Create a PHP and Ajax Login/Registration System

1. Welcome Video: Oh, hello there. Welcome to how to create a PHP log in and registration system using Ajax. In this course, we're going to learn how to use JavaScript, Jake weary Ajax PHP my SQL and get for our version control. We'll make all of our Ajax requests return Jason objects. So if you're not familiar with Jason, while this is a perfect time to get your hands little dirtying of the practice with Jason, this entire course is one large project. This is a real life project that you can use on every website in the future, and this code is 100% applicable to all of your projects. All of your websites that you will ever build now will be creating a logging system, a registration system, a log out system and a members only area. So people have to be signed in. After you registered to see these pages near the end of the course, we'll turn some of the code into functions, and then we're going to go ahead and turn those functions into classes which gets her hands dirty with some object orientated programming. Now, if you're not familiar with object oriented programming or O p. Then again, this is a great time to be introduced to it. Now we'll also be upgrading your my SQL knowledge. So if you've been using my ask you ally instead in this course, what we're going to learn is PDO, which is the Hopi version of my ask. You realize it's a lot cleaner and it's a lot more secure. Hello, my name is Caleb telling I'm your instructor for this course. I've taught over 38,000 students and counting, and that number seems to grow by a few 1000 every month. And I've been deploying websites for nearly two full decades. If you can believe that now, something that students say they really like about me is my ability to take a complex idea or a complex problem and really break it down into smaller, easier to understand pieces in a way that you can truly learn and absorb. And that's exactly what we're going to be doing in this course. Now, this course is definitely for you. If you are interested in Ajax PHP my SQL I or if you're interested in just creating a members only type of website like Facebook where you have to register in order to actually get in. Or, if you want to learn how to use, get in the real world rial life coding scenario. Now by taking this course, what you'll get is 24 7 Access to all of the HD videos. Get downloadable code examples after each lesson so you can follow along with each lesson. Step by step and you actually get the full code source. It's upon Get hub. Right now it's open source, and you can see exactly what I used. So there's none of that behind the scenes stuff. Now. I'm really looking forward to sharing my knowledge with you, and if you're interested in this course or any part of this course, go ahead, click that enroll button and I will see you on the inside. 2. Introduction: Hello? Hello. How low? Welcome. Welcome. Welcome. In this course, we're going to be learning how to create a log in and registration system. But we're gonna be using PHP, Jake, Riri, Ajax and my SQL for the database. We're going to be creating a registration system because when you can't log in, if you don't have an account, So we're gonna be covering that as well. We're going to be using you. I kid instead of the typical bootstrap or foundation for the front end framework. Just because we're not interested in writing a lot of HD Miller, CSS knows course. This course is designed to teach you how to log in and how to register. Register a new user using PHP. It's It's not designed to be a beautiful website. No, what's required in this course? Well, you should be fairly familiar with some html CSS a little bit of javascript, but you know what? If you're not, that's fine, because we're not going to be going into that stuff. We're not going to be going into like, advanced JavaScript. What we're going to be using is J query, which is pretty straightforward stuff. If you don't know what certain function in Javascript desert does not do, Uh, Google it. Same thing with PHP. We're going to We're going to be going over a lot in this lesson or in this course rather And just feel free to posit video whenever you see something that you you don't know what it does. If it's PHP JavaScript for my SQL. If you don't know what it does, pause it. Ah, and go and Google it. Now. On that note, I do have another course called the ultimate HTML Developer course. Ah, and it's all about learning. Just html. I have another course called JavaScript Essentials. You can actually get about half of it on YouTube now for free and the other half. If you want it, you can just type into the Google machine type in JavaScript essentials. Caleb telling. Just throw my name in there, and you'll probably find some where you'll find the full course anyways. Ah, and if you're interested in the entire lamp stack, that's the linens. Apache, my SQL and PHP stack. I have another course called The Complete Web Developer course, which you can guess on YouTube. Absolutely free. It's 18 hours long It's a little bit older, but it's you know it's old, but it's gold has a lot of useful information in there s a go check that out, too, If you ever get stuck, There's a lot of information that I have provided for free on the Internet. Plus the entire Internet is there to help now about this course? This course is not meant to be very long. It's going to be very fast paced. So again, pause when you need to go on Google something. If you need Teoh, you don't have to watch the whole video and remember everything. First shot, you can watch the same video three or four times you can go and learn something new and you can come back. That's the beauty about online courses. So please, by all means, this is gonna be fast. So, uh, pause in Google if you need to. The last thing you need to know about this course is be it'll be coming with a code, so at the end of it, you will get access to all the code that we're using. I'll probably even just throw it up on get up so you get all the code for free in there. We're going to be using get actually just a little bit. I'm not going to go into how get is used unnecessarily. Might go into a few basic explainers, but nothing to advanced. And lastly, we're going to be writing PHP functions. So instead of classes were going to be writing functions to begin with. Just because that's easier for us to wrap our heads around on because this is a very small project. We really only need to write functions now. Near the end of the course, I might end up turning all of those functions into classes on putting them up on get Hub so that you can see how it all works and you can download it and play with it and all that good stuff. But for now, we're gonna be sticking with functions just because it's gonna be nice and simple. So with all of that said, let's go ahead and get started right now 3. Getting Started With Git: Hello. Hello. Hello. In this lesson, we're going to be learning about how to get get set up with our project before we really do anything else. That the reason we want to do that is because it is great for version control. You can see who has made changes to what code If we mess up at some point, we just don't want to spend an hour debugging your code. We can always just roll back and go and find the bug. We can look at the different versions of different files at different points in time. On that's really the tower of Get Now why is that useful as an individual developer might not be. It's really just a backup plan, just in case your computer crashes or something. But as a team, it is absolutely vital because you and other people can work on the same project at the same time and incorporating each other's work together. We're not going to be doing that, and this course is not, ah, get course. But I want to get you a little bit familiar with Get now. If you are familiar with, get awesome. Just ignore the this get stuff If you are not familiar with get However, this is probably pretty good practice. This is a little introduction into the world of Kit. So no further ado. Let's look at our website. We have local host. That's my website. This is where I'm going to be building the log in system. It's on my local machine And if you've noticed, I'm using you bun too. I'm using Lennox. You don't have to. You can use windows. You can use Mac local host all works the same way. You can also use a server up on the cloud you can use. Aws Ah host Gaber Host Gator Rather Ah Lin owed Digital ocean Whatever a song. Is this running? Basically Linux Apache, My SQL On PHP You can't use windows as well instead of Lennox toe host this environment but it's just a little more of a pain in the arse. Let's go to get hub. First thing we want to do is create a new repository. Well, I mean, if you don't have an account, create an account and create a new repository, The repository name for this one is just going to be PHP Loggins system Nothing fancy a sample log in system with user registration, public or private. I mean, it's like public because I want you guys to be able to view this goat. I also don't want to pay for a private Rebo Rebo, Short for repository, which is basically my coat is up on the cloud initialized this repository with with the read me? Yeah, might as well um creator Read me for me if if it's little less work that I have to do Awesome. Do it for me. Create repository. Now, I've got a report. If I go to get hub dot com slash kale italian slash PHP log in system. I will have my log in system. Here's the name. Here's the description. Nothing fancy, but we want is this green button here says clone or download kun with ssh means that get hub has my ssh keys, which essentially just means that get hub knows that my computer has been authenticated. I don't have to type in my password of user name anymore. It just knows who I am. If you don't have that option if if you don't know what all that is, that's fine. You can use the https method, and you've noticed that the earl actually changes goes from Get out, get out dot com colon kill Italian project name to using https, which is https colon slash slash get hub dot com slash user name slash project so you can just use https and said, And it's just going to ask you for your get hub user name. Ah, and your password, and that's totally fine. Get Hub is very trustworthy. You can send them that information. But remember, you do need to get help account for that to actually work. Now I'm going to use the S H one because I don't want to tape in my user name and my password every single time we do anything with get so we're just going to skip that whole stage and I'm gonna copy this year where I'll go over to my console and type get clone PHP log in system. So all I did was get clone the entire project I'm using the shur also get knows who I am. And this is the directory that I want it to go into. I don't actually want to call it system. It's called PHP Log in course, I guess Hit. Enter clothing into PHP Log In course, everything is good there. I don't see any heirs CD PHP Logging course Al l or L A Stash A or L s Dash L A. All these different options show your different folders. Now we've got 11 folder up. Um, we've got our get folder, which is where get stores all its changes, Um, and its history and all that. And then we have that Read me Now that Read me. Is this file awesome That read me dot MD Now open up Sublime. I have PHP logging course, and I've only got the one file. Now, my computer has the exact same code that get hub has. That's pretty cool. Now let's make our first commit. So what we want to dio is create a new file index dot PHP If I could spell that right to be great. Now, this is currently what the index page looks like before I create the index dot PHP file. And when I refresh now that I have an index file, nothing shows up. Awesome. PHP echo. Hello, world. If you're not familiar with very much PHP, that's fine. You don't really need to be this courses and super advanced or anything on. We're going to get more advanced as we go along. It's gonna be a great learning curve for you. Save. Refresh the page. Hello, world. There we go. We have our first page, but if we go to get I just refresh the page and there is there's no index dot PHP file. I have an index dot PHP files. Why? Why does get not have that? Well, it's because we didn't tell Get to download the file from us or rather, we didn't tell. Get to push our code to get hub dot com So we go back to our terminal, they've been get status, and we have untracked files. We only have one untracked file, so get ad index dot PHP. Get status again. It's now in green instead of red and says new file Awesome. Now, if I go back to get hub and I refresh the page, guess what? The code still is not there. Well, why is that? What's because All we did was we staged the code. That means it's getting ready to be pushed up to get are to get hugged. Rather now if we were editing 203 100 files at a time, if we were using some ah, no no front end system NPM with grunt or gulp, maybe a SAS compiler, it could edit a ton of files at the same time, and we might not want to push all those changes. We just want to push the one file. That's all we wanted to right now. So now that this is in green, we type get status. Great. So anything that's when we just there really, anything that's in green means that stage. Get commit em. Let's just call this hello world. So get is a command to run. Any get commands commit is the basically the function to run. It takes one parameter dash M, and that's the message that we're going to give it. I hit get LG now, which is a custom commanded said You could type get log basically shows you the same thing , but it's got your email address in there. I just like seeing this one because it shows us where it's at where we're at. Origin Master is where get hub is Origin Head is where get Hub thinks it is. And our head not origin. Slash had just our head is at a different stage. Now let's go back to get refresher page. Guess what? The code. Still not there now. Why is that? Well, again we made the commit. We gave it a message. We said, Yeah, this is ready to go to get him but we didn't actually send it to get hub So we need one more command. I know that sounds like a lot of commands, but once you get used to this, it's super super fast. So we type get push origin, Master What it did there was counting the number of objects that we have number of files. Essentially, it's using Delta compression methods basically to compress or file so that they don't have to. You know, it doesn't have to send two gigabytes up to get hub every single time. It can compress that down into something smaller, so it's a lot faster. Compression objects 100% to have two awesome writing objects. It wrote a few objects for us on Where is it going? It's going to where we told it to go to. This is where we cloned our repo. Now, when we go to get hub, refresh the page Now is when our code will show up. Look at that. We have index dot PHP and it has our message here. It even has our time. So if we if we clicked on hello world, we could see what was added what was not at it? If we go back, we can click on index dot PHP and we can actually see the coat. Now that matches with what this is Now if I type test in here, which just regular text, right? And we go back here and we refresh nothing is going to happen And that's because we didn't tell get that there are any changes yet, so we would go through that whole process again. We're gonna do that a few times through this course is gonna be very familiar for you again . This is not a get based course, but we just want to get a project set up with get so that we can have different versions on and you can see if you wanted to, you could see the history of our files. So that's getting set up with. Get if you wanted to, you could follow this This whole procedure with your own account. You don't have to use the exact name PHP log in system. You could call whatever you like and just create your first file and ah, basically committed. Put it into your staging area and then push it up to get. And once it's on there, you're ready to move on to next lesson. If you already familiar with get and you don't want to do this stuff totally fine and we'll see you in the next video. 