MohammedTsmu
diff --git a/‎README.md
Lines changed: 42 additions & 2 deletions b/‎README.md
Lines changed: 42 additions & 2 deletions
diff --git a/‎login.php
Lines changed: 142 additions & 0 deletions b/‎login.php
Lines changed: 142 additions & 0 deletions
diff --git a/‎logout.php
Lines changed: 12 additions & 0 deletions b/‎logout.php
Lines changed: 12 additions & 0 deletions
diff --git a/‎password_reset.php
Lines changed: 122 additions & 0 deletions b/‎password_reset.php
Lines changed: 122 additions & 0 deletions
@@ -1,2 +1,42 @@
-# authentication-system-mysql-php-LOGIN-SYSTEM-IN-PHP-AND-MYSQL
-user login system using php and mysql
+# LOGIN SYSTEM IN PHP AND MYSQL: User Authentication system.
+
+###### VERSION 1.0.0
+
+User authentication in web developemen is used to authorized and
+restrict users to certain pages in a web appplication.
+
+## REGISTERATION SYSTEM
+
+### DATABASE TABLE IN MYSQL
+
+The database used is MySQL, so you'll need a MySQL database to run create the users table.
+Run the `sql.sql` file in MySQL database to create users table
+
+### CONFIGURATION FILE
+
+The PHP script to connect to the database is in `config/config.php` directory.
+Replace credentials to in `config.php` to match your server credentials.
+
+### REGISTERATION FORM AND SCRIPT
+
+The `register.php` creates a web form that allows users to register themselves.
+The script generates error if form input is empty and username is has been taking already by another user.
+
+## LOGIN SYSTEM
+
+### LOGIN FORM AND SCRIPT
+
+`login.php` is the login script.
+When a user submit a form with the input of username and password, these inputs will be verified against the credentials data stored in the database, if there is a match then the user will be authorized and granted access to site or page.
+
+### WELCOME PAGE
+
+User is redirected to `welcome.php` if login is successful.
+
+### PASSWORD RESET
+
+logged in user can reset password for registered account.
+script is in `password_reset.php`
+
+<hr />
+<small>Give this a project ⭐ if you found it useful, and follow me for more interesting future projects</small>
@@ -0,0 +1,142 @@
+<?php
+// Initialize sessions
+session_start();
+
+// Check if the user is already logged in, if yes then redirect him to welcome page
+if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
+  header("location: welcome.php");
+  exit;
+}
+
+// Include config file
+require_once "config/config.php";
+
+// Define variables and initialize with empty values
+$username = $password = '';
+$username_err = $password_err = '';
+
+// Process submitted form data
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+
+  // Check if username is empty
+  if (empty(trim($_POST['username']))) {
+    $username_err = 'Please enter username.';
+  } else {
+    $username = trim($_POST['username']);
+  }
+
+  // Check if password is empty
+  if (empty(trim($_POST['password']))) {
+    $password_err = 'Please enter your password.';
+  } else {
+    $password = trim($_POST['password']);
+  }
+
+  // Validate credentials
+  if (empty($username_err) && empty($password_err)) {
+    // Prepare a select statement
+    $sql = 'SELECT id, username, password FROM users WHERE username = ?';
+
+    if ($stmt = $mysql_db->prepare($sql)) {
+
+      // Set parmater
+      $param_username = $username;
+
+      // Bind param to statement
+      $stmt->bind_param('s', $param_username);
+
+      // Attempt to execute
+      if ($stmt->execute()) {
+
+        // Store result
+        $stmt->store_result();
+
+        // Check if username exists. Verify user exists then verify
+        if ($stmt->num_rows == 1) {
+          // Bind result into variables
+          $stmt->bind_result($id, $username, $hashed_password);
+
+          if ($stmt->fetch()) {
+            if (password_verify($password, $hashed_password)) {
+
+              // Start a new session
+              session_start();
+
+              // Store data in sessions
+              $_SESSION['loggedin'] = true;
+              $_SESSION['id'] = $id;
+              $_SESSION['username'] = $username;
+
+              // Redirect to user to page
+              header('location: welcome.php');
+            } else {
+              // Display an error for passord mismatch
+              $password_err = 'Invalid password';
+            }
+          }
+        } else {
+          $username_err = "Username does not exists.";
+        }
+      } else {
+        echo "Oops! Something went wrong please try again";
+      }
+      // Close statement
+      $stmt->close();
+    }
+
+    // Close connection
+    $mysql_db->close();
+  }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8">
+  <title>Sign in</title>
+  <link href="https://stackpath.bootstrapcdn.com/bootswatch/4.4.1/cosmo/bootstrap.min.css" rel="stylesheet" integrity="sha384-qdQEsAI45WFCO5QwXBelBe1rR9Nwiss4rGEqiszC+9olH1ScrLrMQr1KmDR964uZ" crossorigin="anonymous">
+  <style>
+    .wrapper {
+      width: 500px;
+      padding: 20px;
+    }
+
+    .wrapper h2 {
+      text-align: center
+    }
+
+    .wrapper form .form-group span {
+      color: red;
+    }
+  </style>
+</head>
+
+<body>
+  <main>
+    <section class="container wrapper">
+      <h2 class="display-4 pt-3">Login</h2>
+      <p class="text-center">Please fill this form to create an account.</p>
+      <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="POST">
