🟢 Step 1: Database Setup
👉 Create Database
CREATE DATABASE composer_exam;👉 Create Users Table
USE composer_exam;CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100),
email VARCHAR(100) UNIQUE,
password VARCHAR(255),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);🟢 Step 2: Install DB Package (Optional but Professional)
You can use raw PDO (recommended for learning), no extra package needed.
🟢 Step 3: Create DB Connection
📁 config/db.php
<?php$host = "localhost";
$dbname = "composer_exam";
$username = "root";
$password = "";try {
$pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("DB Connection Failed: " . $e->getMessage());
}🟡 Step 4: Register System
📁 register.php
<?php
require 'vendor/autoload.php';
require 'config/db.php';if ($_SERVER['REQUEST_METHOD'] == 'POST') { $name = $_POST['name'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT); if (!$name || !$email || !$password) {
die("All fields required!");
} $stmt = $pdo->prepare("INSERT INTO users (name, email, password) VALUES (?, ?, ?)"); try {
$stmt->execute([$name, $email, $password]);
echo "User registered successfully!";
} catch (Exception $e) {
echo "Email already exists!";
}
}📁 register.html
<form method="POST" action="register.php">
Name: <input type="text" name="name" required><br><br>
Email: <input type="email" name="email" required><br><br>
Password: <input type="password" name="password" required><br><br>
<button type="submit">Register</button>
</form>🟡 Step 5: Login System
📁 login.php
<?php
session_start();require 'vendor/autoload.php';
require 'config/db.php';if ($_SERVER['REQUEST_METHOD'] == 'POST') { $email = $_POST['email'];
$password = $_POST['password']; $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$email]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { $_SESSION['user'] = $user['name'];
header("Location: dashboard.php"); } else {
echo "Invalid credentials!";
}
}📁 login.html
<form method="POST" action="login.php">
Email: <input type="email" name="email" required><br><br>
Password: <input type="password" name="password" required><br><br>
<button type="submit">Login</button>
</form>🔴 Step 6: Dashboard (Protected Page)
📁 dashboard.php
<?php
session_start();if (!isset($_SESSION['user'])) {
header("Location: login.html");
exit;
}echo "Welcome, " . $_SESSION['user'];
echo "<br><a href='logout.php'>Logout</a>";🔴 Step 7: Logout
📁 logout.php
<?php
session_start();
session_destroy();header("Location: login.html");🟠 Step 8: Logging Login Activity (Using Monolog)
👉 Add this inside login.php after successful login:
use Monolog\Logger;
use Monolog\Handler\StreamHandler;$log = new Logger('auth');
$log->pushHandler(new StreamHandler('logs/app.log', Logger::INFO));$log->info("User logged in: " . $email);🟠 Step 9: Folder Structure (Final)
composer-exam/
│
├── config/
│ └── db.php
├── src/
├── logs/
├── vendor/
│
├── register.php
├── register.html
├── login.php
├── login.html
├── dashboard.php
├── logout.php
🔐 Security Best Practices (Important)
- ✅ Use
password_hash()(already done) - ✅ Use
password_verify() - ✅ Use prepared statements (PDO ✔)
- ✅ Never store plain passwords
- ✅ Add input validation (can improve)
🚀 Bonus Upgrades (Industry Level)
If you want to go pro level, add:
- 🔹 CSRF protection
- 🔹 Email verification
- 🔹 Forgot password system
- 🔹
.env(hide DB credentials) - 🔹 MVC structure