4. Login Page and HTML Setup: All right, now we're set up with get Let's go ahead and get our project set up with you. I kit. Now, I know a lot of people want to learn Bootstrap, and that's fantastic. But you like it when it comes to just whipping up a website. Really, really quick is extremely powerful. Bootstrap is extremely powerful. Don't get me wrong. Foundation is fantastic. All these frameworks are amazing, but you like it just has that little extra touch. All right, So what you see in front of you is just our html basic structure. Right? So we've got our doc type is html five way. Have her head. We've got her body. Um, we've got a title in there. Uh, all I did was link you I kit CSS to us using Cloudflare. I've also put in Jake weary on and you like it min dot Js and his icons Dodgy s. Now, if you don't know how I got that go to get you like it dot com and click it started and basically installation and all I did was grab the CSS and I grabbed the Jake weary and I grabbed the you I kit Js That's all I did. If you don't know how to grab any of this stuff if you don't know what you're doing in here yet, uh, that's probably a good time to go back and learn about HTML. Yeah, I've got the ultimate HD male developer course. Type that into Google. Maybe put my name in there and you'll be able to find it. But you should be familiar with us by now. Now I'm going to remove that, and all I'm going to do is save. Go back to Chrome, refresh my page notion. Nothing shows up. I hit F 12 to open my developer tools or alternatively, right, click, inspect and I go to console and there are no errors. That means everything is loading the way it's supposed to load. Awesome. Now, this course is not meant to teach you. You like it? It's not meant to teach you how to do basic html CSS markup. So what I'm about to type you can completely ignore, Or if you're interested in learning you like it, you can pay attention. I'm not gonna learn. I'm not gonna teach too much about it, though. Esso UK section U K Container UK Text center. Kind of. I do test. There we go. We've got some content in there. Nice and simple. Snap. If I wrote, uh, let's do a grid UK grid. That UK child with this that no one of three at small on also UK Child with is one of one. This is mobile first, which means it's going to take this one by default. It's going to be with of one of one, which is 100% And when the view port is small, which is, I believe, 640 pixels, uh, or larger it's going to be a with of 1/3 and you can grid. I also use a plug in called Emmett, which just allows me to basically type in, uh, html CSS and attributes like this and all I do is sit Tabin. It writes all the other code for me. Um, so let's go ahead, but test in there. Cool deluxe. Okay on. And now let's go to you like it and put in a cart. Let's look at a card and I'm not even a right the html because I don't really care too much for it. Um, you know, actually, a better one would be form when it looks OK. Something with Let's do this one of the markup and all I'm gonna do is grab this again. We're not looking for anything fancy. Save. Refresh. I've got a basic form tech center. Let's get rid of that cool basic form instead of reading text in there, let's put email and let's copy that. Put password and here changed that Type two password changes. Type to email, which is great for mobile. Basically changing the type from text email on mobile allow is a different keyboard on your phone so you don't as the user, you don't have to go in hunt for that. Little at symbol just shows up for you. Usually, uh, you know, email dot com That's not the at symbol password. Your password. Pass word spelling on typing properly today is clearly not my strength. Get rid of all that, say every fresh There we go and we need to do. Let's go ahead and actually copy this over. We need to submit button. Give me that. Actually, we need it was UK margin on then button. If you're familiar with CSS, you know that that would select all the buttons. Then we do UK buttoned UK button default tape is equal to submit and log in. Now we have a basic log. Inform, right? Nothing fancy. Nothing fancy, but this does the job. So do these need to be required? That's so Yes required Is equal to required. Copy that over. Make sure they're both required. What happens when we submit the form HTML five Validation kicks in now. Don't rely purely on that, but it's okay, toe, allow the validation. Now we want to add a class. Anything that has to do with JavaScript. I tend to start the class name with Js. So Js was called us Log in. We're gonna get to that a little bit later, and now we have our basic log in page. Awesome. Okay, so what I want to do is I don't want to have to include that on every page, and I don't wanna have to include Ah, a lot of the head stuff on every page, and I want to include a config and all that stuff. So, um, in the next lesson and next video, what I'm gonna do is I'm to clean this up a little bit. I'm actually prosecute that and instead we're going to put these into their own files. Eso that if we ever needed to change the version of J Query, we could just changes from, like 3.213 point 22 And it will take effect on every page that the footers being loaded into. Um, so that's that's for that Now, uh, let's to get status. Let's do a get def on Index PHP. Look at all the differences so you can see up here. It says, Ah, in red minus Hello world. There's no new line at the end of the file and all the green stuff is all the new code. J lets me scroll down K lets me scroll up. Awesome. So we've got a bunch of new code in there. Let's go ahead and get add index dot PHP. We can check it again. Make sure it's actually in there instead of get status. I like, suggested we would do get commit added log in form. Get push origin Master, get LG or get log. You could do get elegy instead. If you don't have the LG command, which you probably don't but get log is the default. One basically shows you the same thing. Now let's go back to our browser Hit, Refresh added Log, inform. Look at that. And there's all our code completely accessible to the Internet. Pretty cool, right? So now other people can look at your code, which sometimes great, sometimes not great, depending on your project. I mean, if you're working for a company like Facebook, you don't want the whole world looking at your code. But if you're doing an open source project, yeah, sure, it still really fine. I've noticed that I don't really care too much about inventing right now. We can fix that up with an editor config a little bit later. So that is our log. Inform Styled With you. I kid again. Nothing fancy. It's not supposed to be. All it's supposed to do is work and Sinus, and but at the time, we don't have anything to validate. If someone puts in their email address and password, it's literally not going to do anything. In fact, let's even test it. Test at test dot com Test test test Test test. It changed that you were able to a question mark. Uh, that's no good Should actually not even be a question. Right? And it's amid of the form. We want this to be an Ajax form eso totally different things. So in next left, I'm gonna clean up that file and then I'm going to create a registration page and probably just the basic index page as well. 5. Adding Your Config, And More Pages: all right. In the last lesson, all we did was replace our PHP with HTML. Nothing fancy. In fact, we should actually go ahead and clean us up on, and that's what we're going to do. So the first thing I actually want to do is create a config file so I could go tahp include actually no require the difference between it and the difference between recall require and include. Include will include the file that you specify. But if it doesn't exist, the page will basically try to go on. Anyways, it might break in several places, especially if it can't find the CONFIG file, whereas require will try to require the filing. If the file is not there, it's just basically going toe. Uh, it's mind is going to explode. Say, Oh, I don't know what to do and just die Now, in some cases, we want that if we can't load the config, we can't do anything else so require Once and Let's Dio Inc slash i could figure out PHP save when we go over to our page, watch the error actually get us 500 against, because that doesn't exist. Creamy folder ink create a new file in there called config dot PHP. Now it works. Okay, cool. So what can we do here? But if we did PHP echo test exit kills their page with the word text tests on it. That's perfect. That's what we want. We know that conflict files actually being loaded through the index. Now, as a security practice, this is something you can do. There are other ways around this, But if you're going to have your config file in an h email accessible folder, that means if someone went to your website dot com slash ng slash config dot PHP, could they view this file? Technically, yes. Could they access a Yes. Would it produce errors? Most likely, even if you have errors turned off. Is that a great thing for people to see a blank page? No, you don't want that. Instead, where you want to do is you want to make sure that they can't have access to it. So I'm going to get rid of this because it's unnecessary from to say, if is not defined config cool. Reload the page. I do not have a config file. That's because this is not defined now in PHP. We have variables. We have constant. We have all this other awesome stuff. So instead of requiring at top of the page, let's make sure this page is actually allowed to include the config file. We do that by defining. Basically, this would be the constant name it's instead of a variable. It's it's a variable that can never change once it's set, it's set for life. Or basically, until the Scriptures done running and we'll just set that true. And let's add some comments because comments are always a good idea. Ah, allow the config require the config. There we go, are paid shows up. But if we change, that has added up to in there. We don't have a config file now. What we could do is we could redirect someone in here instead of exiting. We could. That's actually what we should be doing as we should redirect. Or we should show them a 404 page, so it looks like there's nothing there. But for the sake of simplicity, for the sake of brevity, we're going to keep this nice and short with an exit message. Now again that a comment if there is no constant define called config. Do not load this file now. Anything after the exit function. Uh, it's not going to render cool. So basically, if our code gets past here, everything else is doing air quotes. But it's safe. It's not really safe, but it's it's safe. Er, it's just one precaution that you can take now. Our config is below, and what do we want in our config? At the moment, we don't want anything inside of the configure were still keep this nice and blank, and that's our first required file. Now, if we wanted to move this to another place, we could do that as well. PHP require. Once require once, obviously only tries to require the file once it has already been required. Uh, and instead of required. Actually, you could use include once and so if the files already been required or included, it's not going to try to require included again, and that's like if you have a loop, for example, that's running over and over and over again. Instead of requiring the same file 55 55 100 million times, it's only going to try to require at once. Ah, and here we're going to go inc slash footer dot PHP which does not exist. Cut that code going here. New files called footer dot PHP Put that in here. Spacing tabs doesn't really matter. Now. If we wanted to do the same thing with footer, we could just throw that in here. Make sure we have our PHP hoping syntax and that closing syntax. Now, our footer is never going to load if there is no config loaded and our config is loaded up here now again, maybe not the best way to do it. Uh, certainly not the worst way to do it. Instead of having you know, foot or check for config, you could have another constant in here. Allow footers Eagle to true on in here, we say, if not defined, allow footer. Basically, the CONFIG file is not allowing you to have that in. They're not gonna do that. We're gonna keep it again. Very simple. In fact, I don't really care if people can even access this file because it's just little bit of javascript. There's nothing secretive in this file that we need toe keep away from everybody. It's basically just a template file. So and undo that stuff. Say that back to her page, Reload, inspect. And in our council, there are no errors of no warnings on just to show you what I mean by that is if I did, you had a bunch of twos in here and make this really gross, and I refresh the page. It says can't get any of these. Essentially, what it is saying is these air 404 ng These files do not exist. But if I undo those, we don't get those warnings. That means those files are being loaded onto our page perfectly Fine. And voila. We have a cleaner index page. Now that brings us to our next one. We don't necessarily want this to be your index page. So let's go ahead and re save this on a recent duplicated. I'm gonna call log in and this page is not going to have anything on it. And this is just going to say, you know, go hello, world. And let's throw a little bit PHP in there Date year, months. I don't date. Sure, whatever. Uh uh today it does save go back to our index page refresh. Today is a day does not control because that we didn't echo it. There you go. That's the date. Nothing. Great. But if we go into log in dot PHP now, we have a special log in page. Now what we're going to do is we're gonna duplicate this one more time, actually gonna duplicate the log in page itself duplicate, and we're gonna call it register. And instead of calling this Js calling this class chest log in, we're gonna call Js Register and is going to have a different functionality. You can add your email. You can add your password. You can add a second password in there so that people have to take the password and twice all sorts of stuff. But essentially, when this form is filled out is going to act differently through JavaScript. And that brings us to Ajax section, which is a little bit ah, ahead of ourselves right now. But we have basically a regular page here where let's just do register, so we know what page we're on. Ah, we have regular pages here where our site actually looks a little bit different and leave some spacing in here I don't prefer a lot of spacing. Uh, but I'm doing that primarily for the video here. And so if I did this, this is log in page. And if I went to registered at PHP, we get registered page, and actually, I can change to that. Doesn't need to be log in. That could be registered. Now, we're going to be doing a lot with these log in and registration pages, and they're going to actually be drastically different, considering the fact that they look pretty much identical at this point. So there we have it. We have an index page. We have log in page and register page. Fact, I don't even like that. Let's go ahead and change at two. Uh, logging that PHP was gonna add a Lincoln here, log in and register. And now, if I go back to the index page, we've gotta log in and we've got a register link goes to log in. I go back and click register goes to register. Awesome. So now we have our basic page of set up. Finally, Caleb were actually getting into something good. Yeah. This is part of setting up a project, though. Is the boarding Each TML elements the setting of your page structures that getting your config set up People don't tend to like to do that. Web developers get really bored doing basic things like so what we're going to Dio is set this up right now. We set up, get before we did all of this and then we can start having some fun now. I mentioned get get status. Look at this. We modified index. We also have a bunch of new files in your project files action. I'm supposed to even be in there. But this is a good example to add multiple files. Get ad Kid. Add Inc is going to add the entire directory and that should have had a space in there. Now, if I get status there we go. These files are going to be included in our next commit The project files is not. We do a get commit, added config added. Log in Reg pages added flitter. Nice and short. You get messages. Need to be very long. Get push origin Master, go over to get up refreshed. Look that we've got Index Logging Register Inc. We've got all sorts of awesome stuff in your cool, cool cool. Should these have been in their own get messages? Should we have get committed? One file at a time? Yeah, we probably could have done that. But just because this project is so tiny, uh, it's not that important. Now, if you're working on a big project like $100,000 website, yeah, maybe do different get messages so that people in your team can see what exactly is going on or if you get message is going to be really long, maybe split it into two, get messages or get commits rather. So there you have it. Let's move on to the next lesson. 6. Help Me Out? : Hello, It's me. I'm the voice behind the videos. Just a quick reminder that if you've enjoyed any of these videos so far, you can follow me on skill share. But more importantly, you can actually rate this course. And just by simply reading this course, that actually helps me out a lot. It's super easy and super quick only takes a couple seconds, and I mean it really would mean the world to me. So if you've if you've loved what I've been teaching you, if you like the style of my courses, give that a good old thumbs up, Um, and let other people know what you fluffed about these videos as well. Cheers. 7. Storing Passwords: Welcome. Welcome, welcome. Last lesson. We created a log in registration page. All that stuff. We included our config. We included a footer so we could make changes across several pages very, very easily. But before anyone can log in before anyone can register, we need a database. Otherwise, we're just storing basically passwords in plain tax. Now, with that said, I want to mention something real quick. Okay, in your JavaScript, I have seen this way too much lately, but in your JavaScript, people have been storing passwords. Never store your passwords and JavaScript never store your passwords and html CSS. Those are all browser accessible. Doesn't matter how you try to hide those. It is visible to everybody. So let me, let me be very clear with this. Do not whatsoever for any purpose or reason. Ever store a password in JavaScript, HTML or CSS. In fact, I would even say never store a password in a regular PH. B string like this. Don't even do this because the fact of the matter is that no server is unbreakable. That means someone can get in. It might not be today might not be tomorrow, but if someone really wanted to get in, they could get your code. Now there's one more thing you have to look out for is when we type password is equal to password. And we put that up on Get hub. Guess what? Everyone confined it. You want a P I keys, Go search on. Get up. There are tens of thousands of a P I keys on their their tens of thousands of passwords that are hard coded into projects. And people just break in just because it's publicly accessible. So don't ever do that. Instead, what we're going to do is we're going to create a database so we can completely get around that we're not even going to use passwords equal to password, anything like that. We're not gonna store any passwords in variables purely because we don't want to do that. I don't even want to show you how that's done. A lot of people say, Oh, but you know, PHP has s o many security flaws like No, not really, not if you know what you're doing. It's just that people are bad developers at times, and I want you to be a great developer, So don't don't ever put your passwords in plain text like that. It's bad enough when people put passwords in plain text, like where where we had password is able to password, and I could read that. But even if it was encrypted with something that's bad, too, don't put that in there. If someone's going to break into your server, make them work for it. They have to work really hard. And in order for us to actually get this to work the way we want, we need a database. So I am done. My rant about passwords please always be security minded. K Security comes before good looks. Security comes before functionality. Security comes before everything. If if Facebook had a break in and they lost two billion passwords, what would that do to Facebook's trust? Nobody would trust Facebook anymore from Google. These things happen. So just be very mindful about that 8. Setting Up Our Database Part 1: What I'm going to do is I'm gonna go local host slash Petri minded men Ruedas route If you don't know a PHP might, men is it's just a interface for my SQL. You can use my skill workbench you can use. Ah don't have to use my school. You can use Maria db, which is technically the preferred one, which is a drop in replacement for my SQL. And that's totally fine. You can use that instead. But what we want here is databases and I'm going to all right, I'll do that after and let's just call this log in system. No, I don't use the word system because it's sort of a Le Guin course And the collision. I'm gonna go to the very bottom utf eight m before underscore Unicode underscore c I c. I mean, is case insensitive? I'm gonna suck that. Basically what that means is that any character can be stored in this database. It's allowed. Now we're only storing e mails and passwords which are usually just utf a which are basically just regular characters. But in the event that you wanted to extend your database toe, hold first names, you have to think Some people write Arabic. Arabic goes from right to left. It looks completely different. Doesn't look like anger. Citadel. What Russian Russian is a different had entirely different alphabet Japanese. Several different alphabet's. You got to consider these things right? So let's go ahead and create a table. Let's just call it users. Number of columns We want to uh, no, we want to user, i d. We have the email address, we've got a password and lets your registration date So you have four was right and no, not roadie user I d. Now I always try to keep these lower case and separated with an underscore. You'll see some places that will write like Roe i d. In a database. And it's super inconsistent, Not to mention some databases just don't like when you have upper case letters that will force you to do everything in lower case. You're right. All your code locally using upper case, much like whips much like this. And then you put your coat on a live server, and all of a sudden it's like I don't know what row ideas because instead of looking for a row, underscore idea. Actually, called it user I d. Ah, in here. Let's just go with regular into five default value eyes not going to be anything. It's always gonna have something a eyes, auto increments to do. Save that attributes unsigned means numbers are always zero or higher. If we didn't select unsigned, what that basically means is it would go instead of from, like started to 56 that go from minus 1 28 to positive 1 28 We don't need ah user idea that goes below zero. So we'll change that to one signed comments. User i d. Everything else we're just going to leave. Name. E mail. This was a variable character. 