1
00:00:00,470 --> 00:00:08,720
In this lecture, we will create a login page for our panel to do so, we will be using HTML Forms

2
00:00:09,380 --> 00:00:14,360
$_POST global variable of PHP and MySQL prepared statements.

3
00:00:15,430 --> 00:00:20,830
If you are new to this concept, please learn more about them before continuing.

4
00:00:22,200 --> 00:00:24,120
So let's start coding.

5
00:00:25,410 --> 00:00:27,450
Open up your Atom Editor

6
00:00:28,930 --> 00:00:32,980
And create a new file called login.php

7
00:00:38,220 --> 00:00:43,380
In order to take input from the user, we need to create an HTML form.

8
00:00:44,530 --> 00:00:47,010
To do so, open your html tag

9
00:00:49,870 --> 00:00:54,580
and in order to create a form, you need to open a form tag.

10
00:00:54,580 --> 00:00:59,290
our form tag will take two attributes.

11
00:00:59,920 --> 00:01:01,810
First attributes, will be action.

12
00:01:03,130 --> 00:01:08,110
We will keep it blank because we will send the request to the same page.

13
00:01:09,130 --> 00:01:17,710
And second attribute will be the method, we will be using post requests so our method attribute will be POST

14
00:01:17,710 --> 00:01:18,280
POST

15
00:01:20,560 --> 00:01:28,450
Our form will have two input fields and one submit button, the first input field will be used for username

16
00:01:28,450 --> 00:01:31,420
and second one for password.

17
00:01:32,630 --> 00:01:40,130
Let's create the input fields first input field will be used for the user name, so it's type will the

18
00:01:40,130 --> 00:01:48,590
text and it's name will be username and its placeholder will be username.

19
00:01:51,570 --> 00:02:01,650
And the second input field will be in password type and it's name will be password and its placeholder

20
00:02:01,650 --> 00:02:03,420
will be a bunch of stars.

21
00:02:07,060 --> 00:02:11,710
And we need to create a submit button in order to send our request.

22
00:02:13,180 --> 00:02:21,520
To do so we will create one more input tag, this time, the type will be submit and name will be submit.

23
00:02:22,590 --> 00:02:24,460
And value will be log-in

24
00:02:25,570 --> 00:02:29,140
This value will appear on the button.

25
00:02:33,380 --> 00:02:43,460
And close form tag. Let's see if everything went well, open up your Firefox or another Web browser

26
00:02:43,790 --> 00:02:48,260
and go to your localhost, slash login.php

27
00:02:49,970 --> 00:02:53,150
As you can see, our form has been created.

28
00:02:55,490 --> 00:03:03,760
What's next? We need to process the given username and password. To do so, we will be using PHP.

29
00:03:07,910 --> 00:03:15,110
Open your PHP tag at the top of your login.php file, we need to create if statements

30
00:03:15,470 --> 00:03:23,020
in order to check if given request is POST and username and password parameters has been set.

31
00:03:24,740 --> 00:03:33,860
Let's create if the request method is POST and

32
00:03:37,070 --> 00:03:37,820
Username

33
00:03:40,430 --> 00:03:41,450
and password.

34
00:03:43,320 --> 00:03:51,480
Parameters has been set, we will send the request, we will send the query to our database.

35
00:03:56,600 --> 00:04:04,750
In order to send database queries securely, we will be using MySQL prepared statements. To do so,

36
00:04:05,450 --> 00:04:13,100
We need the MySQL variable from the conn.php file because we will be connecting and executing queries

37
00:04:13,370 --> 00:04:14,330
on database.

38
00:04:17,330 --> 00:04:22,900
To include conn.php file into login.php file,

39
00:04:23,630 --> 00:04:25,530
We will be using include function

40
00:04:27,920 --> 00:04:33,890
Now we can use the $mysql variable, so let's create a prepared statement.

41
00:04:40,290 --> 00:04:42,120
We will be using prepared methods

42
00:04:43,820 --> 00:04:54,680
Our database query will be select * from users where username is question mark and password is question mark,

43
00:04:55,550 --> 00:05:00,740
those question marks will be replaced with given parameters. To replace them,

44
00:05:01,100 --> 00:05:03,440
We will be using method.

45
00:05:12,700 --> 00:05:15,820
These data types will be string.

46
00:05:19,970 --> 00:05:27,280
The first s will be used for the username parameter and second s will be used for password parameter.

47
00:05:27,860 --> 00:05:32,250
So we are making sure that their data types are string.

48
00:05:34,070 --> 00:05:44,330
Let's replace the first question mark, its user name, parameter and second question mark with password

49
00:05:44,330 --> 00:05:44,900
parameter.

50
00:05:47,520 --> 00:05:53,610
And and then execute the query by using execute function.

51
00:05:56,800 --> 00:06:05,650
And we need to store results in order to check if the username and password is valid or not. To do so,

52
00:06:05,680 --> 00:06:14,550
use store_result() function if the result of the query has more than zero rows

53
00:06:16,330 --> 00:06:22,660
More than zero rows, which means that username and password exist on database.

54
00:06:24,310 --> 00:06:32,970
Let's check if the result of the query has more than zero rows.

55
00:06:34,420 --> 00:06:44,070
We will redirect user to index.php page, which will be the main page of the control panel

56
00:06:44,840 --> 00:06:45,580
else,

57
00:06:46,670 --> 00:06:50,060
We will print out an error message.

58
00:06:53,150 --> 00:06:57,920
Wrong username and/or password.

59
00:07:03,260 --> 00:07:09,470
And if the username and password is valid, we will start the session.

60
00:07:14,300 --> 00:07:18,110
And we will set the username value

61
00:07:20,440 --> 00:07:27,220
Into our session, which will be our username parameter,

62
00:07:34,180 --> 00:07:45,820
and we will redirect user to index.php with using header function of PHP.

63
00:07:47,280 --> 00:07:57,060
So one more thing to do in order to keep our passwords securely in database, we will be using hashes

64
00:07:57,990 --> 00:07:58,700
To do so,

65
00:07:59,400 --> 00:08:02,250
I will be using the MD5 hash.

66
00:08:05,580 --> 00:08:11,300
Just encapsulate your password inside the MD5 function.

67
00:08:12,570 --> 00:08:19,350
I know the fact that it's not the best hashing algorithm to use, but as long as you keep your password

68
00:08:19,470 --> 00:08:24,660
complex enough the MD5 function will be enough to secure yourself.

69
00:08:26,290 --> 00:08:26,740
So.

70
00:08:28,390 --> 00:08:37,420
Let's go to the login page again and try to log in with a random username and password, as you can

71
00:08:37,420 --> 00:08:42,730
see from username and password, message has been shown .

72
00:08:42,760 --> 00:08:44,980
Since Oour database has no records yet,

73
00:08:45,640 --> 00:08:48,960
We have no username and password which can be used for login.

74
00:08:49,630 --> 00:08:54,310
So in the next lecture, we will create an username and password in database.

75
00:08:55,120 --> 00:08:57,100
So that's it for this lecture.

76
00:08:57,250 --> 00:08:58,360
See you in the next one.