Build the basic framework and the login credentials for the site.
1. Users should be able to register new accounts using email addresses.
2. Users are identified by email address.
3. Password must be encrypted before storing in the database.
4. Users cannot register duplicate accounts using the same email address.
[login to view URL] admin user should be created from the backend.
6. Users cannot log in to the system until their requests are approved by the admin.
7. An admin user has a different view from a regular user: it can approve users (for now).
8. Users should be able to log into your website using the accounts they registered.
9. Users should be able to reset their passwords if they forget it.
10. Users should be able to change their passwords after they login.
11. A 2-factor-authentication should be used when a user attempt to login. This can be done by email, phone text. You can implement one of them.
12. The website should have a homepage for each user, where they can view their profiles, change passwords, and update information.
13. The website should provide a search box at the landing page (after logging in). The searching function may not be working at this stage, and there should be a search button next to the search box.
Question : What do you mean by "An admin user should be created from the backend"?
Answer : You can allow a user to register for an account from the frontend, but you need a person to
validate and approve the user because only authorized people can use the system. So logically, at least one admin user must be created before the first regular user registers. The backend means the database console (either the command line or the phpmyadmin). This admin should be specially marked because when this admin login from the frontend, he should see an additional view in which he can see regular user registrations and approve/reject them.