250 defined, uh, as defined. We can say the default value is always email at email dot com or something. Not what we're looking for. Uh, trade emails be empty. Nope. Current time stuff. Nothing to do with it. Let's go ahead and change the index to index and, uh, well, actually, we could make this unique as well, because one user can only have one email address, so it has to be completely unique and type an email, go comments, users, email address password. Terrible character. Let's do 200 probably won't ever be 200 because it's going to be quite encrypted. But that's fine. That's fine. Same thing, Uh, default value doesn't really matter. Password does not need to be unique. Does not need to be indexes if someone has the exact same password and somehow manages used to use the exact same hash, which probably will never happen at any point time. But if it was toe happen, unique would break it. Unique has to be completely unique. Index. Well, this is going to be stored as an encrypted value. So we're not going to know what that is. Eso we don't need to index that. Indexing basically means Hey, my SQL. We have a certain piece of information in a certain table, which you have to prioritize. But if every password is stored encrypted and it's different, we have no idea what that's going to be. And so it shouldn't be indexed. We're gonna look people up by the email address first. Then we're gonna grab the password, and then we're going to verify it. And lastly, it's you, Reg time. And this one could be do where you time stamp. Current time step, uh, on updates Current timestamp? Well, no, because the registration time only ever happens. Once assumes that register, we save that The index, we don't need to index that because we're not doing any, like Data Analytics. Based on when people are registering. We just want to see when they registered the time and date the user registered. Call this that users table coalition do same thing storage engine you want in a DB or my ISM. Now, WordPress sites like to use my SM because they don't write a lot of information, but they read a lot of information, which is great. But you know, D B will read and write a lot of information, has some pros and cons like my Assam has full text indexing, so we could say Full text index, and it'll it'll even try to match in different languages, whereas in ODP, which does have that is not so great with it just fine because we're not trying to index entire blogger articles or anything like that. You know, DB also supports transactions, which means you can add 10 users and 50 blowing posts and all that, and if something was to fail, you could have a try, catch block. And in that and the catch block, you could basically say Roll back, undo all of that. Because if something fails like, I can't go through And that's great for, like, payments or banking systems, the transaction absolutely has to go through. If it doesn't go through, no other data is allowed to go through. You don't want to see people. I you on your bank statements, you don't want to see that you've spent a bunch of money that actually was not spent. You're gonna be very confused. So that's why they would use transactions. That would be a real life example. Let's go ahead and save this. That really got a user's table. And if we go back to our page and let's go to log in, nothing happens because we're not connected to a database. Now what I want to do is I'm gonna create another folder inside of ink, and I'm just gonna call it no, not functions that he's should we could do that. You do, uh, creamy file. It's called Functions that PHP. This is an old school way of doing things and Let's also add any folder, call it classes, and in that folder, let's create a new class called devi dot PHP. Okay, so what I have here is I've just pasted in this DB class. Now this is called a singleton class, which means it's going to try to get the database connection once. If it doesn't exist, it's going to then actually get the connection. If it does exist, is going to return the connection. In this way, we can call upon our database connection over and over again. But it's not actually going to wait that, you know, 50 milliseconds every time we have to connect to our database or whatever it's gonna be, um, it's just gonna know it's gonna be nice and easy. It's only ever going to get it once now to go through this quickly. So I wrote something similar to this, uh, for several other projects and sort of just cut it down to make it very simple. Now what we're looking at here is object orientated PHP, and that's because we only want to singleton uh, the singleton basically designed the structure of this class has to be, you know, only, said it once only ever get the one that set. So what this does is we define a new class called DB Isn't a db dot PHP So we've called it d be protected static, which means this is a variable called a property inside of a class and it is protected Means we cannot edit it from outside with class. And it is also static, Which means we can get it by calling itself self going Colin Technically, private function construct. This is a magic function, uh, magic method rather which as soon as you in Stan, she eight db So when you type TV is equal to new DB, this is automatically called upon Awesome. That's exactly what we want on is going to create our con and here these are actually do. Is that wrong? Let's go change. It was real quick. There we go. Uh, and we're going to be using PDO. So instead of my sq a lie which a lot of people use, we're going to use something more advanced because this is a Technically, this is way better. My SQL I is sort of like the rookie way of writing, um, my SQL statements using PHP. Ah, the code is going to be available so you don't have to worry about writing all this. But basically, this is staying connected. My SQL toe to my SQL Use the character set utf eight. And before remember, we set that up with their database. Awesome. Awesome. Our host is local. Host Airport is 33 of six by default. Our database name, which we set up was logging underscore course, my user name and my password. Now, if none of this works is not going to say chronic could not connected database again. Sorry. It's because I copied from another project there. Be instead of having to type this out. Uh, having you basically watch me type this out, its That's gonna be quite boring. Just say could not connect to database And the carriers. Your lines don't need to be there. Probably 1000 like to There we go. Koukal 9. Setting Up Our Database Part 2: now this is not going to do anything because I mean, if we load her page, it's not being called upon. So if we go into our config and we say, guess what include the D v dot PHP file? We could do include once classes db dot PHP And I had actually spelt that room. Let's just wears rename. There is one too many. Yes, is now what happens when I go and refresh the page Still loads, but is it actually loading? We don't know. Exit test? Yep, it is. There we go. Now. We could do the same thing we did with config. And we can take this code. And if someone's trying to access over devi dot PHP file, we can say, Well, wait a minute. If you don't have the config file, which is actually only ever loaded from within our log in dot PHP or index dot PHP or any of our application files, then guess what. You can't have access to this. So, you know, go away. This is for us on Lee. That's essentially what That saying and so yeah, refresh. There we go now it's not actually doing anything. This is just our class. It hasn't been in san. She it hasn't been started. We need to start that. So let's go ahead and create a new variable inner config and d b get connection, but killed. How did you get that? Well, D B is the name of our class. We could easily call it databases. Well, if we wanted to. Ah, and the get connection is the public static function. Now, the public static function public means that we can call this function from with outside of itself. So any code that's not in here well, we can still call it the static part means basically, we're going to use to Coghlan's to access it. The function is Well, it's a function, and that's the name. So now we've got Condi be get connection. Awesome. Cool. What happens when we save Refresh? Well, we are connecting. Apparently. Cool because nothing happened. What if I just go in like mock up? Some of this stuff Could not connected database? What if I just mocked up one of those? What if I just changed the password to root? Two can't connect to the database. There we go. So we are officially connected to the database, and that's all there is to it. Now, before we continue when you create a database, the one we created was log. In course, you're going to need a user now. If you're doing this locally, it's probably root root. Uh, when you're creating a live application, don't use route. Everybody's going to guess route. Don't use ad men. Probably don't use your name either You something totally obscure on your password should be crazy. Now this is one of the few times are hard. Coating your password into your application is actually XX accessible. And that's only because there's no other way around this. And so that's why we've added additional security around here now. If we wanted to get even more suspicious of all of our users, which is a good thing, we would actually move the entire Inc folder out of our application and somewhere else so that, uh, the config could say, you know, go two folders up, which is outside of the the place where people can access index that PHP or logging dot PHP , Uh, and really only established our application will have access to this. Now that's that's one way that well, I guess that's another way we do, and that's the way we should be doing it. But for for the sake of making this clear for you to understand, um, and to see how the hierarchy actually works we're going to keep it this way. But please keep in mind that there are ways to improve security around this now for your users. If you don't have a user, you can go into PHP my admin. Or you could write it straight through your console or your terminal. Rather, you could write all of your my SQL and here if you wanted to do it that way. I like doing it visually so you can actually see what's going on. Command line tends to scare a lot of people, especially when it gets into managing databases and creating users and whatnot. It's a little bit easier for people to point and click, and in this particular instance, that's not a bad thing at all. We have databases, SQL status user accounts. We want user. I have one in there called Caleb. This is actually for Docker, but I've got all my privileges there again, just local host privileges as just local host. So I'm allowed to have all the privileges. Roots, roots password. Yes. Again global all privileges. Aiken do basically everything with it. Sweet eso That's all I did to create new user account. Creating user you got use your name, your host name, uh, local host. Password changes route or whatever. If you are on the live server, make sure this is secure. This is completely different, but because we're local, we're just using, you know, crappy little log in credentials. It doesn't matter. Go ahead. And if your local you can check all if you're not local, you want to restrict the's. That's another way you can add more security. So if your user is only allowed to select insert update delete. Um, maybe alter is not allowed to drop. Um, that's about it. So now you've got, like, a basic basic user. Uh, the even if someone got in and did some malicious stuff like people again, people talk about PHP having security flaws. It's not necessarily PHP. It's people not knowing how the tools work. And so they create these users that have all of these options and then all of a sudden the SQL injected, which is basically just adding SQL into do you are all here. So where it says add user and are where it says token, right? This is looking up a token in my database right now. My PHP id men database. Now, if I typed in drop table users and we'll look at that, we've got a table called users in there and that user is allowed to drop tables. Guess what? You lost all your users. Now, we're not going to be doing that locally because obviously we don't want to drop all of our users. We'd be going backwards in time and undoing all of our work. But if we run a live site, you want to uncheck that you want in check basically all of these Onley check the ones that you absolutely need, And that's another way to really improve security on your application. So that's that in the next lesson, I think we should go ahead and get some JavaScript, set up some javascript validation and start getting people to actually register on our application. All right, See, there 10. Form Validation With JavaScript Part 1: Hello. Hello. Welcome back. So I did something behind the scenes that I should have done the last video. Ah, or in this video. So instead, I'm going to explain what I did in the last video. I set up a database. Ah, and all I did was I dumped it. Which means I've created basically an SQL file which all the information of the structure of the database basically goes in here so you can find that in your project files fully. If at any point you need to set up your database again, this will set it up for you. All you have to do is upload this SQL file and it'll work just like that for you. Now in this last No, what I want to do is I want to get started with some JavaScript. Let's make this little Ajax see. Let's make this a little more dynamic. Let's see what we can and cannot dio now, before we do anything well, we need to add a new JavaScript file to our footer. Now we we can go to our footer and we can add any sort of javascript that we want here. But I mean that's that's gross, because I gets loaded into the d. O M into the document object model onto the page every single time. And while that's that's not cool. So instead, what we're going to do is we're gonna create another directory and we're going to call this assets. We're gonna create one in there and we're gonna call it Js, and we're gonna create a file in there. We're gonna call it main dot Js. Now the reason that I put it in assets slash Js slash While you can actually see at the top here assets slash es slash main dot Js You can put CSS and images and stuff inside of your assets. And so all of your local assets, all of your static assets are all together. It's just it's cleaner that way. Instead of having you know, three or four different directories all over the place. When I just look at this entire project, I only have 23 directories Now if I wanted to look at any of my static assets, I know there's only javascript in there, but if there was CSS, I could make another folder called CSS. If there were images or S P G's. I could do that as well. Now, in this pain, all I want to do is alert test to make sure that this actually works. Go into our footer type and script as R C is equal to assets slash es slash main dot gs. And the key here is it starts with a slash. That means go to the base of the project. Whatever the closest thing to the base of the project is, which is where index lives. And it's going to look for assets which we have and that is going to look for a JavaScript , which we have, and it's going to look from maine dot Js, which we have. Save that. Let's go back to our page. I refreshed and it says test just I got cool so we know that that works now. But what happens when someone actually goes to register? Well, let's move off of log in and go to registered a PHP. I'm gonna close basically all the other files cause we don't need them at the moment, and we know that this form is called Js Register. Now. If you're not familiar with Jake weary, that's Okay, We're gonna do something little bit different. What A lot of people will tell you to dio using J query is technically wrong, especially with Ajax applications. They're going to tell you to do something like this click function. And so when the page loads, it's going to select this class, which is this form, and it's going to bind the on click function. But if we Ajax this onto the page, well, that doesn't exist. So guess what? That never gets bound and it doesn't work. I have seen people struggle and struggle and struggle with this concept. So instead, what we dio is we bind all of our functions all of our listeners to the dome, to the document object model, which is again we're selecting the entire document we're going to say on submit formed A J s register function E on decide to eat a little ambiguous. Let's do event. Ah, turn false, no matter what. Um, and we always want events dot prevent default, whatever that might be. Some browsers act differently sometimes not necessary, sometimes necessary. Really, depending on your audience. What browsers they're using. I'm going to throw it in there anyways I take it or leave? It doesn't really matter