User email verification in PHP + Login & Signup | source code included | Quick programming tutorial

I got your problem in the middle of the video. I guess you already found out, but if not:
password_hash is different and much better than other hashing functions, because its *salted*.
but therefore, to login you have to use password_verify($password, $hashed_password).

$arr['email'] = $data['email'];
$query = "select * from users where email = :email limit 1";
$row = database_run($query, $arr);

if(is_array($row)){
$hash = $row[0]->password;
if(password_verify($data['password'], $hash)) {
$_SESSION['USER'] = $row;
$_SESSION['LOGGED_IN'] =

Thank you so much for everything!! I love your videos and I am learning a lot from them!

CrustyCrazer

This looks like it is object oriented using PDO whereas I have been learning functional with mysql. What I have taken from this is PDO can still use mysql statements as I was under the impression PDO was an entirely different storage facility. You should have stated this in your title as people like me may not want to waste 2 hours getting confused, but there was still a learning experience just the same. Thank you for another eye opener. I guess now I have to learn the difference between object oriented vs functional. I have to stick with functional as this is the path I chosen. I will be able to incorporate this into my already existing system with a few tweaks. Thumbs Up!

pcprodoc

watched the vid and at the end I questioned myself: is it really free? thats such an amazing content!

jokes apart, you're really going to save my course project! thank you so much! keep up the good content

rickxzz

You got another subscriber :). I'm not into commenting in tutorials but this video makes myself to. The code is clean and the tutorial is clear. I want to say Thank you for everything. I can see your patience, hard work and talent in your video. I appreciate you bro, a lot.

ajgeriane

Best tutorials on Youtube, thank you so much!!! One follower for life of this channel!!

obesguan

Well done. Amazing everything I needed was here. So talented. Also after 2 hours of tiring programming you added source code for free. 😊😊

jaybaidoo

God bless you brother, I Just completed my login page, after trying lots of others, this stands out

stealth

You could really use the video chapters feature for long duration videos that Youtube provides. Your videos are very helpful but I'm wondering why you've got only 2226 views till date (2nd Jan 2022).
In my opinion, if I want a quick solution to verifying an email problem or a quick solution to creating a signup form and php code for that or login code, I'd really love to jump to a specific timestamp in a video rather than sitting and watching it for the next 2 hours.

By the way, I'm at 1:26:00 right now still 40 minutes to go and I'm really, really, really enjoying it. Thought you could use an another suggestion.

shubh-kr

thanks brother, you are such a nice person

MOVIES_HUB

Thanks so much for this wonderful tutorial

everyonetechbuddy

That was one of the most helpful videos i've seen so far. At 1:12:30 Wasn't there the option to use password_verify() or wasn't that an option 2 years ago?

justjocore

Thank you. This gave me a very good start. I'm afraid the security would be fairly easy to break on this since a fake email address can be used and 100, 000 posts of numbers to the verify form. I don't see any code discussed that would limit the number of attempts. Although it may seem non-trivial to send 100, 000 posts to the verify form, I'm fairly sure that today it would be trivial indeed. If I am mistaken, please help me understand what I am missing in the code. What I did was set a session variable that to a counter. it gets set to 1 on registration and checked for value between 1 and less than 10 in the verify function, the verify function then increments this session variable. I just set my session expiry on the server to be one day so once they hit the limit they need to wait one day. I'm curious about what other solutions for this there are.

garybowdridge

you've really saved my course project

zawawii

To get the password hash to work instead you just need to do the following in login instead :
if(is_array($row)){
$row = $row[0];

if(password_verify($data['password'], $row->password)){

$_SESSION['USER'] = $row;
$_SESSION['LOGGED_IN'] = true;
}else{
$errors[] = "wrong email or password";
}

}else{
$errors[] = "wrong email or password";
}

}

It turns out you just need to use password verify instead as this extracts the salt from the stored hash, it combines it with the password provided by the user, hashes this combination, and then compares it with the stored hash. If they match, the password is correct.

MrTyronM

Thank you so much...you deserve much more support ❤️

life_with_masa

Thank you so much sir this is what i have been looking for 💞💞💞💞💞

kulmiyetechnologyWorld

I've been looking for something like this

CHSKnight

Keep it going you're really amazing i really appreciate your effort 💪🏽💪🏽💪🏽💪🏽

danieligbinidu

Hi sir! Please make a tutorial for signup using a Google account 🙏

F_F

Thank you for this, you are a life saver

M.Hussein