[MUSIC] 0:00 Hi, I'm Alena. 0:09 When you start building sites that rely on user participation, 0:10 you need a way to keep your data safe and secure. 0:14 Whether that participation includes purchasing products or 0:18 providing products to sell, leaving comments or 0:21 providing stories, you need to manage who has access to what. 0:24 This management is handled through authentication and authorization. 0:29 We're going to be building authentication and authorization for 0:34 a book voting website that you can share among your book club 0:38 to decide what people want to read next. 0:42 We'll be using authentication to allow only registered users to vote on a book. 0:44 We'll be using authorization to allow all users to add and 0:50 edit their own books, and allow administrators to modify any book. 0:54 Let's dig into the application and see how it works. 1:00 The core of our application falls around our books. 1:04 These books are able to be added and voted on, but only by authenticated users. 1:08 Anyone can view them. 1:13 We'll be building a full registration for creating a new user. 1:15 We'll also build the log in system for logging into the site. 1:23 Once you're logged into the site, you'll see a link to add a book. 1:28 This is where you can add your own books. 1:37 On the Book List page, we now have the ability to edit and 1:40 delete our own books, but not books added by other people, 1:44 unless you’re an administrator, in which case you can edit and delete all books. 1:49 Authenticated users will also have the ability to up vote and 1:55 down vote all books. 1:59 Once you're logged in, the navigation changes to show my account and log out. 2:02 My account will let you update your own password. 2:08 When you log in as an administrator, 2:12 you'll be able to access the administration panel. 2:16 Here you can see all the users that are registered. 2:20 As an administrator, you'll be able to promote other users to an administrative 2:23 role or demote them to a regular user. 2:28 The project you start with has everything you need except the authentication and 2:32 authorization portions. 2:37 The application is written in a procedural fashion to give you a better sense of how 2:39 each piece works. 2:43 I'll be adding additional information for 2:45 implementing these methods using an object oriented framework approach. 2:47 Each page has its own base level file. 2:52 The files for handling form submissions are found in the procedures folder. 2:56 Common HTML is found in the templates folder. 3:01 This includes header, footer and navigation. 3:06 We're using a simple bootstrap theme to keep our layout simple and clean. 3:09 We use a minimal amount of external code. 3:15 We are using the HTTP Foundations Package because it makes it simple 3:19 to write Flash messages to work with our session variables. 3:23 We'll set these up in the ink settings folder. 3:30 Besides sessions, we also use this package for incoming requests and redirects. 3:35 Also note that our settings file contains the database connection as well. 3:41 Our application is put together in our Bootstrap file. 3:46 This is the one file that will need to be included to make sure that we have 3:51 everything we need for our application to run, 3:55 our auto load file, our settings, and our functions. 3:58 I've grouped the functions into different files based on their jobs. 4:03 Each of these files interact with a different table in the database. 4:08 We'll also be adding a separate file for 4:12 authentication and authorization functions. 4:14