and let's go Alert form was submitted. Say that go over to a page refresh and when we click register Wow, it's gonna ask us for information and we click register. Look that formal submitted. Now Remember when we were submitting the form a few videos ago, this was actually taking us away from the page. It's no longer doing that. It's keeping us on the page now. Why is that? Is it because the events prevent default? It depends on browser. Could be, but mostly it's because it's returning false. So now we have something to work with. Now we need to be able to get the email address and the password. So if we take this form, throw it into a variable called form variable naming conventions in JavaScript very widely , especially when it comes to Jake weary. So what we could do because it's a selector. We could use the J. J Korea way of selecting things and use a dollar sign and say this. This refers to the entire form. Or we could say form is equal to this or some people like the shorter way we could say f dot eagle Teoh F is equal to this or we could just do the normal way form is equal to this groups really depends on your preference. What I'm going to stick with is underscore for the sake of state with Underscore, I guess, since two form is equal to this and now that we have the entire form elements, let's look at the JavaScript. But we have this entire form element in one variable. We can now parse through the rest of the HTML in here and find exactly what we're looking for. So could we find our input where the type is email? Could we find her input where the type is password? Yeah, you bet your but we could Let's do this. Let's create an object. Variable data is equal to object. Email is equal to Well, let's look for the input type of email. We know there's only one, so it's totally fine, and most people leave it at this. But fun fact. If your pages huge, if it's like an Amazon patients only 10,000 lines of HTML, that's a lot of HTML to go through. So instead, we're going to type underscore form, which refers to this and basically what that says is Look through this. Just look through that. That's all that's all yet. No, not even that just looked through the form. That's all you have to. You just look through the form and ignore everything else. Otherwise, if we didn't specify that is going to look through the entire deal. I'm now our page of small, so it doesn't matter, not the point. The point is, eventually your applications are going to get huge, and you're going to want to make sure that your JavaScript is as fast as possible. Now some people are like, Oh, well, why even used require? You just use reactor? He just use angular. Well, the fact is that most sites use J query, and that's why we're Husing Jake. Or if you want to upgrade to react or angular, anything else. By all means be my guest. Go for it. There's nothing wrong with that, But most sites use Jake weary, so we're learning the Jake Weary way. Now we take four, get the value comma and let's get the password. Input type is equal to password again. Same thing. Underscore form dot foul. And if we do, Consul, don't log data every time the former submitted. Say that refresher page and we do test at test dot com and and a click register. Oh, look at that. Look, there's my email address and my totally secure password. Well, why shouldn't I store text in my JavaScript like that? It's because JavaScript is publicly accessible to your browser. 11. Form Validation With JavaScript Part 2: One thing to make sure of is when you are using passwords when yourself meeting forms, when you're submitting any sort of secure information, you always want to make sure that you're using https. Now. I don't have that locally. I don't need that locally because I'm only running this locally. But if this was on a live website, if this was on arc mont dot com, which uses a very similar log in form like this, or really any other website that has ever been made using PHP and Ajax always use https. There's this thing called Type this out. Let's encrypt, and that gives us SL's for free. Sets it up for you. It's a little command lining, but it's like two or three lines off limits command lines and give you the code and that just it just works. And that secures basically your entire site for you. Well, I shouldn't say secures. It actually just encrypts the code that's being submitted from your browser to the server and back. So ah, it's just another layer of security again, definitely recommended. Maybe I'll even make a course just on. Let's encrypt So we have our data and moving forward. We want to make sure that the email is a certain length and we want to make sure that the password is certain likes. Now we're not going to get into validation. Uh, really? Because of course, is not too much about validation. But, you know, let's let's do just a little bit. Just a tiny amount. So in here, let's do div that UK margin dot Js error? Um, yeah, sure. When I and two UK UK alert UK danger Js air hit tab test freshman page and I've got a little alert box in there. A little error. So what I want to do now is style display none. Make sure this never shows up. Refresh page. Look at that. It goes away. Awesome. Awesome. I don't need that anymore. And we're going to select this as our error. Now we can go back into our JavaScript. Their variable called error is equal to our error, but sort of looking through the entire D. O. M. Because there could be more than one class or more than one element with a class of Js air Onley look in the form because the forms only gonna have one or should only have one anyways. And now we can say if data dot email dot length as less than what's the shortest possible email address? A at a dot c A. Six characters, right? So if it is less than six characters return false and do error dot text. Please enter a valid email address had dot show. And let's put this on several lines here because it's just gonna make it cleaner for people who read. So now we're selecting error, which is to do just that air dot jazz air. Where are we? Right there? It's gonna select that. And then we're going to say, Oh, well, if the email is less than six characters, well, show the air. Let's go ahead and give that a shot. Ah, a Actually, no, that's not gonna work because I need HTML five allegations in the kitchen. So, as an example, let's do if it's less than 16 so test test out. Come, look. Enter a valid email address. Why is that? Because this is not 16 characters long. Now, make sure you wanna do something like that. The return falls. It works the same way. Is that no code below the return is actually executed, and it stops your code from, you know, doing anything else I was doing else. If password dot length is less than eight now, it shouldn't technically actually know. Here. This is a good educational, uh, moment for everybody. We should not be using passwords. We should be using past phrases. Passwords are easy to crack whenever you have, like a five character password. You know, if I like my password was You know, Caleb, 111 is so easy to break into. If my password was just password, guess what? That's the most common pastor in the world. It's also most common password that's ever broken into, but computers, what they do, what a brute force is is basically is gonna try password and then sent to try password groups. I don't do that. I wanted Capital t ah, and then isn't try password, and then it's gonna try password. And it's just gonna keep going on and on and on like that, and then eventually is going to get in tow. Know this and that. And that's then that. Then that and so on and so on until it finds a match. But guess what If your password is like super, super, super super long, you know, even if its basic and has no special characters in it, guess what? It's super secure. Guess how long is gonna take a computer to guess every letter up to here and then every variation here and in every variation here than every variation here in every variation up to here, it'll probably never break. That password doesn't need numbers. It doesn't need special characters when when you sign into a bank or PayPal and it's like, Oh, you need, Ah, your password has to be at least eight characters and you need, ah numbers and, like an upper case and and all this other stuff Now you don't you just need a super long password. That's why we should be using past phrases. Now I'm going to use the word password because that's what everyone is familiar with. You know whether or not they make it long. That's up to you now. We could say if your password is less than eight characters or of we could say, if your password less than 18 characters 28 characters don't make it too long because people are scared by that. It's too much change. But if you said you know your password has to be at least 11 characters, that's getting better. That is significantly better than eight characters or six characters in some places use. So that's what we're going to do. If the password less than eight characters, we select error dot text. Please enter a pass phrase that is at least 11 characters. Long does show and return false. Let's give this a shot test at test dot com, and my past freeze could be really anything. Oh, look, password is not defined. That's because it's not password its data dot password. Now this is an object for a reason, and we're going to get to that in just a bit fresh. Let's try that once more. Attested test dot com, Put intestines. Password. Please enter passwords that is at least 11 characters long. Awesome. So now we have some basic validation. Now, assuming that our code gets this far, we can, uh, it's actually that I'm assuming the code gets this far weekend. Start the Ajax process. Now. People usually want to see an error message go away as soon as something is starting toe work. So what we have to do is instead of show, uh, type hide or hide instead of hoid. And that's that refresh test at test Taco, come test test test, test test. I'm gonna put in a bunch of test letters making nice along. Cool. Nothing happened, is what we want. What if I do a short one error? What if I do? A long one goes away. That means things are starting to work. Now we have all of this set up in the next lesson. I'm going to actually add the Ajax code in there and we're going to Ajax our first page. 12. Our First Ajax Call: Hello again. Up into this point, I've been basically just committing my code to get over and over again. Haven't showed you the last few videos, and that's probably fine. I'll show you a few more times. Ah, but I don't think we need to go over committing over and over and over again. Plus, you can see the entire history on get hub itself. Now, in this lesson, I want to actually add some Ajax. So when someone was registering, we have this awesome little event that just watched for a form to be submitted. The Js register form basic jazz validation. Now don't just rely on JavaScript validation. It's nice for the front end, but it could be easily faked. And now, if we wanted to add some Ajax, all we do is write the following a most copy and paste because watching me type a bunch of stuff is just Yeah, it's boring. You might see a little bit more of that in the future. If you ever see me just copy and pay stuff, it's most likely because I didn't type it out. I just edited the video so you don't have to watch it just as a heads up. You don't need to watch two hours of me typing. That's boring. All right, so I just copy that in there, we've got Jake weary Ajax. The type is equal to post. We always wanted poster information. If we set this to get that means the information is accessible in the URL. That's not wait. Want we want it hidden. Although it's not foolproof, it is a little bit more secure again. That one little extra layer of security always helpful. The euro is not set. The data is set to our data object. We call this data okay to do O B J for object. Just remember changing all your different places. Ah, when we're done, our site is going to return and whatever data is and data is going to be an object as well because data type Jason and make this a synchronous What happens if this fails? This failed. What happens if this fails or succeeds? Always do whatever is in here. And so our form is always going to return false. It doesn't matter. But what's important is now this little section in here and what we want is we want that basically have the Ajax done function run. The done function is important now. Before we could do anything, we need to tell where where we should. Ajax the page. So again, start with slash that goes to the root of your page and let's do Ajax slash register dot PHP and all I'm going to do is Consul. Don't log data, um, council dot log e If there's an error, um, and console log always just that we can see that it works now in our route we go new folder Ajax create another new folder, another to file, and we'll call that registered on PHP. And basically we'll take what we have taken from our log in file throat in here because we always want that config to be added. But if we went from our current directory into the directory, well, it's gonna go from if we read at the top. Here goes PHP logging course slash Ajax that is going to go a slash inc slash config up huge p which does not exist. So we actually need to move that papa folder just like that and any data that we return should be in Jason format on PHP allows us to do that really easily. Let's do. Honore is equal to test test to test three. And, uh, let's do Echo Jason and code array. Jason. Pretty print. And that's going to let us see you with this page actually looks like. So if we go into Ajax less register, we actually 500 error. Probably because of that. There we go, and it's just giving us regular information back. So what is actually looking for is Jason format. So if we add this nice little header in here which says, basically, instead of returning plain text returned Jason, we've got a content type application slash Jason, We're gonna throw that at the top. If we wanted to actually see what under the config. Make sure you configures loaded first and always returning Jason format. And there we go now where pages actually loading differently. If we were source, it looks different as well. But what if we added another array in here like an array inside of Andre? Right, So we have, in fact, let's actually do a multi dimensional array. Name is equal to Caleb, not equal Teoh fat arrow eso key value pair. And now we've got well, hard brackets means array. We've got value, value value and we've got an object. If we had another one in there, last name is equal to tall lean that goes in the object as well. And so Jason, pretty print just makes that look nice for us. Otherwise, it looks like this, which is basically the same, is reading this and that's that's ugly. Uh, I always prefer to return pretty print. All it does is just, basically, add new lines and some tabs. Uh, I don't see the problem with that, especially if you're trying to debug something. Now we need to make sure that this page is Ajax because I can access this page without Ajax . Like I just went straight to local slash jack slash register dot PHP And guess what? Boom! There it is. It's showing the everything that I need to see. I don't want that. So instead we do. If server request method is equal to post, otherwise die. Ah, kill the script, redirect the user, do something regardless. So let's actually show you. I'm gonna use the gap method, which means that just went Teoh Ajax slash registered a PHP, and I don't even see anything in there. That's because I had a little asterisk in there. Now it's still returning. Jason. You can tell because the font a little bit different. So it's actually move that into here. Otherwise, always just returned regular format. Let's move that into our post areas. Well, now there are other ways to validate or to verify that you are, in fact, accessing a page through Ajax. One of the ways is through the post method. Ah, but I mean, if you submit a normal form, it's also going to working here as well. Which sort of future proofs in a bit. Because if somebody was trying to submit a form Ah, and heaven forbid, they weren't using JavaScript. Well, what's gonna happen? Well, if they submitted it to this year, this you were out to slash Ajax slash register dot PHP. The post method would still work perfectly. But if they do have javascript, guess what they get the nice little features that come with it. Now we have you know, we don't even need to do anything. Um, a few things I want to talk about here. The 1st 1 Jason code. Okay, so it's always looking for a race. So make sure array always exists. It doesn't necessarily have to be arraigned. Just we could even call it return or return instead of return. Ah, the exit. You know, Python developers, they complain. Javid Java developers are like PHP. It's so bad because, you know, you could just exited at any time. But honestly, that's a good thing, because why does it need to execute anything else after this? It's just like a function when a function has that little return keyword. Nothing below that. Inside of the function is rendered. It is not executed. Same thing with exit. There's no point. Even though it is only three lines, there is no point running. The rest of it. Just boom, Get out. You're done doing what you need to dio. So now we need to register the user, but we need a few different functions. First, we need to make sure the user does not exist. We need to make sure the user can be added, uh, and is actually added, and then out. We want to return the proper information back to JavaScript to redirect us now with PHP, we can use a header to redirect people. All we have to do is type, header, location. Uh, h guess google dot com. Right? And that's going to redirect someone to Google, not what we want. Not that that's going to work anyways, because guess what? The user technically is not hitting your Ajax page. So redirect is not gonna work. I mean, it will redirect the page from whatever Paige you're going to s so we could say instead of going from whatever page the run Now, let's actually let's make this a little visual. So someone Ajax is this page. They filled the form click center information is gathered in JavaScript goes to our Ajax slash register page are PHP file. But if there was a redirect in there, we could redirected to log in dot PHP is gonna try to execute that and said, but it might not keep your post headers. So a better way is to do whatever you have to dio and return a redirect value or a redirect piece of an object back to javascript will return. We could say return redirect is equal to, and then, uh, let just go index PHP. This was a redirect. And to show you what I mean, if data dot redirect does not equal undefined, which means it is defined, it does exist. We could say window dot location is equal to data dot