle so i'll say return errors like that okay great so now we are assured that the result will always be an array otherwise all these things will cause problems if we don't so if we try to run this now uh we will be redirected to the login page so let me come back here and refresh the page so we can test that and you see we have a syntax error which is awesome i i do love errors and to be a good programmer you must love errors fixing errors is the key to becoming a very good programmer so syntax error unexpected token nd online 36. so it says in line in the signup page online 36 we have unexpected token so line 36 it's saying and if is it yeah is unexpected so which means um usually when it says this is unexpected it means something that came before it is the one with an error so here i missed that so it should be for each i don't know what i typed here this is crazy okay something like this so refresh and it seems we have a different error which is nice progress so undefined variable errors on line 32 so let's see that line 32 it doesn't know what errors is well shouldn't it it should know that errors is here and there now keep in mind that this only runs once we post something so as far as the computer is concerned here as far as php is concerned these errors does not exist because it didn't run this section therefore it doesn't it it doesn't exist so we can make sure it exists regardless by creating copying exactly what we have here like that we create an empty and put it here that way whether we pass through here or not it will exist but it will be empty so refresh and everything is awesome okay so now that we have all that let's go to our functions.php and see what data contains so we're just going to say echo and let's echo some pre-tags because it's much nicer to look at an array when you have pre-tags like that and then we're going to use print readable to look at what's inside our data array before we do anything else and then here we're just going to say uh i'll come back to the sign up and mute this and that so that we are not redirected regardless what happens okay so refresh oh we have a syntax error on line eight and i didn't even check what the error was but i think i may be able to spot it and that's because i shouldn't put a dollar sign on echo like that so refresh okay so now let's create let's use uh create a username john and email will be john yahoo.com oops i pressed enter accidentally but you can see the result here we have an array with values and the keys over here so all we need to do is get these guys and verify that they are good and then we are off to the races so back here what i can do is now get the username so say username be equal to data username actually i don't even need to add them to this because there are no i know they already exist in there so we can use that same variable there so all we need to do is verify information or validate the information so in order to validate we just put if statements so first of all we're expecting uh simple characters in the username so we're just going to say uh i'm going to use pregmatch to match my the username to a specific set of characters so i'm just going to say pregmatch like that now pregnant uses regular expressions to match a pattern so the pattern i will create here is pretty simple i'll say a to z and copy to a to copy to z i don't want numbers in my name so i won't include numbers i don't need spaces either so i won't put spaces if you want spaces just leave a space like so and that should work but for now that's all we need a to z a to z we don't want any symbols or anything like that now we have to make sure that uh this is checked from the beginning to the end otherwise it won't work so put a carrot there to tell it to check from the start and then we'll put a dollar sign at the end to make it check to the end as well but then we'll put a plus sign to make sure that there's at least one character or more okay so here what we are checking for is the data uh username so if the username matches this pattern this will return true if it doesn't it will return false so in our case we can use that for an if statement by putting it in brackets go to the home here and say if we say not we put that exclamation mark to say if it doesn't match this so we're just reversing this if it doesn't match the username then we can do something yes so what do we do we add to the errors list so say errors is equal to so this is how you add to the end of an array like so uh please enter i don't know why i'm typing like this enter a valid username or you can say something like no no numbers and spaces or whatever that's entirely up to you yes so that is good if errors uh at this point if there are any errors that will be added to that so that when we return errors we will have an error yes yes so let's test that real quick let me do this just a simple thing like that and let's refresh our page oh we have another syntax error on line nine way way so what be the syntax error here uh what is it saying oh this should be inside the uh this should be in quotes right i hope yeah okay so it's saying unexpected token slash so yeah it should be in quotes okay there we go so we put john now i just want to test excuse me the username by just adding uh if i sign up like this nothing i get nothing right but if i put john and put a few numbers there it's it's not going to match so if i click sign up you see please enter a valid username right awesomeness so if i put text put a space text and press sign up i still get the same error so it's working just fine other than that let's move on and verify uh the email we don't need to we may need to verify the password as well so let's put one more here what have i done okay i'm using ctrl shift d if you're using sublime text to duplicate those areas so here it will be please enter a valid email so let me change that to email of course we don't check emails like this we're going to use something else we're going to say filter var filter underscore var like this so futa var is used to do a lot of things so the variable in here is this one so let me remove that and let's put the data email let's shove it in there and then we'll tell the filter what kind of filter to use so say filter underscore validate underscore email now it's supposed to change to italics if you get this correctly so it looks like i haven't so let me put validate okay there we go so it changes to italic which means i got it right so let me move this away like that so filter var that and then validate email so if this is a valid email it's going to return true so we want false so put an exclamation point we only care if it's not correct right so please enter a valid email good what about the passwords now the passwords should match and also the passwords should be at least longer than a specific value so in here let's change this to password and say password so i'm going to say if let's just say string length string len like that that's how you count how many characters are in a string so if this the length is less than let's say four then you say password must be at least four characters long like that okay now you have to make sure that this is a trimmed version it doesn't have spaces because it's possible to count spaces as well so put another bracket here and let's put trim at this point to remove all the trailing and leading spaces like that and then finally we do the final check which is to make sure that password one is equal to password two so i'll say data password like that not equal to and then let's put password here there like so okay so password and then put two over here so if password not equal to password two then you say passwords must match so let's put much over here match okay good so this is all we've got and then return errors and then at this point we want to save into the database if things go well so save here and we will only save if we put an if statement to check that there are no errors whatsoever so back here paste that let's do that so like this if errors is equal to zero then save okay so in order to save uh we'll create another function to do that for us so here what we'll do is we just create a query let's say query is equal to and we say insert into users and then we'll have our columns there and then we'll have our values on values like so okay then after we create our query we're just going to run a function called uh i don't know save let's call it database run or something like this that's what we'll call it right and then we just put our query in here like so but for security reasons we're going to use prepared statements so we'll put a comma here and then we'll put the now we can't put that data thing there because it has more items than we need so i'm going to create another array and call it aar like that so i will put those items in that array and say er username and then equate that to whatever is inside the data username like so okay so let me duplicate this a few times and change this to email email and change finally to password okay so uh the reason i've done this transfer is because in here there's an extra password too which will cause errors there so we don't need that we just needed it for confirmation so at this point we have three items that we need and also we need to hash the password so let's use password