Login Systems

We now need a way to allow our user to log in. 0:00 Once again, I've provided you with the form so 0:04 that we can focus on the logic behind the login system. 0:06 Our login system we use the related function that we use for 0:10 hashing passwords. 0:13 Password verify, this function will take the current password 0:15 stored in the database, extract the salt from it and try to generate 0:19 the same password hash again with the provided password from the form. 0:24 It will return true or false, 0:29 depending on if the new hash password matches the stored password hash. 0:31 We will also be introducing you to a couple new tools that will be installed 0:36 via Composer, PHP JWT, and php.env. 0:41 PHP JWT is a JSON Web Token package that allows you 0:47 to generate a job that will store in our cookie. 0:51 Php.env is a nice package to set environment variables based on a file. 0:55 Since we're going to need a new package for 1:01 this system, let's install our new package through Composer. 1:03 In your workspace go to view, show console. 1:06 This will provide you with a prompt for your project. 1:11 The package we're going to be using is the php-jwt by Firebase. 1:14 So let's type in composer 1:20 require firebase/php-jwt. 1:25 This will install the package and update your composer.json and composer.loc files. 1:31 We also need to require the php.env package. 1:39 As a second way of doing this, you could open the composer.json file. 1:43 Find the require section and 1:53 add "vlucas/phpdotenv" : ^2.4. 1:59 Make sure that you add a comma to separate these two packages. 2:08 This method requires that you know the latest stable release or 2:11 version that you want to use. 2:15 After updating your json file go back to the console. 2:17 And type composer update. 2:24 We need to create a new .env file in our project. 2:30 This is where we'll store environment variables. 2:34 I'll go over this in just a little bit, but 2:37 before we do that, let's create our login procedure. 2:39 In the procedures folder, create a new file. 2:43 Name this doLogin.php. 2:47 Start off like the rest of the procedures with the bootstrap file. 2:56 Now, let's get the user by the email address that was supplied. 3:12 If the user array that is returned is empty, then we need to redirect back to 3:31 the login screen since the user with that email does not exist. 3:36 If (empty($user) 3:42 redirect('/login. 3:48 Next, we need to check to see if the passwords match. 3:54 Since the password is hashed, 3:58 we cannot just compare what was provided to us with what is in the database. 4:00 We can, however use the password_verify function to do so. 4:05 If (!password_verify(request() 4:14 =>get('password'), and 4:22 then the user password. 4:28 Again we'll redirect to the login page. 4:41 If we get past both these checks the user can log in. 4:47 So let's create a jot to store in our cookie. 4:51