redirect. Now, what happens when we run this test at test dot com Test S s S s EZ test. Remember, 11 characters or more. And look at that index dot PHP. This was a redirect. It's not in her JavaScript. It's not on a register page. No, that is all in our PHP. So now we have our server telling javascript where to move the person when they are done. Now, we don't actually want that. We want a future page that we have not created, called dashboard and dashboard is going to force people to be logged in. That's something to come in the future. Uh, not something we need to worry about. We need to create a user first. And that is all there is to Ajax. Now, as one more example, let's do return. Name is equal to Caleb. Colleen. Nothing fancy. But remember, this is an array. We know that this isn't array. It's going to basically take that obre, Jason, encode it and throw it back to JavaScript. Now we can see what that looks like and we can access it. We can say alert that data, that name back to your page and I'm gonna go test that test dot com. I don't really care what type was at the moment. And when I click register, there we go. There's my name and we can Actually no, We could have seen it. There was a redirecting their because too efficient. There's my name. He always shows up. Always, always runs. Nothing happened there, but there was a consul logged up for a data, which is what it returned. Guess what? It's gonna redirect us back to the dashboard, and it's going to set our name as Caleb. And we saw that when we submitted the form, it said alert. Caleb calling on that was from again, PHP That wasn't from javascript. That was from PHP. Now all we have to do is we have to query our database. Does this user exist? Know if they do not exist, create one. If the user does exist, maybe try logging them in Simple as that So in the next last, what we're going to do is we're going to create a new user. But before let's go ahead, get status. Get ad uh, get Just get status is going to un enroll or unravel. The Ajax Directory is gonna show us what's in there. Get commit added First Ajax page get push origin Master. There it is just like that. So in the next lesson, let's go ahead and actually create a user. 13. User Registration Part 1: All right, So now what we have to do is actually look for a user because we can't have double emails and in the same table. Because, remember, I'm gonna go back here and click on structure indexes. Email has to be unique. They can never be more than one of the exact same email. So with that said, Let's go ahead and take a look at our Ajax Register code so we know that we have access to Khan because Khan is in config as kind and the config is loaded in here, which means we have access to that variable. Now that's within our scope. If you're used to my SQL I this is gonna look a little bit different if you're used to just my SQL. While here's a little treat for you might ask you has been deprecate ID for a while. It has a ton of security flaws. Use PDO, which is my SQL I, which is the function based, or PDO, which is a class based. I use PDO because it's better. It's easier to read. It's just the future class base is where it's at, and we will slowly get you there so we need to make sure that this user does not exist. What? What do we have to do here? We have to query the database. So let's type in. Fine. User is equal to con Prepare Select User I d. From users Where user i d is equal to user. I d limit one. Now let me explain this real quick. We're selecting just the user I D Row, which means we're slacking justice. We're going to store that in a session later, and that's going to how that's going to be, how the application knows that you are or are not logged in. We're going to look in the user's table right users table right there. Gonna look for the user i d. Where the user idea is equal to cold and use. Ready? That's weird. But essentially, that's just looking for where that user ideas equal to user i D. And that's actually totally wrong. It should be. Email is equal to email, so we're looking for whatever the email is, and we're going to do a limit of one. So that means if we have 500 million users and we find the the email address that we're looking for. Ah, let's say within the 1st 10 Rose, it doesn't look anymore. It doesn't do the rest of what it's supposed to dio. It's the exact same is returning from a function or using this exodus soon is it's done. It's done that makes your service even faster. That's why we use Limit one now. The goal here is ideally, it does go through every row and it doesn't exist, so hopefully it does go through every row. If we had 500 million users, we don't. So this use is not going to exist. But let's go ahead and buying something. So this that little cold in that you see there colon email were binding. That's where we get Ah, fine User is an object and we use the method by Param parameter and we do email e mail PDO param strength Go ahead to lead that tape and execute. And so what this is going to do is it's going to bind this value with this value. So, Caleb, why don't I just write email? Well, the nice thing about PDO is you can actually pull your variables outside of your SQL statement. That means less chance of SQL injection and PHP can handle your variable the way it needs to. So now you don't have some malicious user coming in thinking that there are typing that their email is drop table users. Oops, dropped table users and being injected in here actually would be more like. There we go something like something that where email is equal to and essentially what this is going to say. And this is a quick lesson on SQL injection, where email is equal to. Doesn't really matter. You could have just put one in there and drunk table users semicolon, SQL says. Oh well, that's the end of the statement. So don't execute anything else, drops your users table as bad PDO tries to strip some of that stuff out, tries to make sure that instead of just the apostrophe, we have slash apostrophes, which we have had access to before through my SQL real escape string and and all that other nasty named function stuff. But this time we have PDO on our side. Now we don't want to completely trust PDO, and we don't want to completely trust PHP, and we also can't just use email because email does not exist yet. In fact, what it actually is is post email. Now, how did we get that? The Post email comes from the post method, which is the Ajax post method. And the email comes from that data object. Well, it comes from right there. So now we have Ajax talking to her server. We can actually work with this now. You can't just type some email at email dot common here. This actually has to be a variable. Has to reference something that's part of the PDO magic. But again, we don't just want trust PHP. Why would we? Why would we trust anything we didn't create? And even if we did create it, we still shouldn't trust it. As developers, you have to realize that you're smart. You're smart person. But there are probably smarter, more malicious people out there than you, and they're going to find a way to mess that up and destroy your application. So how do we get around this? Well, we can use my SQL I real escape string or if I go over to my get home accounts I've got go to get have dot com slash Caleb Antalya slash PHP user data filters and filter PHP. And I'm gonna take this entire class and I'm going to create a new where we a new file and I'm gonna call it filtered out. PHP. Throw this in there and I'm also going Teoh, copy that in there because we don't people trying to access this unintentionally. And so what? This little feature does this little class filter string And if you did email, for example, is going to filter string and the string that you want to separate. So actually that is unnecessary, because that's just ah, basically allowing be ours to be in. It's from an old project amount. We're gonna filter the variable, we're gonna sanitize the string and we're going to strip. Ah, low priority. Basically, if a she male is not allowed a child's eagle to false HMO's eagle to false, then also add this one and there otherwise just sanitized full special characters, which allows html encoding. So essentially, what this is doing is PHP is going. It's going to filter the variable. It's going Teoh, do what it can do to make sure that that variable is actually a variable and that we could go filter string and in our config. We need to have that in there. Now. Email is presumably safe. We also want to make sure that email, physical string to lower case e mails. It's always lower case. Or instead of having this in here, we do email. We could do lower and let's my SQL handle that. And let's my school. Let's let my SQL handle that. PHP doesn't need to do that. My school's superfast basic things like that. If we type find user role count is equal to one user exists else. User does not exist. Have them now Google, Right? So what happens if the user exists? Well, we can also check to see if they are able to log in. But instead of doing that right now, what we're going to say is, return error is equal to you already have an account, and let's go back to our JavaScript and in here because this returned 200 http status is very important. A 200 means everything is a OK, and so if we have else, if data dot error does not equal to undefined, that means there is an error and we say ever dot text is equal to whatever data dot error is and show it and let's put that on several lines for readability and there we go. So if someone hasn't account, that's that's going to show up already. Now what happens if the user does not exist? Well, we have to make them an account. So we do different statements that of selecting, we insert. So instead of I was about to type fight what I meant to type was at user is equal to con prepare, insert into users. And what do we want to insert into? Well, we want to insert the you know and the password, So I'm just going to set this up, and then we're going to take a step back and actually create the password itself. So we go insert into users email, password, those air, the These are the columns. So we've got email. A passer they look like Rose. They're actually technically columns. Ah, and then values is email, password and user. We're gonna bind our first parameter email Tiuna PDO Param string. We know that that's allowed by the way, this Param string is because PDO is knowing PDO knows that this is going to be a string while you're telling it that is actually going to be a string. If it was just a number, like if you were looking up a user by its I d ah instead of, you know, do this instead of email, it could be like user I D and user I d could technically be a string because my school technically stores everything is strings we could type PDO pyramid int or if it was a no value, it would be no eso. We have a few different options there. What we're working with right now is just the strings and copy that password boom. Copy that. Execute troops execute, delete everything else. 14. User Registration Part 2: this is going to add a variable called password that does not exist. How do we create this? Well, we need to actually create a hash. So what we do is we create a variable called password, and we don't have to encrypt this past or anything because are not encrypt. But I guess, filter, we don't have to run filter far anything on it because it's going to be encrypted anyway, so it could literally be dropped table users. It could be literally ending the world. But we're gonna turn that string into something that is completely unreadable. And we do that with password hash. Now, trust PHP with this not hard password, hash, post password and password default. So what this is going to do is it takes your password, right? You can trust pH for use as and is going to turn it into a hash. Now, what does that look like? Let's go back to register. Let's throw something in here and let's go. Uh, yeah. Passes equal to, uh I don't know. Hello. My name is Caleb Echo. Pass at that. We're going changes. I'm doing this just to show you what this looks like. Eco password, which is our hashed one exit refresher page. This is the password that stored as a string. This is the password that's stored by PHP. It's It has its hashing there, which is unique to each user. It has the actual password, sort of. In there. It's got its own verification methods. It is solid. No, I have to tell you to never, ever, ever, ever, ever, ever, ever, ever store a password in plain text. You want your credit cards stolen stored in plain text. You want your password. So on your whole life here, a whole online life ruined. Store your password in plain text. You want to ruin other people's lives, store their passwords in plain text, which would probably be followed by a very large lawsuit. So just be very careful that you never, ever store passwords or sensitive information in plain text. End of story, no ifs, ands or buts. Just encrypt it. And we're talking one way encryption not being able to unencrypted password. So we have a password hash. We can use that password in here. Awesome! Awesome. Awesome. Now, if we want the user, I d. Well, we could go in query. We get basically a select user i d from user where email is equal to. Actually, what I wanted here was I totally forgot that lower. Ah, but we could select user I d from users. Where emails you to lower email limit one. We could do that again. Or we could just say user i d is equal to con last insert i d Which would be whatever this is going to be. Now we know that's going to be one, but it could be 255,401 for all we know. Now, if we want to sign the user in we create session user, I d is equal to user i d and what I'm going to do here is this is called casting, right? So this will probably come back as an integer. But if we selected user I d. Right from here, this would be a string. Now we can get into that a little bit later. I just like making sure that what I'm sending back to JavaScript is exactly what Javascript thinks it should be. It shouldn't think that one is a string because one is not the same as one is not the same as one. Technically, that one's different. Those are different. This is what my SQL tries to return. This is what we want to return. This is just a float. So it has decimal points. Now all that is good. We can do redirect. The no return redirect is equal to dashboard PHP. And then we could say like, Well, uh, message message is equal to welcome or something I got and we'll get rid of that. It's no longer useful. And so either way, we have returned. Coming in return is going to return something it exists. And it's going to be Jason Coda to return back to JavaScript. If there's an error is going to show on air. If there is a if it works, is going to give us a redirect. We could even dio return is logged in is equal to true. And if we wanted to, we could say that one is false. And then in our JavaScript, we could say Ah, instead of if data dot error, we say if dot uh oops is logged in is equal to true. We could do something else. We're not gonna do that. We have enough information. We don't need to send anything extra back. So let's go ahead and give this a shot. Uh, actually, I just noticed that from the last lesson as well. No, no invaluable or something. Register test at test dot com. Cast test test at his right test three times. Oh, look at that. Okay, so we have a 500 error. So how did I notice that? Well, the but didn't do anything in my consul. I got a little X one, and it says post 500 internal error. I click on that. And that brings me to the little network area where it says register X h r. Which is x http request or xml http. Request technically. Eso at x h r means JavaScript means Ajax, which is technically JavaScript, return our sorry click on register response. Nothing is coming back now. Why is that? Why is there nothing coming back? Well, waveform data now, what happens if we did? Or one is equal to one, and we just want to debug this. Oh, well, look, nothing is showing up. So in our config, let's go ahead and set allow groups allow errors and pop that in there. A reporting minus one means all I and I set display. Ares is on. Let's see what happens. Look at that. I get an actual error. Now. I believe that that would be Jason as well. And we don't want that. So let's come with that. Oh, under five variable email. Well, isn't that interesting? Okay, well, we know that that's going to be undefined because, well, its post method and we're currently not using post we're currently using Get. But here we have the actual problem. Syntax, error or access violation. Yada, yada, yada, yada. Ah, near email. Password. And that is because I got a little too excited and I put the lower in the wrong spot that should have been was it's going to insert a lower case email. Now. What we can do is we can go back. Do we could try that once more. Oh, actually, again. Ah, filter online. This filter line eight. That was a problem. Does that test test test test is the password Undefined? Because remember, it was trying to alert my name. Well, it doesn't exist anymore. Came back is undefined. and look at that. So we are logged in. It was supposed to redirect us. It's doing its job. I just didn't set the JavaScript up right. So now I basically just on commented the redirect. Its going to redirect. Get rid of the alerts. That's unnecessary. Get rid of the concert log unnecessary or that council augat necessary. Refresh. And actually, I'm gonna create another user because look at this. I go into my table and I've got user the one. I got the email that I added, I've got the password, whatever the heck that actually is and the time that I registered, whatever the server time actually is, which, oddly enough, is like dead on. Usually that's like several hours off when it comes to local development, so we know that that is working. Let's test that test dot com. Let's try another one. Let's use the exact same email address. Oh, you already have an account. Why is that? Well, because test at test dot com already exists, so there we have it. We have an Ajax request creating a user force. Now all we have to do is create a log in function which basically says, Oh, does that email actually exist in our database? If Yes, Okay, go and pull that password. And if that password, the hash matches the new hash that we're going to create for whatever pass phrase they used to log in and we're gonna let PHP do the algorithm matching because as humans, we kind of socket doing algorithms. But computers are awesome at it when those algorithms match and it's not the same is like, you know, one is equal to one thes are very, very different. But if they do match there, we consign the user in. And when we signed that user in, we can go ahead and redirect them back to the dashboard. So that's it for this lesson. And the next lesson. Let's go