+        <div class="form-group <?php (!empty($username_err)) ? 'has_error' : ''; ?>">
+          <label for="username">Username</label>
+          <input type="text" name="username" id="username" class="form-control" value="<?php echo $username ?>">
+          <span class="help-block"><?php echo $username_err; ?></span>
+        </div>
+
+        <div class="form-group <?php (!empty($password_err)) ? 'has_error' : ''; ?>">
+          <label for="password">Password</label>
+          <input type="password" name="password" id="password" class="form-control" value="<?php echo $password ?>">
+          <span class="help-block"><?php echo $password_err; ?></span>
+        </div>
+
+        <div class="form-group">
+          <input type="submit" class="btn btn-block btn-outline-primary" value="login">
+        </div>
+        <p>Don't have an account? <a href="register.php">Sign in</a>.</p>
+      </form>
+    </section>
+  </main>
+</body>
+
+</html>
@@ -0,0 +1,12 @@
+<?php
+// Start sessions
+session_start();
+
+$_SESSION  = array();
+
+// Destroy all session related to user
+session_destroy();
+
+// Redirect to login page
+header('location: login.php');
+exit;
@@ -0,0 +1,122 @@
+<?php
+// Initialize the session
+session_start();
+
+// Check if the user is logged in, if not then redirect to login page
+if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
+    header('location: login.php');
+    exit;
+}
+
+// Include config file
+require_once 'config/config.php';
+
+// Define variables and initialize with empty values
+$new_password = $confirm_password = '';
+$new_password_err = $confirm_password_err = '';
+
+// Processing form data when form is submitted
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+    // Validate new password
+    if (empty(trim($_POST['new_password']))) {
+        $new_password_err = 'Please enter the new password.';
+    } elseif (strlen(trim($_POST['new_password'])) < 6) {
+        $new_password_err = 'Password must have atleast 6 characters.';
+    } else {
+        $new_password = trim($_POST['new_password']);
+    }
+
+    // Validate confirm password
+    if (empty(trim($_POST['confirm_password']))) {
+        $confirm_password_err = 'Please confirm the password.';
+    } else {
+        $confirm_password = trim($_POST['confirm_password']);
+        if (empty($new_password_err) && ($new_password != $confirm_password)) {
+            $confirm_password_err = 'Password did not match.';
+        }
+    }
+
+    // Check input errors before updating the database
+    if (empty($new_password_err) && empty($confirm_password_err)) {
+        // Prepare an update statement
+        $sql = 'UPDATE users SET password = ? WHERE id = ?';
+
+        if ($stmt = $mysql_db->prepare($sql)) {
+            // Set parameters
+            $param_password = password_hash($new_password, PASSWORD_DEFAULT);
+            $param_id = $_SESSION["id"];
+
+            // Bind variables to the prepared statement as parameters
+            $stmt->bind_param("si", $param_password, $param_id);
+
+
+            // Attempt to execute the prepared statement
+            if ($stmt->execute()) {
+                // Password updated successfully. Destroy the session, and redirect to login page
+                session_destroy();
+                header("location: login.php");
+                exit();
+            } else {
+                echo "Oops! Something went wrong. Please try again later.";
+            }
+
+            // Close statement
+            $stmt->close();
+        }
+
+        // Close connection
+        $mysql_db->close();
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Reset Password</title>
+    <link href="https://stackpath.bootstrapcdn.com/bootswatch/4.4.1/cosmo/bootstrap.min.css" rel="stylesheet" integrity="sha384-qdQEsAI45WFCO5QwXBelBe1rR9Nwiss4rGEqiszC+9olH1ScrLrMQr1KmDR964uZ" crossorigin="anonymous">
+    <style type="text/css">
+        .wrapper {
+            width: 500px;
+            padding: 20px;
+        }
+
+        .wrapper h2 {
+            text-align: center
+        }
+
+        .wrapper form .form-group span {
+            color: red;
+        }
+    </style>
+</head>
+
+<body>
+    <main class="container wrapper">
+        <section>
+            <h2>Reset Password</h2>
+            <p>Please fill out this form to reset your password.</p>
+            <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+                <div class="form-group <?php echo (!empty($new_password_err)) ? 'has-error' : ''; ?>">
+                    <label>New Password</label>
+                    <input type="password" name="new_password" class="form-control" value="<?php echo $new_password; ?>">
+                    <span class="help-block"><?php echo $new_password_err; ?></span>
+                </div>
+                <div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
+                    <label>Confirm Password</label>
+                    <input type="password" name="confirm_password" class="form-control">
+                    <span class="help-block"><?php echo $confirm_password_err; ?></span>
+                </div>
+                <div class="form-group">
+                    <input type="submit" class="btn btn-block btn-primary" value="Submit">
+                    <a class="btn btn-block btn-link bg-light" href="welcome.php">Cancel</a>
+                </div>
+            </form>
+        </section>
+    </main>
+</body>
+
+</html>