1
00:00:00,540 --> 00:00:03,900
I've included the code for
the basic system of the website,

2
00:00:03,900 --> 00:00:08,390
which allows guests of our site to
submit books and to vote on them.

3
00:00:08,390 --> 00:00:10,900
Although the basic
functionality is working,

4
00:00:10,900 --> 00:00:13,490
let's make it even better
with authentication.

5
00:00:14,580 --> 00:00:16,420
I want to set the site up, so

6
00:00:16,420 --> 00:00:22,570
that a user has to be logged in to be
able to submit a book and to vote on it.

7
00:00:22,570 --> 00:00:27,550
The first requirement here is to allow a
user to register for our book voting site.

8
00:00:28,740 --> 00:00:31,850
I've already provided
the registration form itself.

9
00:00:31,850 --> 00:00:36,240
So we can focus on the creation
of the registration procedure.

10
00:00:36,240 --> 00:00:38,666
We are currently asking for three items.

11
00:00:38,666 --> 00:00:44,390
A username, a password, and for
the user to confirm their password.

12
00:00:44,390 --> 00:00:47,110
This form can be extended to require any

13
00:00:47,110 --> 00:00:50,760
other information that you would like
to have associated with the user.

14
00:00:50,760 --> 00:00:53,460
Our first step is to
create the procedure for

15
00:00:53,460 --> 00:00:56,110
registration that this
form will be submitted to.

16
00:00:57,670 --> 00:01:02,174
In the procedure's folder,
create a new file named doRegister.

17
00:01:07,896 --> 00:01:13,041
We'll start this file the same
as all other procedures,

18
00:01:13,041 --> 00:01:17,662
require_once, and
require our bootstrap file.

19
00:01:20,822 --> 00:01:27,670
We'll go up one level, /inc/bootstrap.php.

20
00:01:27,670 --> 00:01:31,933
Next, we want to capture the variables
that we need from the request object.

21
00:01:31,933 --> 00:01:36,390
$username = request.

22
00:01:39,302 --> 00:01:40,516
Get('username').

23
00:01:44,524 --> 00:01:51,906
$password = request get('password').

24
00:01:51,906 --> 00:01:55,847
And we can copy this for

25
00:01:55,847 --> 00:01:59,999
$confirmPassword and

26
00:01:59,999 --> 00:02:06,234
get('confirm_password').

27
00:02:08,520 --> 00:02:11,460
We'll use these variables
through the rest of this script.

28
00:02:12,680 --> 00:02:15,240
We are now ready to
begin the checks before

29
00:02:15,240 --> 00:02:17,900
inserting the user into the database.

30
00:02:17,900 --> 00:02:22,350
When writing your registration scripts,
I always suggest that you start

31
00:02:22,350 --> 00:02:26,210
with the checks that do not
require database connection.

32
00:02:26,210 --> 00:02:27,900
So, for our first check,

33
00:02:27,900 --> 00:02:31,478
let's compare to make sure
the passwords were typed in the same.

34
00:02:31,478 --> 00:02:39,407
If the $password does not
equal the $confirmPassword.

35
00:02:45,494 --> 00:02:51,540
If they don't match,
then we're going to add a flash message.

36
00:02:51,540 --> 00:02:55,864
We use $session,

37
00:02:55,864 --> 00:03:02,619
getFlashBag, add, error,

38
00:03:02,619 --> 00:03:08,301
passwords do not match.

39
00:03:08,301 --> 00:03:13,999
And then we'll redirect

40
00:03:13,999 --> 00:03:18,640
to register.php.

41
00:03:18,640 --> 00:03:20,510
If we pass this first check,

42
00:03:20,510 --> 00:03:25,850
the next thing we should do is to check
to see if that username already exists.

43
00:03:25,850 --> 00:03:30,601
We have a function for the database
connection in our functions_users file.

44
00:03:31,820 --> 00:03:36,480
The function is findUserByUsername.

45
00:03:36,480 --> 00:03:42,770
This function will return an empty
array if no username is found or

46
00:03:42,770 --> 00:03:48,670
if a user is found and associative array
of the user details from the database.

47
00:03:48,670 --> 00:03:50,916
We'll use this for our next check.

48
00:03:54,648 --> 00:04:01,537
We set $user equal to findUserByUsername.

49
00:04:03,398 --> 00:04:04,704
And we pass our $username.

50
00:04:06,933 --> 00:04:12,237
We want to make sure that there is no
user in the system with that username,

51
00:04:12,237 --> 00:04:14,650
so we expect an empty user array.

52
00:04:15,920 --> 00:04:23,700
So we'll check if not empty, $user.

53
00:04:23,700 --> 00:04:28,462
If the user array is not empty,
we add a flash error message.

54
00:04:28,462 --> 00:04:34,624
$Session getFlashBag,

55
00:04:34,624 --> 00:04:41,344
add error, and we'll say,

56
00:04:41,344 --> 00:04:46,671
user already exists.

57
00:04:46,671 --> 00:04:53,070
And then we'll redirect to register.php.

58
00:04:55,420 --> 00:04:58,320
Before we can finish
off this registration,

59
00:04:58,320 --> 00:05:00,860
we need to talk about passwords and
security.