I remember the time when I had just learned basic PHP and I was trying to create a basic website. I had everything else figured out except for one thing. I wanted to implement login functionality in my website and i had no idea how to do it. There were some tutorials that explained creating a login system but they were too complex. I just wanted to understand the logic. So today in this article, let us see how login systems work and how you can add login functionality to your website.
The Base Setup
I am assuming you already have a database setup with a users’ table or collection in case of Mongodb. Now you will have fields like the email and password in your table. And let’s say you already have a user called Rishabh. Rishabh has already signed up on the website and has a record in the database with his email and password. Now we need to log him in so that he can perform some actions on the website like write a post or comment somewhere.
The Login Form
The first thing that you will need is a login form. It could be a very flashy one or something very simple. I have a simple login form below.
The form has 2 fields. A username or email and a password field. Now, when Rishabh visits the website he will be shown this login form and he needs to enter his user information. So let’s say he did enter the information like the image below.
Now, this information needs to be sent to the server. This can be done via Ajax or form action methods. I will leave that to your choice as we are just discussing the logic here.
The Server Logic
The server has now received the email and password for the user. Now it needs to validate that information. The server will first check if a user with such an email exists in the record. If a user does not exist, the server will tell the client that there is no such user. If a user exists, the server will fetch the password associated with that user. The server will then check if the password in the database registry for that user matches the password sent from the login form. If the password doesn’t match, the server will give an incorrect password error, else it will log the user in.
Logging a user in
Now that the server knows that the username and password entered by the user match the records in the database, we can actually log the user in. This means creating a session for the user on the server. I would suggest you read this article to get a crystal clear understanding of how sessions work. But I will still sum it up in short here.
After the server has verified the surname and password, it will store the users details in a file or some non-volatile form and give it a unique key. This unique key will now be sent in form of cookie to the user. Every time the user makes some request on the site, the server will fetch the user’s details based on the cookie data. This is how every time a request is made by a logged in user, the server knows who the user by the cookie.
I have tried my best to explain a login system in the easiest of terms. I hope you now have some idea as to how a login system generally works. If you are still confused about any particular part of the entire process, do let me know in the comments section.