ahead and actually create the log in 15. User Login via Ajax Part 1: Hello. Hello. Hello. Already we created registration via Ajax. That was pretty cool. Now let's create the actual log in via Ajax. Also pretty cool, but it does require a little bit something that's a little bit different from what we usually do. Ah, and instead of using a password hash, what we're gonna do is we're basically going to rehash the new password and verify that the to hashes are, you know, matching. They're not technically matching compared to the string. But the data that the algorithms end up producing is actually the same. So let's get started by going to log in dot PHP And does this do anything new? Sure doesn't. All right, well, what do we have to do here? Let's go into our log in dot PHP file and we have Js log in. Well, let's go to our main file. We don't have Js Logan. So what we can do is we can copy and paste is now this breaks. One of the fundamental rules of programming is we are copying and pasting quite a bit of code here, and in all honesty, we shouldn't be We should write a function that handles basically all of this. But this is not a janitor, of course. So we don't have to follow that rule. Uh, I will, however, leave this up to you in your future applications to optimize this coat. So, uh, by copying pace and we have to go line by line, Otherwise we're gonna definitely mess miss something weird about jazz log in. Does that make sense yet? Js logging is a class prevent default error. Does that exist? No, I don't believe it does. So we go. Uh, well, actually, what we haven't registered. Just copy that over, literally. Copy that. Over. That's the exact same same class and everything there is gonna look forward and form the email and password. We have an email. We have the password to those match up with those types. Proper type email and password. That's perfect. If we emails less than six. Yep. Ever. If your password is less than 11 yet they're assuming assuming. Okay, there we go. We want changes to log in. And look at that. We changed almost nothing in here. Ah, we didn't change really anything. All we changed was that. And that's all we're going to change now. we can optimize this very, very easily. And instead of having that entire listener, we can basically go up here and we can say to do if let's do a turn Eri here So I have formed on has class Js log in? Then we would do the log in. Otherwise Ajax registered at PHP. So if this is a log, inform, try, log in, otherwise tried to register, that's what we could do. We're not going to do that. I want to keep this code. Although it is a lot longer, I want to keep it separate just for the sake of being able to go on experiment later. Now this is a good point to go on, optimize your code if your interest optimizing code. But usually I wait just a little bit longer and optimized my coaches because I'm not sure if this logging is actually going to have anything else now. I know because I've made so many. Lockett's logging is not going to have anything else for this particular use, but if this long and had to do something else, I may not want to use the exact same code for the registration and log in. So let's go to her register are Ajax slash register page. Let's say that's get rid of that and before we do anything because I totally want to do this last time, get status. Get ad. We've added our filter. We've added a log in. We've modified the index config, main and register. So let's just go ahead and add all of these. Also, it is a very, very good practice to get into actually reading each line. Just it doesn't take that long, because sometimes there's something in there you don't necessarily want to commit. So get commit. M added register registration via Ajax Ajax, Ajax get push origin Mestre from the boom done. Yep, There it is. Let's go check this out. We're not even in the right repo anymore. And look at that. We have a ton of information in your sweet We've got new files. We've got all sorts of stuff in your awesome read. Me needs a little love, but that's OK. That's just simple markdown. Now for the log in. Let's go ahead and duplicate this duplicate Call that log in again. Duplication Got to go through everything. Ah, we are using the email. We're also going to always be using the password. All right, Do we need to find the user? Yeah, we do. We need to find them by their email address, and we need to get their password so we don't just want their user. Do you weigh also want their password if the user does not exist? Remember, So what we're doing here is we're selecting user I D and password from the user's table, where the user email is equal to whatever email they added into the form limit one. Now, if the user exists sweet, try and sign them. And if the user does not exist, guess what they need to create a new account. So let's create an error. Let's do a new registered at PHP, and all this is going to dio is if the user does not have a count, is going to give them a link to go create account, because why not that there is something not to mention. You can actually change the headers. You can add a 200 status. If everything is going well, you can add a 4034 forbid you can add a 302 or three a one for Rita Rex, Um, and Jake Weary And your Ajax function can actually pick up on those different http. Status is but again for simplicity sake. We're just doing it this way. We're going to add an error here, or we're going to try to sign someone in, um and redirect them. That's all we're doing. But there is actually much better way a little closer to on a P I where it's a little more stateless, and you can use http headers to basically tell the other developers like, Oh, when they're trying to sign in there getting a four or three, Well, why are they getting a 43? Does it come with another error? Does it do anything else? And then all of a sudden, if you have, like a 403 you're you're successful. Ajax code is no longer in the Ajax done. It would probably be in the Fail, or it would be in here where it's believed its status code. And then we put, like 403 function and then alert, not allowed or something like that so we could do something along. Those lines were not going to get into that if you want to. You definitely can. But this course is supposed to be, you know, shortened sweet. So let's go ahead and user exists. Let's close that because I don't want to get that mixed up with any other code. Um, And now what we need is we need to pull both the user I d and password. So let's go ahead and say user is equal to find Oops. Find user, fetch PDO, fetch a sock. Uh, and what this is going to do is create and it Ray So, user, Now all of a sudden looks like user I d. Ziegel to one and user password is equal to well, whatever the heck this is. And so this is essentially what is going to be creating for us, right? So now we have access to these without actually having to write them because it's stored in the database for us. But I like to cast because it's a good way to know what you're working with. It also sort of sets you up for python in the future and other languages that rely on, you know, there's a little more strictly written PHP is not strictly written where you know we could . Right User idea is equal to one. And we could say, uh, if user I d is equal to one. 16. User Login via Ajax Part 2: right. So it's gonna try to match this and that and that's gonna come back true. And that's not always applicable in other languages. So what I like to do is user i d is equal to Inter. Juror, just cast it. User User I d on the password. We don't need to do anything with now in this area. We need to validate the user. How do we do that? Because we have this gross password. We have no idea what that is, and that's good. We don't need to know what that is. So for simplicity's sake, let's take password is equal to user password. Let's also change that to user I d. So these are just a little more standardized. We know what we're working with later, so we don't have to use gross array basically now, before I continue, The reason that I didn't cast this to a string which I could and it would be perfectly fine is because this password is already a strength. When our database query comes back, it basically thinks it is that that is not our password. That is our password. And it comes back in a string we know it's in the string because wrapped around quotes, we don't we don't want that. And why do that? Because all the string is going to do is going to turn one into one that's always going to dio so same thing now to verify the user. We do do do do password verify. We want to verify their password with their hash. So backtracking here password is equal to post password Google that never gets sent into the database that we don't need toe clean air, strip it or anything. This password. We're going to rename the hash because technically, it's a hash. So now we've got our password. We're comparing whatever the user's password is to the hash. This is so what it was basically trying to do is this was my password. Like, Do those match up? No, but PHP is smart enough that it could figure out how to match those up. User is signed in invalid invalid User E mail password combo and to return air. Let's even just say that in valid a user even a sash password combo, and here we could do return. Redirect is equal to wherever we're gonna tell to redirect which just going to be the dashboard PHP page. But we also need to set a session user I d. Is equal to user I d. Now the reason that I cast this little earlier not only because it's a great practice, especially if you're going to write anyway languages like Python in the future. But now this session is also set as an integer. It's no longer a strength. Does that matter? Not in PHP? Not really. It's just a good practice. Now there's one thing you need to know. First full sessions are tiny little files stored on the server, just like a regular cookie on your browser. But instead of being on your browser, guess what? It's on the server. So if you have 100 million users and has 100 million tiny little files yet your servers going to slow down, do you have to worry about that right now? No. If you're watching this video, you're probably not creating a service that's gonna have 100 million people in the next year. So yeah, lots of time to learn. So don't worry about that. The other thing you need to know is sessions need to be in Stan Shih ated by default. They're not turned on. And just for that reason, too. So if we go to our config and we make sure that our sessions are always on, sessions are always turned on, we could say, if is set any session. And that's a global super variable, just like how we wrote post or get or request or server. It's the same thing session and all we want to do is sessions start and again. Caleb, you are having a bad day today typing. But all we're doing is setting the session. Just starting it were telling ph behavior we might be expecting a session to come in. So maybe just just allow that to happen. Go ahead, say that inner configure. We have our session in your We have a user, I d awesome. Awesome. Awesome. Now let's go ahead and see what happened. Oh, actually, before we do that, we have an error that returns html cool. Problem is, our error does not show a she male. Now it does. It was showing just text before the differences. It will take your HTML and it will show it as text versus actually using the HTML method here will actually rendered as regular HTML. So let's go ahead. Refresh test at test Duck. Oops, Tessa test dot com Test test test Well, look at that patient found. That's awesome, because we don't have dashboard dot PHP. So everything is actually working and we are signed in now. Now, how do we actually know where signed it? Well, let's go ahead and let's take index and let's go duplicate and call that dashboard dot PHP and eco session user I d is your user. I d exit all. We're gonna dio Look at that one is your user I d Now if I went here in incognito mode, nothing happens. Look at that undefined index user, I d Why is that? And that's basically complaining that this does not exist. But because we log in, it exists. And now that we know that it can or cannot exist, we can now give people certain information. We can give them a curated news feed. We could allow them access to their e mails. We could allow them to message other people who are also logged in. We have this whole world that opens up to us with just a little bit of verification, and all it is is one little number. And in this case is the number one. That's all it is now in the future, we're going to use this session user I d as the actual user idea to go and grab other pieces of information. So don't just set lauded is equal to true, because that's not useful. Well, sure, the user is logged in, but, like, how are we supposed to get their user? I d And so what sessions you sessions per per miss? Uh, sessions persist. Page over page over page. So if I took this and I went over to Let's go to register one is the user i d. What if I went to log in One is the user I d. So now now we have this piece of information that exists on every single page without us having to set it. They don't have to sign in every page. We don't have to use a cookie, it's safe on the server. And I'm actually going to go and do those because those are ugly and we don't want those keep the dashboard one and let's just go ahead and get rid of whatever stuff is in there because that's unnecessary. Google cool. So in this lesson, what we did was we created an Ajax log in page. We have a registration page now. We just need to force people to either log in on certain pages like the dashboard on, not have an error show up, and we need to be able to log people out. And that's it. That's all there is to it. It's pretty simple now. There are ways to make this a lot more complicated, but we're not going to get into that because really, at this point, all you need is a log in system. Now, before we take off, get status. Get ad. Don't want to add may yet do I want to add the config? Yep. So I want to add the log In case you do. I want to add the dashboard pace. Yes, let's animal get status. Get commit em, added Le Guin via Ajax. Get push origin, Master, There we go. That's in there. Let's go back to you. Get Hub! Look at that, Ajax added. Log in via Ajax. Sweet. Everything is working as we had expected. Cool, Cool. So I will see you in the next video 17. Force Login on Certain Pages: Alrighty. Welcome back. So things are getting excited. We created a registration system using Ajax. We created logging system using Ajax. We could theoretically create a log out system v Ajax. Although that's a little overkill for what that functionally actually is. We'll get to that in a bit. But today, or rather in this video, we're going to learn how to force someone to have a user. I d session and it's actually quite simple. What we can do is we can say, if is set session user I d. Then everything is good. We could do something else and not is if the user is allowed here and we can say else if the user is not allowed here. So what we do if the user is not allowed, let's just redirect them. Let's do header location and let's just move them to log in dot PHP and we don't want this to ever run afterwards, So let's add an exit and that's it. So if I go to dashboard well, it allows me in their eso. Is there anything in there that's just say dashboard just so we can see it dashboard here, Google Dashboard is there that means I'm London. But what happens if I open an incognito where there is no session set? That was pretty fast. So if I go to a local host dashboard dot PHP, well, it's forcing me back in the log in page this matter how many times ago there is gonna force me to log in over and over again. That's all there is to it. Now, instead of writing this instead because this is a super super global variable is technically what is called we can write a function called Basically, we can call it anything we want. Check if log in or three direct or we just say forced log in, which is the one I like to use. Throw that in there and look at that. So if we go to dashboard now, actually that's do dashboard incognito. This will show up cool, not what we want, because we're not signed in incognito mode. But if we ran forced log in with one single little command and we go back to our incognito page, it forces us to log in again. Perfect. So what do we want to do with this function? Well, we create a file a long ago, a long, long time ago called functions. There we are PHP syntax crabber functions through a comment in there, forced the user to be logged in or redirect. These are not awesome comments, but they are at least comments. Now that's not going to do anything, because if you had guests, it's not in here because you're right. It's not being included into her file yet. Well, we don't need to include the classes part. All we need to include is the functions dot PHP. Now. Why is that? While because CONFIG is in the ink folder right here and all its looking for is functions, it's looking for a sibling, not a child, not a grand parents, not a parent, just a sibling. And that's in the same hierarchy. So we don't use the DOT We don't use a folder. Name has just functions in PHP. Go ahead, say that and let's do this. Loggins, like everything's going dashboard forces us to log in and let's go back to dashboard while we're logged in. So it's right there. We have it, and that's how you force someone to log in Now what if we want to do the opposite where nobody is allowed to hit the log in page or the registration page while they're logged in. Well, let's go back to functions and let's create function, force, dashboard or something. And essentially, it's the same thing as this. We could say if the session is sets, But instead of doing this, we go dashboard. And if the session is not set, we'll just keeps on keeping on. But redirect anyway. And if we go over to oh, a picture we want to plug in, we put for a stash board. And if we went to register and we put for a stash board and we went to dashboard and said, Dashboard, here you are signed in as user session use ready forest dashboard, unexpected syntax there. What is it saying? Drew to do line 13. And the reason for that is because I spelt that wrong Cool Dashboard works. Now we go to log in page. It's not going to let me into a log. Pages actually forced me back to the dashboard just like that. And if I go to the registration page again, it's not gonna let me there. It forced me back to dashboard. Awesome. So now we have a system where people who are already logged in don't see the log in pages they don't see the registration pages has all based on one little session and vice versa. When they're on the dashboard page and they're not signed in, we forced them to log in pretty simple stuff. Now that we know how all these pieces actually work together. So that leaves us with just logging out. And then we could do some code clean up afterwards. And as usual, um, clear that kid status dashboard. Uh, what I want to see? What did I do differently on the dashboard? I mean, I know off top of my head, but if I don't remember if this was from, like, yesterday or something Oh, look at that. I added force log in and I added a new line in their cool. So I know I can have that. Not at all. What? I wanted to get ad dashboard up. Hp get def. Is there something that I did differently in the functions file? Quite a bit. Looks like I added the two functions get add in functions, get status now I've got a config. Morgan and register. I was God. The rest of those I was called forth. Log and functions get pushed. Origin, Master. And now those air up and get up just like that. 18. Logout: already. So now we have a log in. We've got a registration. We've got pages that can only be accessed by people who are signed in. Now we have to be able to log out. So let's go ahead and just copy log. And I guess caught log out and we don't need that. We don't need that. In fact, we don't need anything. Technically, all we need to dio is So what you see here is the past time, Uh, which is time right now? Minus typically one hours. Good enough. Although I've seen places where an hour is not good enough. So time minus one hour of seconds, which is 60 times 60. 