Skip to content
E-Commerce Course

Login System Overview

What is a Login System?

Section titled โ€œWhat is a Login System?โ€

A login system is a security mechanism that verifies user identity (authentication), controls access to resources (authorization), maintains user sessions across requests, and protects sensitive information.

Think of it like a building with a security desk: registration is like getting an ID card, logging in is showing your ID to enter, the session is wearing a visitor badge while inside, and logging out is returning your badge and leaving.

Core Components

Section titled โ€œCore Componentsโ€

A complete login system has three main components:

  1. User Registration: creating new user accounts, collecting user information, and storing passwords securely.
  2. User Login: verifying user credentials, creating authenticated sessions, and managing user state.
  3. User Logout: destroying sessions, clearing user state, and performing security cleanup.

Each of these is covered in detail on its own page.

Authentication vs Authorization

Section titled โ€œAuthentication vs Authorizationโ€

These two concepts are often confused but serve different purposes.

Authentication answers the question โ€œWho are you?โ€ It involves verifying user identity by checking credentials (email + password) and creating sessions after a successful login.

Authorization answers the question โ€œWhat can you do?โ€ It involves checking user permissions, enforcing role-based access control (e.g., Admin vs Customer), and protecting specific resources.

For example, a user logs in with their email and password (authentication). Once logged in, an admin user can access /admin/dashboard, but a regular customer cannot (authorization).

Why Sessions Matter

Section titled โ€œWhy Sessions Matterโ€

HTTP is a stateless protocol. Without sessions, the server would forget who the user is after every single request:

Without sessions:
  Request 1: User logs in       (OK)
  Request 2: User visits /dashboard  (Who are you? Login again!)
  Request 3: User visits /profile    (Who are you? Login again!)


With sessions:
  Request 1: User logs in       (Session created)
  Request 2: User visits /dashboard  (Session remembers user)
  Request 3: User visits /profile    (Session remembers user)

Sessions solve this by storing user data on the server and identifying the user through a session ID cookie sent with each request.

File Structure

Section titled โ€œFile Structureโ€

Here is the MVC organization you will build across the authentication labs:

app/
โ”œโ”€โ”€ Controllers/
โ”‚   โ””โ”€โ”€ AuthController.php (register, login, logout, dashboard)
โ”‚
โ”œโ”€โ”€ Domain/Models/
โ”‚   โ””โ”€โ”€ UserModel.php (create, find, authenticate)
โ”‚
โ”œโ”€โ”€ Middleware/
โ”‚   โ”œโ”€โ”€ SessionMiddleware.php (global session management)
โ”‚   โ”œโ”€โ”€ AuthMiddleware.php (login check)
โ”‚   โ””โ”€โ”€ AdminAuthMiddleware.php (role check)
โ”‚
โ”œโ”€โ”€ Views/
โ”‚   โ”œโ”€โ”€ auth/ (register.php, login.php)
โ”‚   โ””โ”€โ”€ user/ (dashboard.php)
โ”‚
โ””โ”€โ”€ Routes/
    โ””โ”€โ”€ web-routes.php (route definitions)