Skip to main content

Overview

Pro Stock Tool uses a secure email and password-based authentication system. The login flow is handled through a combination of frontend validation and backend verification with secure password hashing.

Login Process

The authentication system is implemented in the login page (Inicio-Sesion.html) with the following workflow:
1

User submits credentials

Users enter their email and password on the login form.
2

Frontend validation

The browser validates that both fields are filled and the email format is correct.
3

Server verification

The backend verifies credentials against the database using secure password hashing.
4

Session creation

Upon successful authentication, a user session is established.

Login Form Fields

The login form (Inicio-Sesion.html:42-54) contains the following fields:
FieldTypeNameRequiredValidation
EmailemailemailYesHTML5 email validation
PasswordpasswordContraseñaYesRequired field

Email Field

<input 
  type="email" 
  placeholder="[email protected]" 
  name="email" 
  required 
  id="email"
>
The email field uses HTML5 native validation to ensure proper email format.

Password Field

<input 
  type="password" 
  name="Contraseña" 
  required 
  id="Contraseña" 
  placeholder="*****************"
>
The password field uses type=“password” to mask the input for security.

Authentication Security

Pro Stock Tool implements several security measures:

Password Hashing

Passwords are hashed using BCrypt algorithm (PASSWORD_BCRYPT) as seen in the registration process (registro.php:48): 
$hash = password_hash($contrasena, PASSWORD_BCRYPT);
Passwords are never stored in plain text. The system uses BCrypt hashing with automatic salt generation for maximum security.

Database Connection Security

The system connects to the MySQL database using:
  • Host: localhost
  • Database: prostocktool
  • Connection: MySQLi with error handling (conexion.php:8-13)
$conn = new mysqli($host, $user, $pass, $db);
if ($conn->connect_errno) {
    http_response_code(500);
    echo json_encode(["error" => "Error de conexión a la base de datos"]);
    exit;
}

Form Submission

The login form submits credentials via POST method: 
<form action="" method="post">
  <!-- Form fields -->
  <input type="submit" id="Iniciar-Sesion" value="Iniciar Sesion">
</form>
Users without an account can navigate to the registration page: 
<p id="Link-Registro">
  ¿No tiene una cuenta? 
  <span><a href="login.html">Registrate ahora</a></span>
</p>
The link directs to login.html which contains the registration form.

Best Practices

Secure Credentials

Always use strong passwords with at least 6 characters (as enforced by the registration system).

Email Validation

Email addresses must be valid and unique in the system.

Session Management

Users should log out when finished to maintain security.

Connection Security

The system validates database connections before processing requests.

Error Handling

The authentication system includes comprehensive error handling:
  • Connection errors: Returns HTTP 500 with error message
  • Invalid credentials: Prevents unauthorized access
  • Database failures: Graceful error responses

Next Steps

User Registration

Learn how to create new user accounts

User Accounts

Manage and understand user account structure

Build docs developers (and LLMs) love

Get started for freeTalk to us