hash like so and then we'll leave that as it is and just change the string so string will be here okay so password hash default like that the password will be hashed good ok now to insert here we have to say username email password ok and we may need to save the date as well so date like that so then i will copy all this put it in the other side paste let me move this a little bit lower okay then i will put four columns here because we are using prepared statements i'm not put the variables but just placeholders alrighty then good then one more thing we have to add is the uh date of course so date will be equal to the current date we'll put year month day hour minute second okay good okay so we are good now we need database run as a function yes good and keep in mind that we don't have a database at this point so let's just create the function in advance i'll copy this so we can put the function anywhere as long as it's in this file so say function database run like so okay let me move that law goody so now we will have a query that will come in and then we'll have an array now array let's just say uh vars i'll call it vars instead it doesn't really matter what i call it let's set it to an empty array that way it's optional what that means is that i could omit this from this and it's still going to work because there are queries that do not have variables in them for example select or from users is a valid query but it doesn't have any variables so in that case we won't have to put an array there so it can accept without one okay so here we need to connect to a database so at this point i want to connect to a database so i will say con which is the connection string is equal to we're going to use pdo like that php data objects and it's object oriented so i'll just say new pdo like this now let's make a connection string here we're going to say string be equal to the first thing we need is the driver name so mysql for colon and then we'll need the host name we'll say host b equal to localhost since we are doing this on the localhost and then let me put a semicolon and say uh what else do i need here mysql localhost if username and password will go here i think i may have forgotten this process because i don't do it so often once i make it a function you connect i forget about it and just reuse it several times so here we have the username of root and the password of empty now if you're using a mac or you're using wamp mump sorry you may need to put root here if you haven't changed anything so if you've changed if you added a username to your uh database connection or your mysql then you put it here and your password here but if you haven't these are the defaults so what we have here is a localhost and we need a um what are we missing here the database name yes so db name i think that's what it's called so db name is equal to what will be our db uh verify underscore db that's what we're going to name it just like that okay so connection and yes so at this point we should be connected to the database but let's create the database first and see if it actually is going to work so to do that let's go to our browser and let's relocate to localhost phpmyadmin like so localhost phpmyadmin one word like that let's click on new to create a new database so yes database name will be verify underscore db of course and let's create very nice we have a new database let's create a table now called users and it doesn't really matter what we have there let's just hit go okay so now we have at least one table so users there and let's put some uh columns here so first of all id okay we'll leave it as an integer that's okay and let's put username this will be a variable character so var char how long your names are going to be maybe a maximum of 30 characters email some emails can be very long so variable character 100 characters let's put date over here and actually that's not let's put password password with our car as well let's put 255 because we don't really know how the hashing algorithm is going to fair here let's add one more that we are missing click add there'll be one more here and let's add the date so of course we're going to name this as date time okay let me zoom out a little bit here the important thing is to add one more column which i forgot so let me add one more right here so the way the email verification is going to work is we'll have two columns so there's email and then these let me move these guys over a step down and password here cut paste there so here there will be email verified or we can just say verified email yeah it doesn't matter verified like that so email verified email so the the issue here is let me move this to the password and let me change that to date time quickly quickly quickly password is very vocal over char so yes this one will be 100 as well so the issue is once you verify an email you write the email in here you put it in this column so that will be the verified email and all you have to do to know if a user is verified or not is to compare these two emails if they match it's verified so if the user edits their uh profile and change the email these two will not match anymore so it will say unverified simple as that right so here on the id we'll put auto increment and make sure primary key is selected as well so when signing up we don't expect to have email verified setup so let's take the no to make sure that it allows no values to be set up here so any column that you don't expect information immediately a row is created just take no to make sure that it accepts no values otherwise the rest of this [Music] is okay like this okay so let's hit go i zoned out there for a second right so we hit save and there we go so we have all this now we'll be using the email to search for a user because that's what they used to sign up with so we're going to go to more add an index okay if you're going to be searching by username you may want to add an index there as well okay so yeah that's about it the date you may want to search by date just add an index there you can always add an index later on not a big deal so now that we have this uh we should be able to read from the uh database okay so let's come back here and try to [Music] whatever query we are given here we should be able to run it down here so in order to run this query we're going to prepare a statement so i'm going to call this one stm statement is equal to connection like that and let's say prepare like so so we want to prepare whatever query was sent to us so query there we go okay now we should only do this if the connection is valid so let's just say if uh what what do we do here i wanted to do if con like this and then put everything inside the connection but what i can just say here is return false like that so we don't have to put everything in an if statement so at this point you to exit the function if con is not good so let's put an exclamation point there to make sure that if not con return and then uh what else here so statement can't prepare so we prepare that statement that's great so now that we prepare it we can execute it so let's say statement is equal to uh no actually sorry about that we'll say execute like so so we're executing the data as well oh it's vars actually so copy that and put it there so during the execution we're going to give it if any variables exist we'll give it that as well because the query has been prepared so now when executing it needs to replace those placeholders with actual values from this array okay so here we'll just say check like so because that will be true or false if things go well or not so at this point i'll say if check if that was true now at this point if the query is not re uh needing any result whatsoever if you don't need a result from the query then this is all you need to do just uh prepare and execute that's it but if you need a result then you're just going to say data be equal to right statement statement fetch all like so so here i want to fetch and i want to tell it the type to fetch you don't need to put this what i'm putting inside here pdo fetch obj so here you can if you want to return arrays you can do that you can say a sock like this but i kind of like objects so just say obj yeah okay so if now the count for the data is greater than zero then we returned some results so here i'm just going to say return data otherwise if none of this happens we're just going to return false okay great so we make the connection here you can put this string straight in here but it just make it just makes it easier to see like this and then we check if the connection worked and then we'll run something here okay so looks like everything is well set up and let's go to the sign up and remove these guys because now we are able to get errors and let's see if the sign up actually worked so back here and refresh do not resent just refresh okay unclosed functions line 21 so there's an enclosed bracket in functions line 21 okay so here it's this extra one right there so simple mistakes okay so let's try now say john like that and john at let's see if we don't create a valid email let's just say at yahoo also uh these values will be will disappear if we try to refresh so let me just do it like this and then let's put the password the password will be password the most insecure password on