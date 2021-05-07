Using a database for this is exceedingly easy. All you will need to know how to do is make the database connection, and how to build and execute an INSERT query (in the signup form processing) and a SELECT query (in the login form processing.) The following shows the database specific logic, after you have detected if the form has been submitted, trimmed, and validated all the inputs, using the PDO extension -
Signup/insert query:
// if no errors, use the submitted data
if(empty($errors))
{
$sql = "INSERT INTO users (username, password) VALUES (?, ?)";
$stmt = $pdo->prepare($sql);
try { // a 'local' try/catch to handle a specific error type
$stmt->execute([
$post['username'],
password_hash($post['password'], PASSWORD_DEFAULT)
]);
} catch (PDOException $e) {
if($e->errorInfo[1] == 1062) // duplicate key error number
{
$errors['username'] = "Username is already in use.";
} else {
throw $e; // re-throw the pdoexception if not handled by this logic
}
}
}
Login/select query:
// if no errors, use the submitted data
if(empty($errors))
{
$sql = "SELECT id, password from users WHERE username = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([
$post['username']
]);
if(!$row = $stmt->fetch())
{
// username was not found
$errors['login'] = "Invalid Username/Password.";
} else {
// username found, verify the password hash
if(!password_verify($post['password'],$row['password']))
{
// password doesn't match
$errors['login'] = "Invalid Username/Password.";
} else {
// password matches
$_SESSION['user_id'] = $row['id'];
}
}
}