Login Systems

4:53 with Alena Holligan and Brian Retterer

What good is a registration system without a way for the user to log in. We'll be using some additional packages for building a JWT and storing environmental variables.

Teacher's Notes
Video Transcript
Downloads

Check out this course if you want to know more about Dependency Management with Composer

Packages

PHP JWT by Firebase: a simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519.
PHP dotenv: Loads environment variables from .env to getenv(), $_ENV and $_SERVER automagically.

Steps to Creating a .env file

Preview your site in a browser again and copy the domain name from the url.
In the 'inc' folder, create a new file named env.txt
open the file and create 2 lines:
SECRET_KEY= string_of_64_random_characters COOKIE_DOMAIN= url_from_step_1
Close the file and rename env.txt to .env

0:00
We now need a way to allow our user to log in.
0:04
Once again, I've provided you with the form so
0:06
that we can focus on the logic behind the login system.
0:10
Our login system we use the related function that we use for
0:13
hashing passwords.
0:15
Password verify, this function will take the current password
0:19
stored in the database, extract the salt from it and try to generate
0:24
the same password hash again with the provided password from the form.
0:29
It will return true or false,
0:31
depending on if the new hash password matches the stored password hash.
0:36
We will also be introducing you to a couple new tools that will be installed
0:41
via Composer, PHP JWT, and php.env.
0:47
PHP JWT is a JSON Web Token package that allows you
0:51
to generate a job that will store in our cookie.
0:55
Php.env is a nice package to set environment variables based on a file.
1:01
Since we're going to need a new package for
1:03
this system, let's install our new package through Composer.
1:06
In your workspace go to view, show console.
1:11
This will provide you with a prompt for your project.
1:14
The package we're going to be using is the php-jwt by Firebase.
1:20
So let's type in composer
1:25
require firebase/php-jwt.
1:31
This will install the package and update your composer.json and composer.loc files.
1:39
We also need to require the php.env package.
1:43
As a second way of doing this, you could open the composer.json file.
1:53
Find the require section and
1:59
add "vlucas/phpdotenv" : ^2.4.
2:08
Make sure that you add a comma to separate these two packages.
2:11
This method requires that you know the latest stable release or
2:15
version that you want to use.
2:17
After updating your json file go back to the console.
2:24
And type composer update.
2:30
We need to create a new .env file in our project.
2:34
This is where we'll store environment variables.
2:37
I'll go over this in just a little bit, but
2:39
before we do that, let's create our login procedure.
2:43
In the procedures folder, create a new file.
2:47
Name this doLogin.php.
2:56
Start off like the rest of the procedures with the bootstrap file.
3:12
Now, let's get the user by the email address that was supplied.
3:31
If the user array that is returned is empty, then we need to redirect back to
3:36
the login screen since the user with that email does not exist.
3:42
If (empty($user)
3:48
redirect('/login.
3:54
Next, we need to check to see if the passwords match.
3:58
Since the password is hashed,
4:00
we cannot just compare what was provided to us with what is in the database.
4:05
We can, however use the password_verify function to do so.
4:14
If (!password_verify(request()
4:22
=>get('password'), and
4:28
then the user password.
4:41
Again we'll redirect to the login page.
4:47
If we get past both these checks the user can log in.
4:51
So let's create a jot to store in our cookie.

You need to sign up for Treehouse in order to download course files.

PHP User Authentication

Login Systems

Packages

Steps to Creating a .env file

Sign in