the planet like that so i don't want to dive into uh if you want a detailed uh uh tutorial on signing up logging in i have plenty i'll link them in the description so here we're just we're just going to do a straightforward thing uh hopefully it works so i'm just going to hit sign up and i've been uh not redirected at all so let's see if we saved anything in the database so browse to the users table and look at that everything looks good so we saved all the information that we required nice however we were not redirected to the ah sorry my problem this shouldn't be locations should be location like so so let's try and sign up somebody else as well just to verify that everything will work as required so i'll change this to mary and that is mary at yahoo.com everything else stays the same so let's say uh wait a minute let's make sure we can recognize the login page so i'll put something in the login page and say login and then here i will say h1 login like that okay that way we can recognize it if we are redirected so sign up and there we go we're on the login page good so if we check here we'll see that we have a second record where okay there we go okay so we have two records here sign up done boom so we are back to the sign up page everything here stays the same so i'm just going to copy everything from the sign up go to the login page select to paste and then just change every part that says sign up ctrl d to find all those instances and change to login like that only that here let's change this to a small letter like that login post so if there are no errors then we are redirected to the profile dot php page just like that okay and then in the login here we need the errors but we don't need the username so remove that we don't need the the password should be changed to type password change this to type email as well okay and we are good to go so login let me come back here and check what we have login good so we have a login thingy here happening okay pretty cool now at the this location here when things are logged in so let's create this function so we go to the functions now we're just going to copy everything from the sign up function here and just duplicate it ctrl shift d zoom in and change this to login so we have to do is uh some changing some placeholders here so username is not required please enter a valid email this is valid so leave that there password we shouldn't really care but we can do we can leave that there we don't need this one as well and then save instead of save we're just going to say check if this is true if the person is uh really signed up so let's let's remove the username let's remove the date uh we are going to hash the password again because that's the only way we're going to compare the two so we'll hash the new password that is sent and then we can compare the two and then the query will change now instead of insert it's going to be select so let's say select all from users and then we'll remove all this we'll just say where where email be equal to full colon email there and then we say and password uh be equal to full colon password like that so we just say limit one just so it can return after finding one result so here everything else remains the same but in this case we're going to have to check for a result so say row is equal to and then if a result was returned then this is all good so if it is false we'll create an error okay so if is array we're checking for the row if it's an array if it's array raw uh not array actually let's put a not there or let's say if his array just like that so we can sign the user up and then here we say else if it isn't then we will add an error so i'm just going to copy everything here put it right there and say wrong email and password wrong email or password good and then return errors yes otherwise we log in the person here and to log in that person is just to add something to the session so i'm just going to say session like that this is um a session is a variable that's available on every single page so this is why we put our variables in there so i'm just going to say user like that session user is equal to and then we'll add the row for the user so just say row so for as long as this session user is available then we know they are signed up or they are logged in sorry so if you want you can even put one logged in underscore in is equal to and then you say true then you can check for this now for session to work we must make sure that on top of functions here because functions is on every page so we're just going to tell it to session session underscore start like that okay great this session start should be there at the top of every page where you try to use sessions like so cool so this should work just fine let's come back here try to login so i'm just going to say john yahoo.com and then just put some wrong password wrong email or password okay let's try again john yahoo.com and then let's use password here and login okay wrong email and password okay so this is where your debugging skills should come in so let's try and see where we have the problem so let me put that again john yahoo.com let me put my password there and let's hit login so wrong email and password all right so we go back to functions.php it seems when reading we are not getting what we want so here i'm just going to put echo here like that just so i know that at least the execution is actually running as intended so i'll leave that there if i see the here in here let me resend the data so i see it there which means it's actually getting to this point so the problem must be in fetching the data so i just want to see as well by saying print readable what the result of this is so i'm going to see what's inside data so back here and refresh and resend so data is an empty array hmm okay so i don't need this echo here anymore but i know this is an empty array so let me put die over here so that uh in case things go well it shouldn't bypass this point also let me remove these because i don't want it to sign up prematurely before to login prematurely before i fix the problem so it's empty here and let's look at the query it means probably the query has the problem it did write to the database so it means the connection is fine so that can't be the issue the issue should be with the query so i have a suspicion that maybe the passwords are not well comparable in the database itself so let's just remove this and password part here let's just do that so where email is equal to email let's just find the email and see if it's gonna work so refresh resend okay so invalid parameter number so this is an important error you have this error several times it says invalid parameter number number of bound variables does not match the number of tokens what this means is that we've given it uh some placeholders here this is one placeholder here however in this array i've given it two so this is where the problem is so i have to remove one of these so let me just put this directly to a normal variable like that and not in the array so i'll leave it at that that way there's one bound variable and one variable in the array itself okay so let's try again and let me refresh okay so you see now i get a result set we can see this is john everything looks fine so it was failing to compare the password so let's do the comparison after the fact so here if this is an array let's do a comparison here we're going to say if password which is the hashed password we've brought up here password sorry variable if password is equal to and then here we get the one from the database which is inside raw now remember that we got objects and not arrays from the database so use the arrow notation if there were arrays would do this and say password but it's not an array it's an object we are returning because that's what we said we should so we'll put an arrow like so okay so if these are the same let's even put three of these like that just to be sure then we'll pass through here okay good so let's see if we don't get any errors this time [Music] wait a minute wait a minute okay so if i print die here it's going to die over here so i'll just move that there i just don't want to see an error so if this is correct there won't be this error so let's try again refresh boom okay so no error and we're on profile.php are we yes because we didn't return an error so the login page redirected us so everything is working fine it's just that we are not logged in yet okay so i just go back to the functions and unmute these like that okay then we'll create a function that we check for us if we are logged in or not then we can use that function so we just check for this variable in here both of these if these both of these are set in the session then we know everything is good so what will happen is let's go down here and create a function function check underscore login now this function will return true or false whether you're logged in or not and then you can tell it whether to redirect the user or not uh by putting uh redirect here say redirect is equal to true we'll leave it at true for now but you can put false in here to tell it not to redirect but just return false or true because there's certain times you just want to check if the user is logged in without having to redirect them so i'm just going to say if is set that's