Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Sign Up Log In
Email Address*
Set A Password*
GET STARTED
Below is a chart showing how all the PHP files in the system
are interacting with each other and what important action
and display message each one does. I've colored most
PHP files yellow, mailed PHP files are in blue, and form
action file which is being called other than the file itself,
which is the only one - reset_password.php is in red. All the
display messages are colored green. Finally, the most
important action a PHP file is responsible for is in gray.
//connection variables
$host = 'localhost';
$user = '';
$password = '';
With the SQL database and table created, we're now ready
to start coding the login system. Let's begin with db.php file
<?php
/* Displays all error messages */
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Error</h1>
<p>
<?php
if( isset($_SESSION['message']) AND !empty
($_SESSION['message']) ):
echo $_SESSION['message'];
else:
header( "location: index.php" );
endif;
?>
</p>
<a href="index.php"><button class="button button-
block"/>Home</button></a>
</div>
</body>
</html>
As you can see, the only thing it does it prints out the
message from the $_SESSION['message'] variable, which
will be set on the previous page. We must first start the
session by calling "session_start()" function so we have
access to $_SESSION global variable. We then make sure
that the variable is set with "isset()" and not empty "!empty
()" functions before attempting to print it out. If the variable
is not set, we redirect the user back to the "index.php" page
with header() function.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
require 'register.php';
}
}
?>
<body>
<!-- register and login form code here -->
}
else { // Email doesn't already exist in a database,
proceed...
http://localhost/login-system/verify.php?
email='.$email.'&hash='.$hash;
mail( $to, $subject, $message_body );
header("location: profile.php");
else {
$_SESSION['message'] = 'Registration failed!';
header("location: error.php");
}
var_dump( $result );
//output: object(mysqli_result)#2 (5) {
["current_field"]=> int(0) ["field_count"]=> int(7)
["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=>
int(0) }
The final step, is to send the user an email with the account
activation link:
http://localhost/login-system/verify.php?
email='.$email.'&hash='.$hash;
mail( $to, $subject, $message_body );
if ( $result->num_rows == 0 )
{
$_SESSION['message'] = "Account has already
been activated or the URL is invalid!";
header("location: error.php");
}
else {
$_SESSION['message'] = "Your account has been
activated!";
header("location: success.php");
}
}
else {
$_SESSION['message'] = "Invalid parameters
provided for account verification!";
header("location: error.php");
}
if ( $result->num_rows == 0 )
{
$_SESSION['message'] = "Account has already
been activated or the URL is invalid!";
header("location: error.php");
}
else {
$_SESSION['message'] = "Your account has been
activated!";
If everything went well and the user has been found with
matching email and hash, we proceed to next MySQL
statement which sets the value of user to 1 (active = 1)
WHERE email=$email. We also set the session 'active'
variable to 1, so that the "unverified account message" is
removed from user's profile right away.
$_SESSION['active'] = 1;
if ( password_verify($_POST['password'], $user
['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong
password, try again!";
header("location: error.php");
}
}
The first step is to check if the user exists in the database
with that email, so we run a simple SQL query and select
the user based on the email provided:
$user = $result->fetch_assoc();
print_r($user); die;
/*output
Array (
[id] => 1
[first_name] => Clever
[last_name] => Techie
[email] => shustikov@gmail.com
[password] => $2y$10
$4UOoPPUJbqx.eK83UQTXY.KNrm1xepeBq0.Q4WbBlyPuDF8DdYwOa
[hash] => 54a367d629152b720749e187b3eaa11b
[active] => 1
)
*/
if ( password_verify($_POST['password'], $user
['password']) )
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
header("location: profile.php");
We have used all of our values from the $user array which
we looked at previously to set a lot of our session variables
to display on the profile page. Also, $_SESSION
['logged_in'] is set to true so that we know the user is in fact
logged in. The login process is now complete. Finally, let's
take a look at forgot.php to see how password reset
process works:
$email = $user['email'];
$hash = $user['hash'];
$first_name = $user['first_name'];
http://localhost/login-system/reset.php?
email='.$email.'&hash='.$hash;
header("location: success.php");
}
}
http://localhost/login-system/reset.php?
email='.$email.'&hash='.$hash;
header("location: success.php");
When a user clicks on the URL with reset.php, they land on
reset.php page with their email and hash variables set,
we're doing this in exactly the same way we have verified
account, so this should be a review. Let's now look at
reset.php code:
if ( $result->num_rows == 0 )
{
$_SESSION['message'] = "You have entered
invalid URL for password reset!";
header("location: error.php");
}
}
else {
$_SESSION['message'] = "Sorry, verification
failed, try again!";
header("location: error.php");
}
if ( $mysqli->query($sql) ) {
}
else {
$_SESSION['message'] = "Two passwords you
entered don't match, try again!";
header("location: error.php");
}
if ( $mysqli->query($sql) ) {
$_SESSION['message'] = "Your password has been reset
successfully!";
header("location: success.php");
You did it! This was a long tutorial and I hope you learned a
lot from it, if at any point you get confused, go back and look
at the chart so you can see the big picture of how
everything is put together and where important things are
happening. Please post any questions, comments and
concerns below.
May be somebody has the skills to modifi profile.php and add the
functionality "change password", than this code will be really complete.
1 Reply Share
mmtuts
YouTube 26R
Clever Techie
YouTube 6R