Seri 11 PWEB Login, Logout dan Auth

infotek iunpra

22 Nov 202129:36

Summary

TLDRIn this video, the presenter guides viewers through the process of creating a login system with authentication and logout functionality using PHP. They start by explaining the creation of a user table in a database, followed by setting up a controller and model for handling login requests. The tutorial covers form creation, validation, password checking, and redirecting users based on authentication status. It also demonstrates the process of filtering access for users who are not logged in and showcases how to display error messages. By the end, viewers will be able to create a fully functional login and authentication system for their application.

Takeaways

😀 The video explains the process of implementing a login, logout, and authentication system in a web application using PHP.
😀 A database table 'tbl_user' is created with columns for ID, name, username, password, and user level. The ID is auto-incremented and serves as the primary key.
😀 The controller for handling login and logout is named 'OutController', and a model 'OutModel' is used for database interaction.
😀 The login form is created using PHP with validations for required fields, ensuring that the entered username and password match the database records.
😀 The video demonstrates the use of PHP's 'POST' method to send login data and authenticate the user based on the provided credentials.
😀 If the login is successful, the user is redirected to a welcome page, and if the login fails, an error message is displayed.
😀 The controller also includes a 'logout' method to handle user logout, redirecting to the login page after successful logout.
😀 The 'home' page and other pages are protected with an authentication filter, ensuring that only logged-in users can access certain content.
😀 The video highlights the creation of an error message system, where invalid login attempts trigger an error message.
😀 The script demonstrates the importance of input validation to prevent unauthorized access and ensure the integrity of the authentication system.

Q & A

What is the purpose of the 'tbl_user' table in the script?
-The 'tbl_user' table is used to store user information, including 'id', 'name', 'username', 'password', and 'level'. It helps to manage user authentication and differentiate between user roles, such as admins.
Why is the 'level' column important in the 'tbl_user' table?
-The 'level' column determines the user role (e.g., admin, regular user) and helps control access to different parts of the application. For example, admin users may have higher privileges.
What role does the 'UserModel' class play in the application?
-The 'UserModel' class is responsible for interacting with the database to validate the user's credentials. It checks if the provided username and password match the records in the 'tbl_user' table.
How does the controller handle the login functionality?
-The controller has a method that receives the login form data, validates it, and checks the credentials against the database. If valid, the user is logged in, and if invalid, an error message is shown.
What happens when a user successfully logs in?
-Upon successful login, the user is redirected to the main dashboard or home page, and their session is established, allowing access to protected pages.
What error message is displayed when login credentials are incorrect?
-If the login credentials are incorrect, the application displays an error message like 'Login failed, please try again with correct username and password'.
How is session management handled after login?
-After a successful login, a session is created to store the user's login status. This session allows users to remain logged in and access protected pages until they log out.
What is the purpose of the logout functionality?
-The logout functionality is designed to end the user's session, clearing any session data and redirecting the user back to the login page to prevent unauthorized access.
How is authentication filtering implemented in the application?
-Authentication filtering is implemented through a filter class that checks if a user is logged in before allowing access to protected pages. If the user isn't logged in, they are redirected to the login page.
What happens when a user tries to access a protected page without logging in?
-If a user tries to access a protected page without being logged in, the filter will display a message indicating that the user needs to log in and will redirect them to the login page.