all we need to check for if these two things are set if user is set like that and again is set and this one is um oops wrong is set logged in like that okay so if those two are set then so if both of these are actually set it means we're logged in so in this case we're going to return true like so otherwise we will return false now if redirect is true then we must redirect the user to the login page so i'm going to say if redirect like that which means it's true then we'll do something else here let me move that down and then put an else statement like so let's remove that extra bracket so if redirect then let's do a redirect right here now we already know how to do a redirect so let me just copy that from there and paste it so so we go to the login page and die gracefully okay so pretty good so if this is true this will happen if it's naughty to just return false otherwise it will return true and continue executing because the return key here exits the function so we'll never get to this point okay so all we need to do now is just get check login and go to our profile.php let me just put some html over here and just say profile and then back here i'm going to say h1 and just say profile like so then of course i need to include that that header so include let's do that header dot php like so and then close that alrighty then so if i go to my profile page now and refresh you see that i have this however i'll show you that the check login is working now so let's put some php tags right at the top now redirects should happen at the very top here that's because you cannot redirect if you've already sent headers so the moment this space this is why i said in the beginning put this at the very start don't leave a space because that space is html it's regarded as html so you cannot redirect a page after html has already been sent because headers are supposed to be sent first so we are redirecting using headers and headers should be sent first before anything else so if you put your headers down here and try to say our header relocate it won't work because it will tell you headers were already sent you are too late because of all the html at the top so at the very top here let's put check login like so and this is all we need to do so in any page that you need to the user to be logged in just put that function there and you are done and also we need to include that functions.php just like we are doing on every single page we must include it there as well otherwise the function will not be found you have problems so if you want to use this function to just check whether to display something for the user only when it a user is logged in you can put a simple if statement like this so you say if check login like that and then that so you put anything that the user should see only if they are logged in you put it inside this if statement but here you must put false otherwise the page will be redirected if they are not logged in so once you put that false it won't redirect it to just return false because that's what we told it then you can put stuff in here that only a logged-in user should see so we can test that first let me mute this one at the beginning and then let's test this one right here so i'm just going to close that tag so this one i'll just say show only or let's just say you are logged in here you are logged in like that so this will only show if i'm logged in so if i come to my profile and refresh you see that it doesn't actually show and then if i go to the top here and leave this one out it should redirect me to the login page so if i refresh now i'm back to the login page so let me try and log in now so i'm just going to say john like so and then put my password there and hit login it's not working [Music] john.com let me make sure i have everything correct and it's not working still let's go to the profile it returns me back to the login page so something isn't working right still this is working fine all that is working fine that's cool but we are all back to the login page and something isn't right so let me go to the functions.php for the login right here because it means we are not getting to this point so what i will do is just put the die over here i want to see what's going on okay it seems there's something weird happening here so let me just figure it out i'll refresh this and what i will do is try to echo out these two and then compare them to see why they are not matching so first of all i will say echo password okay and then i will add a break tag to that like so so let's do echo here and then uh i'm going to move this to the next line and do another echo like that and put the brake tag on this one as well okay so back here let's try that again let's try john oh wait a minute excuse me password like that enter okay so attempt to read property password on an array okay so here it's telling me that on line 66 i'm trying to read a property on an array and that's where the problem is so i think i get what's happening here we are fetching objects however we are returning an array of objects so it means the first result is the actual object but it's inside an array so i think i have that covered so what we need to do is put a zero here because the first item is an array and that array uh contains the uh the first item sorry is an object but it's inside an array so we're getting the first item here from the array and then using the object notation to get the password from it because that is an object and it can work like this so this should work now but let's give it another try so refresh and resend so this is probably why it didn't work when we added it to the to the to the query here so you can add it back if you want but this is okay because at this point you can tell if you want to tell what's wrong whether it's the password or it's the email so here you can say wrong email and then you can put an else statement here and say wrong password because at this point it's the password that has a problem okay but for security reasons it's not a good idea to tell the user what part of the thing is is wrong whether it's the email or the password so we're just going to put else here and still put the same message wrong email or password for security reasons okay so back here let's try to resend the information and we're still getting that so maybe that wasn't the solution at all let's try again don't join yahoo.com let's put password here and we're still getting an error so removing those things was a mistake i guess so what i want to do here is try again to compare these two one more time now when you are getting errors do not get uh frustrated with trying to fix errors because this is the key to good programming i cannot emphasize that enough just persevere with your error and you finally get it use google as much as possible to try and figure out what's going on get your error and then copy part of your error and then you can paste it online and try to get a solution so here i just want to check what's here and what's in here so that we see why these two are not doing their job so i'll put die here just to make sure that's only the only thing i get so refresh and there we go so are these no they don't look the same at all so i'm going to refresh this again and see if any of them changes okay so you see the one at the top keeps changing every time and that's not good so i wonder why that is so it's probably because uh this password default um it's telling it to use a probably it's adding what is known as a salt uh using the timestamp so let me try and just put sha256 there to give it a very specific algorithm to use maybe that's going to work i don't know let's give it a shot and see if it works so okay so uh the algo must be valid it's telling me that the algorithm must be valid okay i'm not really sure i've never tried to use uh this kind of thing before so let me try and do sure one like that let's test that i use a different uh password uh algorithm here so i'm not really sure oh wait wait wait what have i done oh there we go let me see maybe i don't need to put any uh inverted commas there okay so that's not working so let's do a different hashing algorithm right let's use shot one so i'm just going to remove the password here just say hash like this so hash and then the algorithm comes first so i'll put that here i'll just say shar 256 this is less secure than the one i was using at first but i don't have the time to go and check why it's producing a different password every time so i'm just going to revert to this one but password hashing is not really a big deal what you have to concentrate on is stopping people from actually getting access to your database in the first place not trying to protect an already stolen database that isn't cool so this is just to protect uh in case an employee just tries to check in the database to see someone's password at least they'll see this hash over there okay so since we are using that uh we can't use the password that's in our database anymore what i need to do is echo out this password here i'll just pick it up from there because now they'll be different so refresh resend so this one is clearly different this is the the hashed version of the password we are trying to do the new sha one so they are very different so what i would do instead is copy that go to my