1 00:00:00,450 --> 00:00:04,110 We now need a way to allow our users to log in. 2 00:00:04,110 --> 00:00:06,670 Once again, I have provided you with the form so 3 00:00:06,670 --> 00:00:10,500 that we can focus on the logic behind the login system. 4 00:00:10,500 --> 00:00:14,140 Our login system will use the related function that we used for 5 00:00:14,140 --> 00:00:17,390 hashing passwords, password verify. 6 00:00:17,390 --> 00:00:19,665 This function will take the correct password, 7 00:00:19,665 --> 00:00:24,340 stored in the database, extract the salt from it, which is the part of the string 8 00:00:24,340 --> 00:00:28,980 that goes from the last dollar sign and is the next 22 characters. 9 00:00:28,980 --> 00:00:32,360 And tries to generate that same password hash again 10 00:00:32,360 --> 00:00:35,050 with the provided password from the form. 11 00:00:35,050 --> 00:00:39,912 It will return true or false, depending on if this new hash 12 00:00:39,912 --> 00:00:43,692 password matches the stored password hash. 13 00:00:43,692 --> 00:00:45,204 Let's start with our login procedure. 14 00:00:45,204 --> 00:00:48,669 In the procedures folder, 15 00:00:48,669 --> 00:00:53,195 add a new file named doLogin.php. 16 00:00:56,812 --> 00:01:00,150 Start off like the rest of the procedures with the Bootstrap file. 17 00:01:13,640 --> 00:01:18,476 Now let's grab the user by the username that they supplied. 18 00:01:18,476 --> 00:01:23,609 User = findUserByUsername. 19 00:01:25,850 --> 00:01:32,931 And we'll parse the request, get("username"). 20 00:01:34,514 --> 00:01:38,064 Now, if the user array that is returned is empty, 21 00:01:38,064 --> 00:01:43,811 then we need to add a flash error message, and redirect back to the login screen, 22 00:01:43,811 --> 00:01:47,210 since a user with that username does not exist. 23 00:01:49,291 --> 00:01:52,967 If (empty($user)), 24 00:01:55,060 --> 00:02:00,902 Then our $session->getFlashBag() 25 00:02:02,955 --> 00:02:11,370 ->add('error', Username was not found. 26 00:02:14,507 --> 00:02:20,056 Redirect back to login.php. 27 00:02:23,260 --> 00:02:27,860 Now, we need to check to see if the passwords match. 28 00:02:27,860 --> 00:02:31,049 Since the password in the database is hashed, 29 00:02:31,049 --> 00:02:36,298 we cannot just compare what was provided to us with what was in the database. 30 00:02:36,298 --> 00:02:40,982 We can, however, use the password verify function to do so. 31 00:02:40,982 --> 00:02:45,304 If (!password_verify 32 00:02:48,728 --> 00:02:50,270 We'll pass the request. 33 00:02:53,352 --> 00:02:59,438 ->get ("password") And 34 00:02:59,438 --> 00:03:02,630 the $user("password"). 35 00:03:10,158 --> 00:03:16,137 If the passwords do not match, then we add a flash message, 36 00:03:16,137 --> 00:03:22,504 $session->getFlashBag(), ->add('error 37 00:03:24,779 --> 00:03:27,830 Invalid Password. 38 00:03:30,193 --> 00:03:34,350 And then redirect back to the login page. 39 00:03:36,260 --> 00:03:40,042 If we get past both these checks, the user can log in, so 40 00:03:40,042 --> 00:03:43,920 we're going to restore the user details in our session. 41 00:03:45,950 --> 00:03:50,735 We'll set session- > set, we'll say 42 00:03:50,735 --> 00:03:56,660 auth_logged_in, and we'll set this to true. 43 00:03:56,660 --> 00:04:01,749 And we'll need two more 44 00:04:01,749 --> 00:04:06,584 auth_user_id, and 45 00:04:06,584 --> 00:04:09,896 auth_roles. 46 00:04:13,452 --> 00:04:18,033 Our user id will be set to $user[' id), and 47 00:04:18,033 --> 00:04:22,500 we want to make sure this is an integer. 48 00:04:22,500 --> 00:04:27,586 So we'll use int to force an integer. 49 00:04:27,586 --> 00:04:31,240 We'll do the same thing for the roles. 50 00:04:31,240 --> 00:04:40,110 We'll force an integer and we'll use $user, Role_id. 51 00:04:40,110 --> 00:04:44,093 We can then add a success flash 52 00:04:44,093 --> 00:04:49,040 message, $session-getFlashBag 53 00:04:52,399 --> 00:05:00,908 Add(success', 'successfully Logged In'); and 54 00:05:00,908 --> 00:05:07,570 redirect, Back to the homepage. 55 00:05:09,950 --> 00:05:10,580 Let's try logging in. 56 00:05:19,500 --> 00:05:21,620 The wrong password gives us an invalid password. 57 00:05:25,130 --> 00:05:27,328 A wrong user tells us that the user name was not found. 58 00:05:31,110 --> 00:05:33,820 And we were successfully logged in. 59 00:05:33,820 --> 00:05:38,374 So our message tells us that we we've been successfully been logged in, but 60 00:05:38,374 --> 00:05:41,944 we have no way of knowing if we are actually logged in or not. 61 00:05:41,944 --> 00:05:44,820 Let's start building our off functions.