3600 is good enough. So we're gonna start recession that we're going to destroy the session. We're going to close the session, and, ah, if we have any cookies from the session and we're going to get rid of those and we're also going to regenerate any ideas and that's going to force the user to sign out now, lastly, we also need to redirect the user somewhere where you know they consign back in or the home page or something. So let's just sign them back into Not not not send them in. Uh, rather Let's just move them to the index up PHP page intent that because I don't like code touching the walls too often. Save that. Go over here. Right. Okay. Dashboard thinks I'm logged in. I go to log out. I am now back on index, but I don't know if I'm actually logged in, so let's go back to the dashboard. No dashboard won't let me back in. Why aren't you letting me back in? Oh, is it because I don't have a session anymore? My user i d session is gone. So the way we actually get rid of a session. Technically, eyes we can start the session, but we can pass it the value of past which in this code is actually obsolete. On that, we could destroy the session basically, by saying Okay, this session expires one hour ago, and so a computer will go. Oh, expired one hour ago. Okay, It's it's no longer relevant, but instead we're going to use sessions. Start destroyed, right. Close. We're going to remove any cookies and regenerate the I d. And just like that, we have a long ago. Now the reason that I showed you the past part that passes equal to time minus 3600. That's purely because a lot of older projects like PHP 5.6 uh, session destroy won't necessarily destroy their session. All it will do is destroy a session on a page. There has been a little bit controversy around that, but essentially in PHP 5.6 and and younger versions or older versions, I guess 5.6 and under. They required basically a session to expire one hour ago, which was sort of weird, considering you should just be able to right session destroy and and it's gone. I guess that's fixed these days. Awesome. Awesome. So we don't have to deal with that anymore. But I wanted to show you that because you're going to come along, you're going to see some PHP projects in the future. And that's exactly what they're gonna have is something like that. You're gonna think to yourself Well, what the heck, But guess what? It doesn't matter. We don't even need to have our config in this file either. It's pretty easy. All that does is get rid of your session and move you back to the home page, and that's all there is to logging out now, As usual, let's go ahead. Get status. Get ad get add, get status, get commit at a log out page. Get push origin master, and let's go over to get hub. Make sure let's go in there. We don't actually to check getups going to give us this little message here, resolving Delta's one of one completed with one local object. It also gave us our little hash in there. And so, yeah, it tells us that everything is going well, so we don't actually have to check. Get help dot com for it. We just know that it's gonna work because it gave us the working message. And so there's a little bit of trust you gotta build with get, but it is. It's very, very reliable. It's a tool that has made programming in teams made programming that Facebook and Google, Yahoo, Amazon or all these other companies. It is actually made it very, very possible otherwise, dealing with like 2000 engineers at any time is going to be very, very difficult, so you don't need to look at get all the time and that is our Lago page. And so we basically have a log in. So some Lagos system, we have a registration system. This is all done through Ajax. We have a dashboard that only certain people can see if there actually registered. And now the only thing left to do is really clean up our code. And while you might not care about cleaning up the code, it is actually really important to maintain your code. That's the hardest part about being Web developers. Maintaining your coat. If you can't maintain your code, how are you ever going to improve it? You're going to leave your code. The weight is now, which is honestly, the R code is quite sloppy and we're gonna come back two months from now. We're gonna think What the heck were we working on? What were we doing? Why is this not in a function? Why is this not in a class 19. Creating Functions: All right, All right. Welcome back. So, for this lesson, what I would like to do is just clean up some of the code on maybe add just a slight personal touch and maybe a log out link. Ah, nothing fancy is gonna happen. Here s I'm gonna try to get through this really, really quick. So first thing I want to do is in the dashboard instead of saying you are signed in his user one. I want to display your email address. But how do we get that from the user? I d So we can do this User ideas equal to session user I d. We know that if the code gets past force log in that we have the user I d that's accessible to us. Because if we just hop over to functions up, PHP if it is set, do nothing. If it's not said, it's going to redirect us. So if it wasn't said we wouldn't be executing any of this code. Some sense that the user i d. Instead of writing session user, I d just sort of to keep things consistent across the rest of the application. And then let's find, uh, Let's find the registration Date the email address from this user So we'll go get user info is equal to con Prepare, select email and ah, let's do Reg date from users where user i d is equal to user i d linnet one. Get user info on Remember, we've buying the parameters with PDO. We always bind, Do use right D type in the variable use righty. And this time we're going to use PDO param int and get user info. We just execute it. Now, if you have a system that could delete people, if maybe your system is invite only someone got in and you wanted to kick them out, you could delete their information. Ah, if you have something like that, you're always gonna want to check to see if that user actually exist. If anything was found, it's not hard to dio. And it doesn't take a lot of processing power either. So it's it's quick little win for you if you just type. If Jack user info throw count is equal to one otherwise user is not signed in because with our functional does, this check of that session is set. So if someone is on the website, but within the 15 minutes that you know that session is alive until they hit that next page roughly give or take a few minutes. Uh, if you deleted that information, if you deleted their user i d from the database. Well, guess what? They're still gonna be able to access everything you need to make sure that they can't access anything. And so a real life example of this would be like getting banned from a group, um, or getting kicked off of Facebook, for example. So we want to check to make sure that user just And if it doesn't, we do header location, and we're gonna force them to log out and log. Oh, it's going to bring him to indexed up huge to be, but it's going to get rid of all the other session information s so that the system can sort of just refresh their settings. Now, if the user was found. User waas found begin type user is equal to get user info, fetch PDO. Fetch a sock, which is Honore. If you wanted to fetch an object instead of unready, you just type fetch LBJ, but ran type that Jae Sok. And now we know that if the user exists, there's going to be this user object in our code. But if the user doesn't exist, well, guess what the rest of the code is not going to execute. And let's just add a little. The little exit is just a little security, but just just in case. And so we want to say, Let's do this. Uh, the dash word, not the sash board. And hello, Paige P echo user email You register registered at PHP User. Um, Reg Date. And so all I did there was I got the email address from our query. I got Reg date from our query, and I got the variable, the user array again from our query. So if I say that refresh look at Reg, Date does not exist. Why is that? Well, if we go back into its not red state, it's Reg. Time to go, Reg time. And there we go. That's my email address, and I registered at that time perfect. So little personal touch there. Now, if you have a first name Ah, you can add their first name in there when they register. You can add that in there as well. And let's just to a jury of Zika to lago God PHP with a little Lago link there. So we've gotta log out link, and that will essentially just let people like in and out cool. So that's a little Tidier. Now let's go look at our functions on some of our Ajax steps we've got log in, right? Well, we want to log the user in, but we don't necessarily want to write all of this code. So what we can do is we can wrap this in a function and basically uses over and over again . So it's right a new function. Uh, actually, let's take a look at what that can do and is doing so. Ah, what is it doing? It's just it's looking for the user. If the user does exist, it's gonna try to log them in. If it doesn't exist, it's just going to give them a different air. What part of this can we use more than once while we want to look for the air? Uh, sorry. We want to look for the user more than once. We probably want to look for the user here is Well, would you look at that? It's basically the exact same code. So what happens if we wanted to write that just once? What? We take this and we go find User is equal to find user function, which does not exist yet. And what, what was it looking for? I was looking for just the email. It's the only custom data in there, and it also requires the connection. So let's type in the email. No, rather than taking the connection and then the email, it's great function. Find years, our connection email. And let's move that in words. And so now we have email, which is supposed to be filtered in here. But let's not trust that anyways, because if someone else's writing this Coke, you don't know if it's trust or not. And filtering it for a second time is not a big, big deal, really. Eso email is equal to string email, and let's just ensure that that's always a strings will cast it, and what we need to return is, well, basically, the whole query. If the road count is equal to one, uh or not, so we could just return the role count because that's all that this is being used for just here and there. So let's do you find User. And if find User wrote count is equal to one return true, otherwise returned false, we could also additionally your, uh otherwise rather I guess we could do Ah, user found is equal to Boolean find user bro count and return user found. So what this is going to do is if there was one user found while one in Boolean is true and zero in Boolean is false, so we could just return the Boolean value of how many rows were returned. So now, instead of even putting that into their variable, we could just say if find user and it looks for the user. Now. We're not going to do that because that's a little bit messy. We would prefer to put that in our own variable and then if let's actually rename that go user found. So if this is true, it's going to space. If you say yeah, the user is already found. If it's false, IDs going to go ahead and create a new user, but let's go ahead and supplement that are inject that into Logan dot PHP as well and delete all that now just a heads up. If you're working with WordPress, you're going to see a lot of this Global Con, which means basically, that connection variable that comes from our config is going to be allowed to be using here , and it's not going to show up as a parameter. I advise you to not do that. That was acceptable 15 years ago. That's no longer acceptable. Don't do that. Just pass it in. Nothing wrong with passing in one of your variables into one of the parameters of your functions. So there we go. Instead of having to write the query twice, we've actually only written written the query once on. And if at any point in time this query needs to change is going to affect both places. So now it's extremely efficient. So let's log out. Plug in Tess at test dot com. Test test test says already have an account. Uh, which is actually to do if you're there, found we want to do the opposite. If there was no user found, then go ahead on and log the user in. But in fact, it's this one's a little bit different because it's looking for the find user. So let's go ahead. And, uh, let's make this function just a little bit more complex. And that's a return a sock is able to false. But if it was for some reason true, then we could say, If that's true, just return. Find user, fetch PDO, fetch a sock and that's just going to return the entire object. Otherwise it's going to return the Boolean. So let's do the log in. It's changed that over to True. Now it says, I don't have an account. Well, why? Why is that? Well, it's because says already have an account. Well, that's totally fine. But now why is that? Well, look, we've had a redirect. We've got air in here. When we have an air, we don't want to show that error. It still says we already have an account. Well, why is that? Well, let's take a look at her debug toe. This is a great example of how we can actually debug. So let's click this click log in. Oh, look at that undefined variable find user 9 22 and what we want to do here is road count. You don't know that. Probably say the same on then council again. We're going to go through this whole debugging process together. Ah, call to remember function. Fetch Honore on 9 22 There is no need to do that because that already exists. So instead, what we can do is because when we put that that last variable or that less parameter is true, remember, return a sock. It's returning the A sock exactly the way we were doing it before. Now we're just gonna changes now. This is actually not useful. So let's go ahead. Delete that and change these. It says already have an account. Okay, well, why is that? Well, let's go back in there. Quick it again. Look, that password, Invalidpassword. Well, well, why is that? Well, because when we go back in here, look, it's not looking for the password. It should be. Go in there, change it. And this is basically how we debug through Ajax. Now, I had a few people ask this not that long ago. How do I debug through through Ajax? This is exactly how we do it. They got that one worked. Now we're logged in. Now what happens if we want to register with what we exchanged the old code for a function . Something really had to write one. So let's do a new registration test to at test dot com test test test. And that worked. And let's go check out our users and look at that test to Perfect. Now everything is working, and we moved everything to functions. Now, we could also add this to a function as well at the new user. Ah, and basically just returned the user. I d In fact, actually, we might do that in the next lesson. So for this last, I'm gonna wrap this up, we're gonna move every we have moved everything over to functions, and in the next lesson, we're gonna move everything by everything. I mean, we're gonna move over these functions to a class so that you can see sort of how object oriented programming actually works on. Now, these are only gonna be static functions, which is totally fine. But it sort of just shows you how we can move one function over to an actual object or an actual class 20. Creating Objects OOP Part 1: Hello. Welcome back to one of the last lessons in this one. We're going to take our functions. We're going to put them into classes. So we're going to increase our PHP game just a little bit. Going to be totally honest with you here. For the most part, if you start working with classes you have already outgrown WordPress. WordPress is still very function based. Classes are the future. It's just easier to work with. You have different design patterns. Life gets just a lot easier when you start working with class. It's so we have a fine user function and let's go ahead and put that in a class. So let's go ahead and do okay, this call it user dot PHP and because class, user and so we're gonna do two things. We're gonna create a static function, which is, uh, scared of this phone. Do grab that through this and here and call this public static function. And so instead of calling a function like find user, we call it like user find user. Or we could rename it to user find. And we can also get rid of the connection in here. But first things first. So let's rename this to find we have to go into Le Guin and change this to user find that's going to register. User find so static functions or methods always used the too cold inside by side. And that tells PHP. Oh, we're looking for a static function. It's essentially just a function that could be called using user or whatever the name of your class as a name space. That's really all it is. The next thing is we could get rid of Khan. We don't need to pass that in there anymore. We can. There's there's no problem with keeping it in there. But if we wanted to get rid of it so that we have one less parameter to worry about, weaken that Khan is equal to DB. Get connection. And what this is going to dio is Devi. Get connection Now if the connection is not set, is going to create a new DB instance which its only function is a construct. So as soon as it's and stance created, it's going to create this object and is going to store it as self connection. So next time you go and get it, it's already