database and replace the contents of the password here with these versions okay paste there char256 okay good and don't forget to change it here as well so we've changed it there for checking and we should also change it when signing up otherwise we'll have problems so on the sign up here change it to the same thing as well as this one sha 256 let's put that here and then remove this password default so now it becomes hash and then the algo and then that but do your research on the other one uh it's much better to use that than this okay so once we are done with this this should work now so i will come back here and remove all this stuff so it's the password that was giving us a problem save that and back here uh let's now resend the data and resend so now we are able to be on the profile page and you see it's telling me you are logged in and the reason it's saying that is because on the profile page there is this if statement which checks if you're logged in or not so this is how you can check anywhere in your system whether somebody is logged in just put in that function in an if statement make sure to put false there and then you can put whatever you want down here for only people who are logged in you can use this also to give the username of the logged in person for example i can say here echo and say hi coma and then since we know that we are logged in put a space there we can concatenate the user's name here so i can say something like a session because we know it's inside the session and it's inside user like that and then we know it's an object so we'll use that pointer and then we're going to say name like that okay so if i come back here and refresh oh it's an array is it okay so the row that we returned is uh an array and that's not cool so let's go back to the functions and where we are logging in where is that uh right here row okay so we have to change the row here let's put row is equal to row zero like that okay that's much better then we can remove this here because now raw becomes the object so we're setting it to the very first item that way even when we set it here it's set to an actual object so let's log out instead so to log out uh we just do a session destroy and redirect ourselves so let me [Music] create a new file and then put php tags don't forget to put your session start so let me save this as logout.php so session uh start should be there otherwise we won't be able to use our session and then you can just say session destroy like so so we destroy the session or sometimes this may not be a good idea because you may have a shopping cart that you don't want to lose because someone has logged out so in that case you have to put an if statement and just say if is set like that session uh then we go to session uh user like that and then you just say unset uh session session user like that okay so like that we unset the item there and remember that there are two variables that we need to unset the other one is logged in so logged underscore in like that if they are set unset them and then after that let's do a header location because we want to take the user to the login page so location login dot php like that and then we die even though there's nothing down here so that's the logout page close that that's all we needed there in the header we should add a link to the logout page like so and just say log out like there logout and then here log out as well log out like that okay great all right so now if i refresh this log out i can log out then log in again this time with a better system so password okay so undefined property name so there should be it should be username and not name sorry about that i forgot that's the name of our column it's username so refresh and there we go so hi john so it knows who is logged in at the time okay good so now that we are done with all this we have to check if the user is [Music] is verified or not okay is the user verified or not so in the profile here we need to know because we need to know whose profile this is right so this profile belongs to the person that is logged in so what we will do here is normally if this is somebody else's profile you wouldn't show them the verify uh option whether to verify or not you wouldn't show them that you'd only show them if they are if they are the ones that are logged in so it means at this point we have our users details in the session variable there so if they are logged in you can put hi but then you can put other things as well for example you can put now if you want to put a lot of html here what you do is you put php tags like so and then you close that over here like that and then now you don't need to do echo like this this is purely html now and but you have to close the if statement like that by saying and if semicolon and then close like that so this is normal html now but this should be a variable so let's put some php tags now instead of putting normal php tags you can just put the equal sign like so and then like that okay so this is exactly the same as we had before or is it syntax error on line 20 why i don't understand this what's going on this doesn't seem right it's because of this php tag sorry about that so i'll move that here like that okay so refresh and we are back so there's that closing tag which we do not need as well which is right here okay so in here now we uh we can put other things for example the verify button so button here verify uh verify profile something like this and then let's say let's give it a link to where it should go it should go to the verify page so at this point i will say um a href yes and this will go to verify dot php and then come down here and let's close that tag okay goody but we should only show them this if they are not verified right so let's see how we can figure that out if i refresh now there's a verify profile now let's put some break tags here just to make it more appealing like that break tag just a couple of these let's see that okay there we go so verify profile yes so the same way we [Music] in the functions here we are checking to see if somebody is logged in we can also check to see if they are verified or not so what i will do is just duplicate this function like this boom okay so check verified like that there's no need for that thing there so every time we have to check the one that is logged in if they are verified or not so we will get our email okay so we will get our email and say uh just the second email is equal to and this one right here actually we don't need to do that all we need to do is check in here because we have the user data already in there so i can just say if this user email is equal to the same thing but session user let me copy this again put it here so email verified like that if those two are the same then this user is verified okay so let me go to here in the database just to be sure it's called email verified that's true so at the moment these two columns are not the same so none of these are verified all right so that's what we check for if user that is very is equal then they are verified we return true otherwise we return false we don't need to check whether to redirect or not it's just like this so we either return true or return false so if i come here and copy this come down to my profile page i can actually let me just copy that and right here i will say the same thing if statement duplicate that if statement move it inward like so so instead of check login we say check verified like that and then remove the force from there like so so if check verified so if they are not verified so we put an exclamation point to negate it then we show them that so back to the profile if i refresh so call to undefined function check very oh so there's an i missing here sorry about that it's saying call to undefined function it's because i had named it something else so you see that now it's showing me verify profile because it knows i'm not verified so if i click here it'll take me to the verify.php page so let's finally now design a way to for the user to add a verification here for their email essentially what they're doing is just copying this email into this column and that's it then they'll be verified okay but we have to send them a code so let me explain why we need a code so sometimes what other websites do is they send you a link to your email and then in that link you once you click that link then you verified your email that is all good you can do that no problem but like i explained in an earlier video sending links may lead uh websites to flag you as spam then they will send your emails to spam or they won't even forward your emails at all because they'll think you're a spammer especially if you get a lot of traffic on your website especially on your first day that you launch it and then people are trying to verify their emails it might be regarded as spam and then you may lose customers because they'll get frustrated that they're not getting their emails you start telling them or check your spam folder etc that's never good so instead of sending links just send codes so if you send a five digit code any uh no one will flag that as spam okay so just keep that in mind let's come back here now to the verify page okay so in the verify page here the moment somebody is sent there we know that what they want is to be verified