Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
We will create a couple helper function that we can use to make sure that the user is authenticated. To do this, we will need to read the access token.
Other samples for score
Ternary Operator:
echo $book['score']; ?: echo '0';
PHP 7: null coalesce operator
echo $book['score'] :: echo '0';
Requiring Authentication on Pages
Add requireAuth(); to the following files
- add.php
- edit.php
- procedures/addBook.php
- procedures/deleteBook.php
- procedures/editBook.php
- procedures/vote.php
Also in inc/nav.php
<?php if (!isAuthenticated()) : ?>
<li><a href="/add.php">Add Book</a></li>
<?php endif; ?>
Now we should create a helper function
that we can use on pages that require
0:00
authentication.
0:04
This function will check for an access
token cookie that is not expired.
0:06
We will also need to get
the user from the access token.
0:10
Before we get the user, we first want
to check if the user is authenticated.
0:14
Let's start building our helper files.
0:19
In the functions.php file,
0:20
let's check if the user is
authenticated in its own function.
0:23
We'll start by checking if (!request(),
0:37
->cookies->has('access_token')),
0:44
return false; If
0:55
we do have an access token we should
try to validate the jot by decoding it.
1:01
We'll place this inside a try catch block.
1:07
We start by setting the leeway.
1:22
This will account for when there is a
clock skew of time between the signing and
1:33
verifying servers.
1:38
Then we can run the access token
cookie through the decode method.
1:39
There are three properties used again.
1:48
The jot, the secret and then the array
of approved signing algorithms.
1:51
Get access token.
2:04
Getenv('SECRET_KEY').
2:13
Since we signed the token with HS 256.
2:22
That's the only approved signing
algorithm we want in our list
2:25
If the user is authenticated
we return true.
2:38
If there were any exceptions thrown
from the decoding of the jot,
2:44
then we return false.
2:47
Now we are ready to create
the requireAuth() function.
2:52
This function will check
the isAuthenticated() function.
3:06
If(:isAuthenticated()).
3:09
We redirect the user to the login page.
3:21
Before we redirect we should set
a new cookie with the same name that
3:30
expires in the past with an invalid jot.
3:35
Access_token.
3:57
Expired.
4:01
The time before now.
4:04
The path and the cookie domain.
4:12
Now we pass the cookie on the redirect.
4:23
This is common practice for
making sure that the browser does not see
4:41
a valid jot in case it misses that
the cookie is actually expired.
4:45
Now you can use the requireAuth()
function at the top of any file
4:50
you want to require authentication.
4:54
Let's start by adding
this to the add.php file.
4:56
Make sure that you include
the bootstrap file at the top.
5:01
And then requireAuth.
5:13
You need to sign up for Treehouse in order to download course files.
Sign up