Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.

Preview

Start a free Basic trial
to watch this video

Sign up for Treehouse

Require Authentication

5:22 with Alena Holligan and Brian Retterer

We will create a couple helper function that we can use to make sure that the user is authenticated. To do this, we will need to read the access token.

Other samples for score

Ternary Operator: 

echo $book['score']; ?: echo '0';

PHP 7: null coalesce operator

echo $book['score'] :: echo '0';

Requiring Authentication on Pages

Add requireAuth(); to the following files

  • add.php
  • edit.php
  • procedures/addBook.php
  • procedures/deleteBook.php
  • procedures/editBook.php
  • procedures/vote.php

Also in inc/nav.php 

<?php if (!isAuthenticated()) : ?>
<li><a href="/add.php">Add Book</a></li>
<?php endif; ?>
  • 0:00

    Now we should create a helper function that we can use on pages that require

  • 0:04

    authentication.

  • 0:06

    This function will check for an access token cookie that is not expired.

  • 0:10

    We will also need to get the user from the access token.

  • 0:14

    Before we get the user, we first want to check if the user is authenticated.

  • 0:19

    Let's start building our helper files.

  • 0:20

    In the functions.php file,

  • 0:23

    let's check if the user is authenticated in its own function.

  • 0:37

    We'll start by checking if (!request(),

  • 0:44

    ->cookies->has('access_token')),

  • 0:55

    return false; If

  • 1:01

    we do have an access token we should try to validate the jot by decoding it.

  • 1:07

    We'll place this inside a try catch block.

  • 1:22

    We start by setting the leeway.

  • 1:33

    This will account for when there is a clock skew of time between the signing and

  • 1:38

    verifying servers.

  • 1:39

    Then we can run the access token cookie through the decode method.

  • 1:48

    There are three properties used again.

  • 1:51

    The jot, the secret and then the array of approved signing algorithms.

  • 2:04

    Get access token.

  • 2:13

    Getenv('SECRET_KEY').

  • 2:22

    Since we signed the token with HS 256.

  • 2:25

    That's the only approved signing algorithm we want in our list

  • 2:38

    If the user is authenticated we return true.

  • 2:44

    If there were any exceptions thrown from the decoding of the jot,

  • 2:47

    then we return false.

  • 2:52

    Now we are ready to create the requireAuth() function.

  • 3:06

    This function will check the isAuthenticated() function.

  • 3:09

    If(:isAuthenticated()).

  • 3:21

    We redirect the user to the login page.

  • 3:30

    Before we redirect we should set a new cookie with the same name that

  • 3:35

    expires in the past with an invalid jot.

  • 3:57

    Access_token.

  • 4:01

    Expired.

  • 4:04

    The time before now.

  • 4:12

    The path and the cookie domain.

  • 4:23

    Now we pass the cookie on the redirect.

  • 4:41

    This is common practice for making sure that the browser does not see

  • 4:45

    a valid jot in case it misses that the cookie is actually expired.

  • 4:50

    Now you can use the requireAuth() function at the top of any file

  • 4:54

    you want to require authentication.

  • 4:56

    Let's start by adding this to the add.php file.

  • 5:01

    Make sure that you include the bootstrap file at the top.

  • 5:13

    And then requireAuth.

You need to sign up for Treehouse in order to download course files.

Sign up