okay so i'm just going to copy everything from here just so i have a template and i will go to verify.php and paste everything so instead of the title being profile here it's going to be verify okay and we do need a uh let me close all this up so it's important to check that you're logged in that's good and let's go to the login page i want the form here so i will copy the div that has the form so that we have a starting point copy that come to verify.php and paste it over there okay so pretty good we will need to have errors as well just in case and then here we have to we don't need to put in an email or password or anything like that all we need is a code so verify will be the button and then this one will be of type text and this one will be named code and then we just say entire code enter you code let's say from email so we'll say enter the code from your email okay good refresh let's see what we have so verify undefined variable errors okay that's understood let me go up here and create errors and set it to an empty array like so okay pretty good and now let's come back and refresh the page we should have everything here let me put just a little bit of break tags just so there's a little bit of space between the items here okay enter the code from your email not enough uh space here so let's just say enter your code i think that should be good enough let me remove that then at the top here we can put some instructions and say an email was sent to your address paste the code from code from from the email here something like that i don't know it's up to you to write what message you think will resonate with your users just as long as it makes sense that's all that matters so an email was sent to your address paste the code from the email here so there you paste the code and then you click verify and then it should verify everything so if the code is expired we should see an error here code expired if not we're just redirected to the profile without the verify uh thingy there okay so let's create the system that will help us do the verification here so when something is posted um let me put some break tags here as well now i will move this let me put break tags there there will be errors here so let me move this above this whole thing like that so that the errors are below okay so once we open this page or refresh this page that in itself should send an email so here i'm just going to say if server okay request method if the request method is equal to get then let's send an email okay so the get request is just when we refresh the page that's a get request so once we refresh the page we send an email immediately okay so what we will say is uh check now it's up to you to choose if the person is not verified or not uh what you can do is you can say we only check this if the person is not verified so i'll go to my profile and just check say check verified here copy that come back to verify and put it here so we only send an email if the person is not verified so let's do that actually let's first check for the let's put this at the end so say if the if it's a get method and the user is not verified then send the email otherwise if they refresh 10 times then you get an email being sent send email and then not only do we want to send the email we want to save in the database the code that we've generated so we say code is equal to we just create a random value by using rand and we'll say one one one one maybe five digits and nine nine nine nine nine five digits like so so to get a random value between these and that so the reason i've put i haven't put i actually can put zeros here no problem one two three four like that uh five actually so five digits five digits so these are all the five digits in between here you to generate a code between those once it generates that code you do save to database that same code now we don't have a table already so we're going to create that table just now so go to my uh database here and right on the now i'm lost where is my db the verify db so click on new on the verify db and this one is going to be very fi i think that's what we'll call it the table will be verify and then we'll say id that will be the first column and the second one now is going to be the code like that and then the last one will be expire okay or expires like that so those are the things we need when it expires the code itself the id and the email okay good so email will be variable character with hundred expires will be an int the code will be a variable character because you can put it as an int that's entirely up to you but i'll just put var car five because i know it's five digits and then uh actually let's leave it at int that would be much much better let's remove that id will be int no problem so there is the hint it's just that one so put auto increment on the id make sure it's a primary key and everything must be filled in so we're not putting in any null values so save this okay so now we have the verify now we will be using code and expires and email to read from these so just add indices for all of them the expire uh the email where is this add index and expires as well will have an index okay good so code expires email now we want to let it expire after some time so we'll say hours the number of hours we want it to expire after actually maybe minutes let me just do this and say time is equal to or let me just say expires so it's easy to remember what that is there's the function called time like so now time is the number of seconds since 1970 up to now so that number keeps climbing every time so when you when you just run the function time it gives you that same number so what i want to do with that number is add to it some minutes so one minute is 60 seconds like that so if i multiply this time and multiply it by no just add 60 to it then it means the expiry date is time plus 60 which is 60 seconds from now so it will expire in one minute so if i just multiply this by a number like 5 it means it will expire after 5 minutes so let's just put one minute for testing now you can put 100 uh here or if you say 60 times 60 that's one hour and then you can do one hour and multiply by three then it means uh it will expire in three hours like this oh sorry there like that so that's just simple math that you can do to increase your time so here just put times one i'll leave the multiplication so that you can easily change it here if you want 60 times one is just 60. so that's one minute okay and then the code we have we have the expires we need the email so the email is going to be email is going to be inside the session so session user like that uh email like so so we have our email we have our code we have when it expires so we can now save in the database by just saying database run like that and then we put our query in there like so and then we will put our variables there inside vars like that okay so once we run that then we are good to go so here i'll put vars instead of these so that they are inside the bar bars like that okay so it's like creating a new uh array and then putting these items in there one two three items and then we can run the database so the query now we haven't created query are very simple to create so let's just say insert into verify this isn't correct let me come back here and see what it's called verify yes so inset into verify you put your columns you put your values and then you uh your values there of course so your columns here are sorry there id code oh we don't need the id's just code expires email so let's go code you can put them in any any order it doesn't matter expires email like that as long as the order here is exactly the same order there that's all that matters and then let's put our full columns here to tell it that these are just placeholders for things that for variables that exist in this site in this array here okay so that's about it we insert that and then we'll have a code and then it's going to ask us to verify that code as soon as possible okay so let's test that actually before we even test it let's create the verification process here so the other thing is going to happen when we put this here okay so here it's in the post so let's put post when we post it will go to this and let's remove this and over here instead let's put another uh and just say if not verified like that that's when we proceed to do whatever we are doing else we'll say echo you are already verified you are already verified like that okay good but if we are not verified we'll just do a check here real quick okay so we just read from the database to see if we find the result okay so query is equal to we'll say select all from from verify where code is equal to whatever code we're going to give here and yes that's about it and email let's use the double and and email is equal to full colon email so those two should be correct and then we'll get the result and to run the result we just do this put that here okay so we'll need the vars there but then we'll say row is equal to so let's create the vars now the variables here will be email and then that email is going to come from the server the server variable so oh session sorry session variable and that's user email and then the second var here is going to be now sometimes you may be using these vars too many times so just be put