🟢 Step 1: Database Setup

👉 Create Database

CREATE DATABASE composer_exam;

👉 Create Users Table

USE composer_exam;CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    name VARCHAR(100),
    email VARCHAR(100) UNIQUE,
    password VARCHAR(255),
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

---

🟢 Step 2: Install DB Package (Optional but Professional)

You can use raw PDO (recommended for learning), no extra package needed.

---

🟢 Step 3: Create DB Connection

📁 config/db.php

<?php$host = "localhost";
$dbname = "composer_exam";
$username = "root";
$password = "";try {
    $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    die("DB Connection Failed: " . $e->getMessage());
}

---

🟡 Step 4: Register System

📁 register.php

<?php
require 'vendor/autoload.php';
require 'config/db.php';if ($_SERVER['REQUEST_METHOD'] == 'POST') {    $name = $_POST['name'];
    $email = $_POST['email'];
    $password = password_hash($_POST['password'], PASSWORD_BCRYPT);    if (!$name || !$email || !$password) {
        die("All fields required!");
    }    $stmt = $pdo->prepare("INSERT INTO users (name, email, password) VALUES (?, ?, ?)");    try {
        $stmt->execute([$name, $email, $password]);
        echo "User registered successfully!";
    } catch (Exception $e) {
        echo "Email already exists!";
    }
}

---

📁 register.html

<form method="POST" action="register.php">
    Name: <input type="text" name="name" required><br><br>
    Email: <input type="email" name="email" required><br><br>
    Password: <input type="password" name="password" required><br><br>
    <button type="submit">Register</button>
</form>

---

🟡 Step 5: Login System

📁 login.php

<?php
session_start();require 'vendor/autoload.php';
require 'config/db.php';if ($_SERVER['REQUEST_METHOD'] == 'POST') {    $email = $_POST['email'];
    $password = $_POST['password'];    $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
    $stmt->execute([$email]);    $user = $stmt->fetch(PDO::FETCH_ASSOC);    if ($user && password_verify($password, $user['password'])) {        $_SESSION['user'] = $user['name'];
        header("Location: dashboard.php");    } else {
        echo "Invalid credentials!";
    }
}

---

📁 login.html

<form method="POST" action="login.php">
    Email: <input type="email" name="email" required><br><br>
    Password: <input type="password" name="password" required><br><br>
    <button type="submit">Login</button>
</form>

---

🔴 Step 6: Dashboard (Protected Page)

📁 dashboard.php

<?php
session_start();if (!isset($_SESSION['user'])) {
    header("Location: login.html");
    exit;
}echo "Welcome, " . $_SESSION['user'];
echo "<br><a href='logout.php'>Logout</a>";

---

🔴 Step 7: Logout

📁 logout.php

<?php
session_start();
session_destroy();header("Location: login.html");

---

🟠 Step 8: Logging Login Activity (Using Monolog)

👉 Add this inside login.php after successful login:

use Monolog\Logger;
use Monolog\Handler\StreamHandler;$log = new Logger('auth');
$log->pushHandler(new StreamHandler('logs/app.log', Logger::INFO));$log->info("User logged in: " . $email);

---

🟠 Step 9: Folder Structure (Final)

composer-exam/
│
├── config/
│   └── db.php
├── src/
├── logs/
├── vendor/
│
├── register.php
├── register.html
├── login.php
├── login.html
├── dashboard.php
├── logout.php

---

🔐 Security Best Practices (Important)

• ✅ Use password_hash() (already done)
• ✅ Use password_verify()
• ✅ Use prepared statements (PDO ✔)
• ✅ Never store plain passwords
• ✅ Add input validation (can improve)

---

🚀 Bonus Upgrades (Industry Level)

If you want to go pro level, add:

• 🔹 CSRF protection
• 🔹 Email verification
• 🔹 Forgot password system
• 🔹 .env (hide DB credentials)
• 🔹 MVC structure