Login System5:45 with Alena Holligan
What good is a registration system without a way for the user to log in. We will verify user credentials and save information to the user session.
Check out this course if you want to know more about Dependency Management with Composer
password_verify() - Verifies that the given hash matches the given password.
Returns TRUE if the password and hash match, or FALSE otherwise.
Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.
We now need a way to allow our users to log in. 0:00 Once again, I have provided you with the form so 0:04 that we can focus on the logic behind the login system. 0:06 Our login system will use the related function that we used for 0:10 hashing passwords, password verify. 0:14 This function will take the correct password, 0:17 stored in the database, extract the salt from it, which is the part of the string 0:19 that goes from the last dollar sign and is the next 22 characters. 0:24 And tries to generate that same password hash again 0:28 with the provided password from the form. 0:32 It will return true or false, depending on if this new hash 0:35 password matches the stored password hash. 0:39 Let's start with our login procedure. 0:43 In the procedures folder, 0:45 add a new file named doLogin.php. 0:48 Start off like the rest of the procedures with the Bootstrap file. 0:56 Now let's grab the user by the username that they supplied. 1:13 User = findUserByUsername. 1:18 And we'll parse the request, get("username"). 1:25 Now, if the user array that is returned is empty, 1:34 then we need to add a flash error message, and redirect back to the login screen, 1:38 since a user with that username does not exist. 1:43 If (empty($user)), 1:49 Then our $session->getFlashBag() 1:55 ->add('error', Username was not found. 2:02 Redirect back to login.php. 2:14 Now, we need to check to see if the passwords match. 2:23 Since the password in the database is hashed, 2:27 we cannot just compare what was provided to us with what was in the database. 2:31 We can, however, use the password verify function to do so. 2:36 If (!password_verify 2:40 We'll pass the request. 2:48 ->get ("password") And 2:53 the $user("password"). 2:59 If the passwords do not match, then we add a flash message, 3:10 $session->getFlashBag(), ->add('error 3:16 Invalid Password. 3:24 And then redirect back to the login page. 3:30 If we get past both these checks, the user can log in, so 3:36 we're going to restore the user details in our session. 3:40 We'll set session- > set, we'll say 3:45 auth_logged_in, and we'll set this to true. 3:50 And we'll need two more 3:56 auth_user_id, and 4:01 auth_roles. 4:06 Our user id will be set to $user[' id), and 4:13 we want to make sure this is an integer. 4:18 So we'll use int to force an integer. 4:22 We'll do the same thing for the roles. 4:27 We'll force an integer and we'll use $user, Role_id. 4:31 We can then add a success flash 4:40 message, $session-getFlashBag 4:44 Add(success', 'successfully Logged In'); and 4:52 redirect, Back to the homepage. 5:00 Let's try logging in. 5:09 The wrong password gives us an invalid password. 5:19 A wrong user tells us that the user name was not found. 5:25 And we were successfully logged in. 5:31 So our message tells us that we we've been successfully been logged in, but 5:33 we have no way of knowing if we are actually logged in or not. 5:38 Let's start building our off functions. 5:41
You need to sign up for Treehouse in order to download course files.Sign up