-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAuth Project.txt
63 lines (50 loc) · 3.83 KB
/
Auth Project.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
AuthProject
Project Instructions: Implementing Signup and Login Functionality with PHP
Overview:
In this project, you are tasked with implementing the backend functionality for a signup and login system using PHP. The frontend components (signup and login pages) have already been provided to you in HTML and CSS. Your role is to write the PHP code that will handle user registration and authentication.
Instructions:
Setting up the Environment:
Start by cloning this repo
Download and install XAMPP, which provides an Apache server, MySQL database, and PHP.
Start the Apache and MySQL services using the XAMPP control panel.
Database Setup:
Create a MySQL database for storing user information. You can use phpMyAdmin, which comes with XAMPP, to manage your database.
Design a table to store user data, including fields such as username, email, password (encrypted), etc.
Signup Page Modification:
Open signup.html in your text editor.
Modify the form action attribute to point to a PHP file that will handle form submission (e.g., action="signup_handler.php").
Ensure that the form fields are named appropriately for easy processing in PHP.
Signup Handler PHP Script:
Create a PHP file (signup_handler.php) to handle user registration.
Retrieve user data from the form using PHP's $_POST superglobal.
Validate user input to ensure it meets necessary criteria (e.g., valid email format, strong password).
Hash the password using PHP's password_hash() function before storing it in the database.
Insert the user's data into the database upon successful validation.
Login Page Modification:
Open login.html in your text editor.
Modify the form action attribute to point to a PHP file that will handle form submission (e.g., action="login_handler.php").
Ensure that the form fields are named appropriately for easy processing in PHP.
Login Handler PHP Script:
Create a PHP file (login_handler.php) to handle user authentication.
Retrieve user credentials from the form using PHP's $_POST superglobal.
Retrieve the user's data from the database based on the provided username/email.
Verify the provided password against the hashed password stored in the database using password_verify().
If the credentials are valid, set up a session to keep the user logged in.
Session Management:
Implement session management to keep track of logged-in users across multiple pages.
Use PHP's $_SESSION superglobal to store user authentication status and relevant data.
Testing:
Test the signup and login functionality thoroughly to ensure proper operation.
Test edge cases, such as incorrect login credentials, validation errors, etc.
Debug any issues that arise during testing and refine your code accordingly.
Security Considerations:
Implement proper security measures to protect against common vulnerabilities (e.g., SQL injection, cross-site scripting).
Sanitize user input to prevent malicious input from compromising the application.
Store sensitive data (e.g., passwords) securely by hashing and salting them before storage.
Documentation:
Document your PHP code thoroughly, including comments explaining the purpose of each function and block of code.
Provide clear instructions on how to use the signup and login functionality within the existing HTML/CSS frontend.
Conclusion:
Refer to the PHP coding standards provided by PentaTech IT Solutions for guidance on writing secure and maintainable PHP code.
By following these instructions, you will be able to integrate the provided HTML/CSS signup and login pages with PHP backend functionality, allowing users to register and login securely. Remember to adhere to best practices for web development and prioritize the security and usability of the application.
Good luck with your implementation! If you encounter any difficulties or have questions, don't hesitate to seek assistance from me or peers.