[MUSIC]

Hi, I'm Alena.

When you start building sites that rely on user participation,

you need a way to keep your data safe and secure.

Whether that participation includes purchasing products or

providing products to sell, leaving comments or

providing stories, you need to manage who has access to what.

This management is handled through authentication and authorization.

We're going to be building authentication and authorization for

a book voting website that you can share among your book club

to decide what people want to read next.

We'll be using authentication to allow only registered users to vote on a book.

We'll be using authorization to allow all users to add and

edit their own books, and allow administrators to modify any book.

Let's dig into the application and see how it works.

The core of our application falls around our books.

These books are able to be added and voted on, but only by authenticated users.

Anyone can view them.

We'll be building a full registration for creating a new user.

We'll also build the log in system for logging into the site.

Once you're logged into the site, you'll see a link to add a book.

This is where you can add your own books.

On the Book List page, we now have the ability to edit and

delete our own books, but not books added by other people,

unless you’re an administrator, in which case you can edit and delete all books.

Authenticated users will also have the ability to up vote and

down vote all books.

Once you're logged in, the navigation changes to show my account and log out.

My account will let you update your own password.

When you log in as an administrator,

you'll be able to access the administration panel.

Here you can see all the users that are registered.

As an administrator, you'll be able to promote other users to an administrative

role or demote them to a regular user.

The project you start with has everything you need except the authentication and

authorization portions.

The application is written in a procedural fashion to give you a better sense of how

each piece works.

I'll be adding additional information for

implementing these methods using an object oriented framework approach.

Each page has its own base level file.

The files for handling form submissions are found in the procedures folder.

Common HTML is found in the templates folder.

This includes header, footer and navigation.

We're using a simple bootstrap theme to keep our layout simple and clean.

We use a minimal amount of external code.

We are using the HTTP Foundations Package because it makes it simple

to write Flash messages to work with our session variables.

We'll set these up in the ink settings folder.

Besides sessions, we also use this package for incoming requests and redirects.

Also note that our settings file contains the database connection as well.

Our application is put together in our Bootstrap file.

This is the one file that will need to be included to make sure that we have

everything we need for our application to run,

our auto load file, our settings, and our functions.

I've grouped the functions into different files based on their jobs.

Each of these files interact with a different table in the database.

We'll also be adding a separate file for

authentication and authorization functions.