make sure it's an empty array before you start adding uh extra stuff here you never know it may be working somewhere here and then it will just mix things up so do that email and then here code and the code will come from the post variable right so let's do post and inside the post will be code like that because that's what we are sending from the form okay so the code and the email and then we will run the query with those in mind here very nice so if the query returns a result so say if is array if the result is an array let's do row like that then things worked out if they didn't to say echo wrong code like that okay but then if we come down here and it's correct we're going to say raw is equal to we just want to get the very first result like that and then once we get the first result now we make a comparison to the time okay so we need to make a comparison to check if it's expired because we know the code is correct the email is correct but we just have to know if it's uh less than the current time so time at this point is equal to time like that so we get the current time which is an integer in number of seconds since 1970 and then we just compare that with what's inside the row so we just say if we put an if statement here if row expires expires so we have to know that one in uh the code should be greater the one in the row should be greater than current time so if it's greater than time like this then we are good to go okay so if it's greater than time then we're good to go if not or what we can do here we can i think even that is okay we just need to put an else statement here so if it's greater than time that's okay if it's not we can echo and say code expired like that okay but if it is greater then everything is good so all we need to do now is to run a query to update uh the current row that we got in the database so the id to this row we can get it from sorry there id is equal to row id like that okay then we create a query and then we say update users then we say set email verified because that's the other column here in the table uh where is that table so expires yes but we need to go in the users table we want to make this column the same as this one so email verified should be equal to email okay so you can do that by saying update users set email verified is equal to email like that where id is equal to and then let's just put that id there so just put id like that that way we can avoid using a uh an array like we've been doing all this time so here i'll just copy that and put it here and just run that let me just remove this so this is how you can run a query without having to use prepared statements so database run query and we'll have that there so we just say limit one just so it exits after adding to one of those so set email verified is equal to email where id let's go to id okay so that's so good let's see if any of this works so back here uh let's see let's go down here and let me refresh the page so refresh the page resend there's nothing to resend really let me just refresh the page so at this point i expect that there should be a code in the verify table so there it is expires and the code is there and the email is there as well so let's try and add just a random code here see what happens verify you see wrong code like that okay so you can save those errors to a variable and then just echo them wherever you want so wrong code is there that's true then let's come back here and copy this we are copying the code directly from the database but in our case uh we will send an email so that the user can see it from the other side but let's try if we get the right code oh and by the way once this happens we're supposed to redirect the user to to the uh profile page so location put a foo column and then say profile.php like that and then put die like so okay good so now once we set that and we just click verify so you see that it says code expired because uh the code did expire and also the problem is every time we refresh we're actually creating a new code i think let me come back here are we oh apparently we are not okay so that's good so now what i need to do is since the code has expired let me refresh to get a different code so refresh i should have a new code in here okay so it's only one minutes that i have so let me do that quickly come back here and paste and then click verify okay so that should have worked let's see if it actually worked let's go to users okay so you see there it has uh oh it has put the email in the wrong place why so that's the wrong id hmm okay so it's working but in the wrong place so let me remove this like that okay let's try and see what the problem was so update users okay so what i want to do is to see the query that i have received here so i'm just going to say query and then die like so so i just want to echo the query so that i can find the problem so die is to stop so that we don't redirect so back here uh let me go to verify so that means i have sent a new code so if i go to verify there should be a new code and there it is so copy that and put it here so before we actually run in the database we are going to echo it out so i'm going to verify so it says update users set email verified is equal to email where id is equal to three so why is it getting id is equal to three i think it's following this here instead of the user's table why is that oh this is my bad sorry the id here should come from this session i don't know why i did this so copy that the id should come from the session so instead of email it should be id like that okay sorry about that that should work now okay so let's try it back here back here let's paste oops let's just try again and refresh the page okay then come back here to the verify table and then let's check the new code copy that back here paste verify okay uh it's still asking me to verify and why is that let me come back here again it hasn't worked why is that let's see here okay so my bad again this row should not even be there it should just be this like so sorry a little bit clumsy here okay so let's try one more time verify back here let's go to the verify table and one more there so you see the number of uh rows is increasing and you may think maybe it's too many of these but don't worry database can hold millions and millions of rows so it's not a big deal so back here let's put that here and click verify okay verify profile again why let's go to the users table okay so now it's actually worked john verified john but why isn't this telling me that it's verified now there's a simple reason for this and this is because um when we the data that we're checking is in this session and not actually in the database so this is a mistake that we are doing in the function so let me just copy database run here copy that and let's go to the function so check verified should not check just in the in the user session you should just actually check in the database so let's do this in the database what i'm going to do is read from the database i'll add a simple query here and say query is equal to select or from users where id is equal to and i will put that id in there like so i want to use prepared statements here and then i'll say database run and then the row will be here so say row is equal to and then at this point i'll say if is array is array like that row if that's true then let's do what we are doing here and check so i'll move this in here so here we are checking for the email and so we're going to replace that with row we replace this user with row email however here we must say row is equal to row zero so that we get one item because in this case we just want one item right so say limit one here so it's always an array that comes back in case there are multiple records but in this case we just want the first one so that's why we're doing this so if this is equal to that then it's true so at this point this should work well if i just refresh the profile page and define variable id okay i know why because id is an um undefined so let's define id here so the id will still come from the session like so so session user and then the id but we'll get new records from the database whenever we check just in case they did verify we should know so you see that has disappeared so everything is working fine except we just need to send the user an email so that they can see the code from the email and they don't need to access the database like we are doing and then one more thing that i had forgotten to add here is that on the verification uh you don't want several users using the same email so you can check to to see if the email already exists and if it does you can throw an error and to do that is very easy you just say uh row or let's just call it check is equal to database sorry there database run like that and then we put a query in there which is very simple we're going to say select all from users where email okay where the email is equal to whatever email was put in there we can add it there but let's use prepared statements here because we are not sure of where the data is coming from limit one like that okay so say select or from users where email is equal to email and then we have to provide this email in an array so we won't do it there we just directly create an array here and just say email and then we'll put an arrow like