connected again. That's called a singleton design is very, very useful. Now, we don't need a pass con in there anymore, which also means in log in, we can get rid of connection. We don't need that in there, and you can also get rid of it in there. So let's just make sure that this is working. Which, actually, it won't because filter there. Now it will work. Test at test up comb test, test test. There we go. I'm in. So we know that that works. Now, if we know that that works, we can be pretty confident that register work. But if you're gonna make a fundamental change to your code base like this, maybe go ahead and test it out anyways, I'm not going to just because I know is going to work. Or at least I'm really hoping is gonna work. Otherwise, it's kind of embarrassing if it doesn't, um, but yeah, usually just go on, test your code after we have one more thing we can do in here. We do public function construct and let's do private con, which is a private function called Con. And every time we create a new user instance, which basically is this. It's going to set this connection as TV get connection, which means we can now use this aero con anytime we need it. So now we can pass in the user idea. We're gonna type hint it with an integer, which means that this class is only ever going to or this method is only ever going to be able to accept this as an inter. Registering I'm wasting my finger here Doesn't work, has to be an integer which now that's why we set on her dashboard. Our user I d is always an integer. What's destroying it? Could have been a string would've been perfectly fine. But we said it as an integer, and now we're getting into some good programming zehr good programming practices. So if we did user ideas equal to filter into user i D. And that's just one of the functions or one of the methods that came with the filter class that I injected in here basically just forces your your data to be an integer strips everything else out we could do find User Wow! Do we need to do that? No, not necessarily because we already have it. So what we could do is user is equal to self Find what? We don't know the email so we can't really do that. So I guess they are hands a little bit tied. So let's write a new query user is equal to this con. Remember, this con is set to the connection up here. Prepare caps. Lock is on Select user i d. Email Reg Time from users Where User ideas to user i d. Limit one user Bind Param User I d sequel to the user idea that we injected PDO Param integer because we know it's an injury and then executed. And then we could say if user row count is equal to one else. No user redirect to log out lago dot PHP and extra just in case that we go row accounts to do. Today we go and then we could say User is equal to user Fetch PDO fetch a sock. But actually let's dio BJ instead That object and we can set This email is equal to user e mail. This user i d is equal to user user i d. This French time is equal to user Reg time, so let's just clean this up. I like to have my PHP clean. A lot of developers don't care. Uh, I would prefer if you did care that's gonna help you in the future. Things like Python or go or no. Did skits just really gonna help you? And so we're gonna cast these as string integer and string, respectively. And all this is doing is user is an object. And now we have user, I d. We can see it matches down here. We've got the email matches down there. We've got Reg time matches down there, and it's setting all of these things for us. If you ever have that when you were that. And now instead of having to write private con user I d or anything like that, we can just set it from within the construct. We're not going to sort of a bad practice, but instead what we're going to use public user idea. We're not going to give it a value. He was right, D, uh, email as well as French time and these air. These are all empty values. There's nothing in there, But as soon as you call user, uh, users equal to new user. And then you put an interview in there, such as your session. It's going to automatically pull us information and you can use us. It doesn't make a lot of sense right now, but let me show you the magic behind this. We go to dashboard instead of getting this information. Weaken Dio user is equal to new user. Just inject the session I d right in there. And it doesn't have to be a session of the If you were an administrator, you could put any idea in there. You could look up a bunch of users and just put any idea in there and get their information . And so we know that the Lago it's going to work automatically for us. If there is no user, it's going to automatically log s out, which is perfectly fine. And we don't need that anymore. And instead because this is an object, we don't use the array brackets anymore. We use arrows 21. Creating Objects OOP Part 2: Look, I'm refreshing my page, and it's working perfectly fine. You didn't even notice that anything changed. So we have now moved a function over to a class. But at this point, you're probably asking Caleb why? Why would I do that? That was a lot of work for no extra gain when all my code was already there and working. That's totally fair. That is a great question. Actually. First reason is this is just a good programing practice. When you get into frameworks like Larry Bell, you're gonna start working with objects and classes. When you get into Python, you're gonna start working with objects, Class. Especially like Django, for example, I am going to start working with bigger Awesome. Our CMS is in the future. You're going to start working with a lot of object orientated programming. And, frankly, jobs pay more. If you know Opie object orientated programming so that we have it. We created our user class. Awesome. Awesome. Ah, we go in here and let's move thes. Actually, we could even strap it in. Here we go, class page, and I'm gonna go ahead and I'm going to duplicate that again. We're gonna call this one page you go and delete this throw in our new page code. Awesome! Awesome. Going here at it in there as well. And now instead of dashboard looking for forced log in which you know is fine well, here, let me say that there it's not fine anymore because that function does not exist. All we have to do is go and find it and put in Page four. Slog in right. I didn't declare those ecstatic and I should have, because technically there's nothing. There's no reason why those don't need to be Sadiq. They don't really relate with each other too much. There we go. So then register. We would do nothing. However, Index age static method register page itself, not the agents page. There we go. Oh, good. And that's all we did. We just moved it over into a class. Now, the second reason why using a class is better than just functions. Because where are we here to do dysfunctions file, which is now empty if you come from a sloppy PHP background and if you do, there's nothing wrong with that. But there are better ways. Is this functions are PHP file can get very, very, very long. We're talking thousands of lines long and now all of us, and you have functions calling functions. Colin functions Colin functions, and while they're all trying to relate to each other, there's no context. You can leave comments, but it's not necessarily going to work. Not to mention all functions are global. Ah, and sometimes you want them to work inside of, like, this little container and cooperate with each other, for example, whenever you create a new user. So let me just take that out again. Way have users equal to new user. And let's just put the user of one in there. We could then call user set email, new at email dot com, and what this is saying is within this class, call a function. Call this public function called set email that's type new email. Now we already have this set up. We already have the existing emails. We could say echo this email and that would be the current email address. We could say echo this user i d Theo existing user. I d. Now we're not passing anything in through through parameters were not having to cheat our way through PHP with global user I. D or Global colander. And you think like that. If we wanted a connection to our database, all we have to do is this con prepare and then our SQL statement in here. Done, done, done. It's all set for you in the construct. So now we have a way where send email can relate to the other data that's automatically set up for you. And that's just one magic function. There are other ones as well. So I guess the second reason for using object oriented programming like this is because you can create a nice little functions like this. Otherwise, if you were using functions that PHP, it would look a lot like function change email. Then you've got user I d. New email may be a connection. Maybe not. If you don't have a connection, it looks sloppy, cause then it's like global con and then con, and then your SQL query. And there you've got your email and there you've cut all this other stuff. It just looked gross, whereas I mean, if you're if you're not, if you're not familiar with O. P. This looks like a lot believe me, it's it's not that big of a deal, and that's really all you have to do. So I'm gonna comment this out and I'm gonna leave that for you so that you can go and do whatever you want to do with that. If you wanted to maybe pick this up and give people a profile page where they can go and actually change their email address, you can do that to some sleeve. That there with you, it's commented out. So it's not gonna, you know, hurt anybody. And so that would be the second reason for object orientated programming. The third reason is maintenance. Now, if we go back to this functions file, we could have function name. Well, I mean, we're not gonna have anything floating or opening syntax, function, name and like this can go on and on and on and on and on on on on. And sometimes you have functions that do basically the same thing, but for different parts of your application. So if it's like, ah, if it's like change name Well, what if that's changing the user name, so you'd call it change user name. But what if you wanted to change the name. Of course. Lesson Change. Course name. What if you want to change the name of your pet change pet name, right? What if you wanted to change the name of and it goes on and on and on. Whereas in a class, it's actually so much easier because you can name the same functions over and over again. You can have. All right, See this class pet public function, set name or change name. If you wanted to be consistent with our previous examples, you could have user. And of course, that's not I use felt that that was weird little type of there. And now you have a pet user and course that all have the exact same function. Name. The method name is is the same in all three of these. Doesn't matter. No, but if you have the same function, name no more than once. Actually, if you have two of the same functions, PHP is going to yell at you and say, Oh, well, we can't have to because we can't distinguish between them. So now you have a way to basically name space and it gives you contacts. Pet change name? What are you doing? You change the name of your pet user Changed eight. What are you doing? You're changing the name of the user course changing. What are you doing? You're changing the name of the course. And so by just adding two words together, you have given yourself more contacts. You have given your your co developers of your colleagues or your teammates mawr context into what you are actually doing. And so that is a great reason to get into a little p Not the point of this course, but I just thought I would share that with you because it's extremely important when you move on to be a bigger, awesome or developer. I was gonna commit all of these, by the way I did when I typed Get add dog. Forget at all. I did quickly look at which ones I wanted to add in here. Move functions to classes. Just something basically bad. Get push Origin, Master! And there we go. We have it. There is our code just like that. So now we have a fully functioning log in log out registration system 22. What To Build Next: all righty. This course is basically over, but I wanted to just give you a little bit of an idea of where to go next. People always say I don't know what project to work on. I don't know what to do with what I'm learning here. So this has been a course based on entire project of basically creating a log in and registration system. So now you have that base to work from. But there's so much more. You can do it. You can email verification for an email verification. Really? Let's just go into PHP. Might mean here signed back in. You just create another column in here and called confirmation code or whatever you want. Give it a random string. It doesn't have to be encrypted or anything. You just be like a random MD five or S H a one. And then you email that code to someone, and when they click a certain link, it goes back to your page, and it might be like verified at PHP. Code is equal to one, whatever the code is. Ah, you'll look that up in your database. Whatever the column name is, you know, confirmation code or whatever. Ah, and then if that is found, you go ahead and remove that. And if that value is no or empty, then that user has been verified. That's all it is. So you've got user confirmation. You can do that through email. You can do two factor authentication. If you wanted to get really cool, there's a cool little service called twilio. Uh, just click here. Hope it doesn't bring me to a gross landing page. I coded in PHP, and I would like to learn a boat SMS get started. What TWILIO will do for you is allow you to send text messages basically to anyone across the world for dirt Cheap. We're talking like I don't know, maybe 0.1 pennies per 10 or 100 texts. Oh, no, it's It's super, super cheap, I think. Last time I filled up for a 22 factor authentication one of my projects, I think I put in, like, 20 bucks last me, like, six months, and we're talking like, uh, hundreds and hundreds. Maybe even thousands of texts have gone out just for basic two factor authentication. It was pretty cool. So you can do that twilio is a great service. If you want to add in your own sort of two factor authentication, maybe that's another course I could create for you. If that's something you'd be interested in, you can add a. I forgot my password. It forgot password page. So instead of logging, it would be forgot password or recent password, and it'll go on, reset a password or give someone a secret code in which they can click and will bring back to our site. It would be like password reset password dot PHP code is equal to, or whatever the code is. Validate that code. And when that coat is, you know actually existing in our database, then you can go and let the user reset their own password. And it's already going through their validated email address because you've added email validation. Email verification. You can do that as well. Ah, you can extend the whole service by allowing people to change their emails, change their passwords once or longer. They can sign up with the first name last name. They can friend each other. You can create another table in here just called friends, and all it is is user one and user to That's all it is so like could be user one in this column used to in this column. And basically, if user one is you or user to is your friend and you guys are in the same row than your friends, that's really all the friends table is. Ah, and then you can join those tables together using the user I d. And you can get like names and all that stuff as well. Jean create friendless. You can create a news feed, create another table called news. Ah, and then you can create authors. Blawg posts all you have to do for the authors. Put the user I d in there Now that's that comes from the session, the session user i d. And that's going to be your author so that if you have a blawg called learning how to make your own PHP log in system from scratch or something like that. Ah, and the author is user I d one and they change their email address. Well, you don't have to go and change that blawg either. You can just change this one little section in here, and it will change everything else in the system for you? Well, actually, technically, it doesn't only really changes in here, but it seems like the rest of the system changes. Based on this one data point, it's pretty cool. So here are a couple ideas. News feed friend feed. Ah, change email change. Password Reset. Password. Ah, maybe you want to invite a friend. Right? So at an invite module where they put in email, address automatically goes and email someone, you can store that email as well so you can see who's been inviting who. And if you wanted to, you could wrap another function around that and, you know, every like, three or four days you could poke someone and just send them a little, you know? Hey, you know, your best friend has invited you to the service, but you haven't accepted yet. Maybe you should click this big green except button on a first name at last name. Add email confirmation at SMS confirmation. The twilio. You could do all sorts of things. So here are a few ideas to sort of bring this idea forward. If you get stuck. Remember Facebook group? Come and ask. Some questions were happy to help thes air questions. I like answering because these were getting a little more complex. This is really going from beginner to a little more intermediate to somewhere in the more senior area. Learning how a bigger application can really start being formed from something so small as a log in system. Other than that, I mean, really, Just go get your hands dirty. Break it. I mean, if you break it, just go back onto the guitar. Brembo, which is get up dot com slash Caleb m italian slash PHP log in system. You have all the code right there. You can also download all the code depending on which service you're watching this on. Ah, but if it's like Art Montes or you to me, you can download all the code as well. But really, in my opinion, just get this up and running, get this whole system that we've built to get it up and running. Pick one of these and going at it. It's gonna be hard because you don't know exactly where to go, and that's okay. That's part of the learning curve. And part of that learning curve is what's going to make you absolutely great. So go ahead. Pick one of these gets started. And please, When you're done, come share it with the group. Come share with the almost 2000 developers that I have my Facebook group arena. We're more than happy to support you. Ah, with your questions with any ideas that you might have If you get stuck, let us know we're here to help already. I am out. Thank you for joining me in this course. This has been a blast and I will see you hopefully in another course. Cheers.