Require Authentication4:19 with Alena Holligan
We need another function that we can use, on pages that require authentication. This requireAuth function will use our isAuthenticated function.
Requiring Authentication on Pages
Add requireAuth(); to the following files
We need another function that we can use on pages that require authentication. 0:00 Let's create a new function and we'll name this requireAuth. 0:06 This function will use our isAuthenticated function. 0:16 If the user is not authenticated, we will add a flash error message, and 0:21 redirect to login. 0:26 Don't forget to add the global session. 0:27 We'll set our session get flash bag, 0:34 add ('error', 'Not Authorized'), 0:40 And redirect, To login.php. 0:50 Now we can use the requireAuth function at the top of any file 0:58 we want to require authentication. 1:03 Let's start by adding this to the add.php file. 1:06 After the Boostrap file, we can use requireAuth(). 1:11 We also want to add the same thing to our addBook procedure. 1:17 After Boostrap, we requireAuth, 1:25 we also want to add the authorized user ID to our addBook function. 1:29 We can use the session get auth_ user_id. 1:40 Let's test this out in the browser. 1:48 When we visit add.php, while we're logged in everything looks fine. 1:52 But if we log out and then try to go to add.php, 1:58 we get a not authorized error and we're redirected to the login page. 2:02 If we also try procedures, Addbook.php, 2:10 we also get the not authorized and redirected to the login page. 2:18 Great, we can use this function to lock down any page we want. 2:25 For our Book List page we only want to lock down certain portions of the page. 2:30 The voting, and the modification will require a login. 2:36 But everyone will be able to see the book list itself. 2:40 If we go into books, we can see that our book is located in templates/book. 2:47 First, we only want to allow registered users to vote on a book. 2:57 So we can add a conditional around the voting portion 3:03 to check if a user is authenticated if isAuthenticated, 3:08 And then we'll end if. 3:24 We don't want to use the requireAuth function 3:26 because we don't want to redirect. 3:30 We just want to decide if we should show the vote. 3:32 Let's take a look at this in the browser. 3:35 When we are logged in, and we visit the book list page, we see the vote. 3:39 If we log out, and go to the book list, we no longer see the vote. 3:45 For the edit and delete portions of the book, 3:52 we don't want to allow all logged in users to be able to edit and 3:55 delete all books but only the books added by that user. 3:59 Unless the user is an administrator then they will be able to edit and 4:04 delete all books. 4:09 This brings us to the authorization portion of the project, and 4:12 we'll learn about that in the next section. 4:16
You need to sign up for Treehouse in order to download course files.Sign up