Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
We are going to be building the Authentication and Authorization for a book voting website that you can share among your book club to decide what people want to read next. We'll be using authentication to allow only registered users to vote on books. We'll be using authentication to allow all users to add and edit their own books, and allow administrators to modify ANY books. Let's dig into the application and see how it works
In this course, we'll be using the symfony/http-foundation package.
Additional Courses
If you are unclear about any topics covered in this course, make sure you check out related PHP courses:
[MUSIC]
0:00
Hi, I'm Alena.
0:09
When you start building sites
that rely on user participation,
0:10
you need a way to keep your data safe and
secure.
0:14
Whether that participation
includes purchasing products or
0:18
providing products to sell,
leaving comments or
0:21
providing stories,
you need to manage who has access to what.
0:24
This management is handled through
authentication and authorization.
0:29
We're going to be building
authentication and authorization for
0:34
a book voting website that you
can share among your book club
0:38
to decide what people want to read next.
0:42
We'll be using authentication to allow
only registered users to vote on a book.
0:44
We'll be using authorization
to allow all users to add and
0:50
edit their own books, and
allow administrators to modify any book.
0:54
Let's dig into the application and
see how it works.
1:00
The core of our application
falls around our books.
1:04
These books are able to be added and
voted on, but only by authenticated users.
1:08
Anyone can view them.
1:13
We'll be building a full registration for
creating a new user.
1:15
We'll also build the log in system for
logging into the site.
1:23
Once you're logged into the site,
you'll see a link to add a book.
1:28
This is where you can add your own books.
1:37
On the Book List page,
we now have the ability to edit and
1:40
delete our own books, but
not books added by other people,
1:44
unless you’re an administrator, in which
case you can edit and delete all books.
1:49
Authenticated users will also
have the ability to up vote and
1:55
down vote all books.
1:59
Once you're logged in, the navigation
changes to show my account and log out.
2:02
My account will let you
update your own password.
2:08
When you log in as an administrator,
2:12
you'll be able to access
the administration panel.
2:16
Here you can see all the users
that are registered.
2:20
As an administrator, you'll be able to
promote other users to an administrative
2:23
role or demote them to a regular user.
2:28
The project you start with has everything
you need except the authentication and
2:32
authorization portions.
2:37
The application is written in a procedural
fashion to give you a better sense of how
2:39
each piece works.
2:43
I'll be adding additional information for
2:45
implementing these methods using
an object oriented framework approach.
2:47
Each page has its own base level file.
2:52
The files for handling form submissions
are found in the procedures folder.
2:56
Common HTML is found in
the templates folder.
3:01
This includes header,
footer and navigation.
3:06
We're using a simple bootstrap theme
to keep our layout simple and clean.
3:09
We use a minimal amount of external code.
3:15
We are using the HTTP Foundations Package
because it makes it simple
3:19
to write Flash messages to work
with our session variables.
3:23
We'll set these up in
the ink settings folder.
3:30
Besides sessions, we also use this package
for incoming requests and redirects.
3:35
Also note that our settings file contains
the database connection as well.
3:41
Our application is put together
in our Bootstrap file.
3:46
This is the one file that will need to
be included to make sure that we have
3:51
everything we need for
our application to run,
3:55
our auto load file,
our settings, and our functions.
3:58
I've grouped the functions into
different files based on their jobs.
4:03
Each of these files interact with
a different table in the database.
4:08
We'll also be adding a separate file for
4:12
authentication and
authorization functions.
4:14
You need to sign up for Treehouse in order to download course files.
Sign up