that the fat arrow and let's grab the email data there okay we'll put it right there like so and then put a semicolon over there like this okay so the email email now if we get a result from this we get true because if it's not uh if it doesn't find the result it will return false right so false is good because we want it to be false if it returns true then we know that uh something is wrong so we can put an if statement directly here like so or to simplify things let's just leave check there we just do this if check like that oops sorry which means something was returned so we can check to say if is array just to be very specific if check is an array then we did return a result and so in here we can put an error just like we are putting these errors here copy and paste that and say that email already exists that email already exists okay simple and straightforward and now if we come back here to the i if i log out and then go to sign up i want to try and just sign up with the email that already exists so let me just hit sign up and you see passwords might be at least that email already exists okay so at least you know now that you can do that as well so the remaining part is now to send an email and that's it because everything else works just fine let's try and log in as mary and verify mary as well okay so we're going to say mary at yahoo.com and put our password there and then log in so it's saying hi mary yeah verify profile so i'll click verify and then i'm asked to enter a code but if i had sent that code by email all i need to do is check my email and put it here but we can now check from the database one more time before we do the email thing in the verify there we go copy that and put it here and then verify and you see now mary is also verified we can check that in the users table you see that the emails are matching here so if mary were to edit her account for any reason and add some different value in here then it won't be verified anymore if she changes her email you see now it's asking her to verify again unless she puts back the old email and then she will be verified at that point okay pretty good so the only thing remaining now is to send that email so once we can receive an email in our inbox then this whole process is done so in order to be able to connect to a google uh because we're going to use a google account to send email you can use a yahoo account as well no problem but for those using uh gmail just go to account myaccount.google.com and then go to the security tab here and in there there will be a [Music] there'll be a section in the security tab where it asks you to add an app password here app password was removed here so i removed mine but you can add one here and then if you this is only if you have two-step authentication activated if you don't have it activated just scroll down to the end of this page i won't scroll down uh due to security so you go scroll down to the end of the page and you'll find one an option that says allow less secure uh apps to connect so just tick that one and make sure it sticks but i have two two-step authentication so i have to create an app password in yahoo however you have to go to your account settings and then you have no choice but to just add an app password regardless whether you have two-step authentication or not so when you click that add app you get to here app passwords and you can just create one so let's just say um select an app we just say mail select a device uh we just say computer it doesn't really matter what you select here let's just generate here so then it has given me a password like this one so i'll click that and copy that just save this to an empty uh file here and leave it okay so once we are done hit done don't forget to click done that way it's actually saved here so you can add several of these depending on how many apps you have okay so once we are done with that you can do the same with yahoo account then we are ready to use php mailer to send our emails so let's focus on that now so back in our application folder i have put php mailer there so that's a zip file just right click and say extract here do not extract to the folder just extract here because there's already another folder inside it so it should say php mailer inside it should be the source folder directly okay that's important then i have put a mail.php page here so you'll find a link in the description if for some reason you can't find it just copy the code here i'm just going to scroll down so you can see the code that i have put in here so it's just a uh what you call a boiler plate you can get this from the same page on github php mailer where you got the the thing it's just a sample so i got the sample here and slightly modified it created a function like this send mail here which takes in a recipient subject and message that way it sends all this so it's important that the files are in the correct folder that's why it should be a folder and then source immediately okay otherwise it won't find these required files if you change the folder structure just change these as well otherwise leave it like this so here it's important to put the correct smtp so if you're using yahoo you're going to activate this one and disable this one so that's why i left this one here for the yahoo and then here put your email address so in my case i'm using this one at gmail.com so put it here put it there as well here you just put my website as the or your website name the title of your website and recipient name you can put there if you want you can put variables here to put an actual name of somebody and then here you put your app password so my app password is here so i'm just going to copy that come back here and paste it like so now if you used the method where you don't have two-step authentication and you didn't get an app password just use your real email password okay that will work there otherwise everything else is the same all we have to do is just say send email like that send mail and so i'll just need to require this file in the verify php so they're in the same folder so the same way i'm requiring this function i'll require that file here and say mail dot php so since they're in the same folder it will work out and then right here after we right here where we are creating the code just after we insert into the database let's just send that email okay so the message is simple it's just this is your code that's all so message is equal to your code is and then leave a space concatenate the code itself so the code is inside var's code like that so let's put that there semicolon and then the subject that's up to you you can put sorry there subject copy put that there and just say subject is equal to email verification like that you can put your website name there as well and then the recipient is the email so copy that let's put this here and get that as recipient like so so everything is set it should send an email once we activate that okay so back here in the database i want to remove since i'm logged in as mary i want to remove the oh i'm removing the wrong place i want to remove the verified here to make sure that she is not verified anymore and then i will change her email to the actual email that i'm using there so that it can actually send a real message okay at gmail.com like that okay so that's the email there so let me go back and log in as mary so that uh the email is correct so i'll log in there let me put my password then click verify okay so it's taking a while because it's actually sending an email to using uh my gmail account so we're gonna give it some time so it has come here and it says an email was sent well let's check to see if the email was actually sent so if i go to my uh page now you see that there's an email there that says email verification right so if i click it tells me your code is that so copy that code and paste it here and click verify and you see now mary is verified okay so easy peasy like that nothing difficult so i hope you have learned something and also remember to change the number of minutes here maybe you can give the user 30 minutes or uh this is one minute yes times 30. at least they get 30 minutes to do something before the thing expires or you can put 10 minutes that's entirely up to you okay so i hope you have learned something new in this whole thing sorry that it's been it's taken so long but i want it to be thorough because i get uh questions after i put i post something because some people do not understand the whole con context how to put everything together this is why i decided to do the whole login sign up from scratch so that you can see how everything fits together so at this point you have a functioning website where somebody can log in and then finally they can verify their email alright so i will see you in another tutorial
Info
Channel: Quick Programming
Views: 2,056
Rating: undefined out of 5
Keywords: Web Design Programming Tutorials, web development, quick programming, PHP, MYSQL, HTML, CSS, tutorials, Learn, learn to code, course, coding, json, javascript, svg, website, programming, php tutorial, php login tutorial, how to create a login system in php
Id: nn4HSEaZhnI
Channel Id: undefined
Length: 126min 50sec (7610 seconds)
Published: Sat Jul 24 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.