1 00:00:00,540 --> 00:00:03,900 I've included the code for the basic system of the website, 2 00:00:03,900 --> 00:00:08,390 which allows guests of our site to submit books and to vote on them. 3 00:00:08,390 --> 00:00:10,900 Although the basic functionality is working, 4 00:00:10,900 --> 00:00:13,490 let's make it even better with authentication. 5 00:00:14,580 --> 00:00:16,420 I want to set the site up, so 6 00:00:16,420 --> 00:00:22,570 that a user has to be logged in to be able to submit a book and to vote on it. 7 00:00:22,570 --> 00:00:27,550 The first requirement here is to allow a user to register for our book voting site. 8 00:00:28,740 --> 00:00:31,850 I've already provided the registration form itself. 9 00:00:31,850 --> 00:00:36,240 So we can focus on the creation of the registration procedure. 10 00:00:36,240 --> 00:00:38,666 We are currently asking for three items. 11 00:00:38,666 --> 00:00:44,390 A username, a password, and for the user to confirm their password. 12 00:00:44,390 --> 00:00:47,110 This form can be extended to require any 13 00:00:47,110 --> 00:00:50,760 other information that you would like to have associated with the user. 14 00:00:50,760 --> 00:00:53,460 Our first step is to create the procedure for 15 00:00:53,460 --> 00:00:56,110 registration that this form will be submitted to. 16 00:00:57,670 --> 00:01:02,174 In the procedure's folder, create a new file named doRegister. 17 00:01:07,896 --> 00:01:13,041 We'll start this file the same as all other procedures, 18 00:01:13,041 --> 00:01:17,662 require_once, and require our bootstrap file. 19 00:01:20,822 --> 00:01:27,670 We'll go up one level, /inc/bootstrap.php. 20 00:01:27,670 --> 00:01:31,933 Next, we want to capture the variables that we need from the request object. 21 00:01:31,933 --> 00:01:36,390 $username = request. 22 00:01:39,302 --> 00:01:40,516 Get('username'). 23 00:01:44,524 --> 00:01:51,906 $password = request get('password'). 24 00:01:51,906 --> 00:01:55,847 And we can copy this for 25 00:01:55,847 --> 00:01:59,999 $confirmPassword and 26 00:01:59,999 --> 00:02:06,234 get('confirm_password'). 27 00:02:08,520 --> 00:02:11,460 We'll use these variables through the rest of this script. 28 00:02:12,680 --> 00:02:15,240 We are now ready to begin the checks before 29 00:02:15,240 --> 00:02:17,900 inserting the user into the database. 30 00:02:17,900 --> 00:02:22,350 When writing your registration scripts, I always suggest that you start 31 00:02:22,350 --> 00:02:26,210 with the checks that do not require database connection. 32 00:02:26,210 --> 00:02:27,900 So, for our first check, 33 00:02:27,900 --> 00:02:31,478 let's compare to make sure the passwords were typed in the same. 34 00:02:31,478 --> 00:02:39,407 If the $password does not equal the $confirmPassword. 35 00:02:45,494 --> 00:02:51,540 If they don't match, then we're going to add a flash message. 36 00:02:51,540 --> 00:02:55,864 We use $session, 37 00:02:55,864 --> 00:03:02,619 getFlashBag, add, error, 38 00:03:02,619 --> 00:03:08,301 passwords do not match. 39 00:03:08,301 --> 00:03:13,999 And then we'll redirect 40 00:03:13,999 --> 00:03:18,640 to register.php. 41 00:03:18,640 --> 00:03:20,510 If we pass this first check, 42 00:03:20,510 --> 00:03:25,850 the next thing we should do is to check to see if that username already exists. 43 00:03:25,850 --> 00:03:30,601 We have a function for the database connection in our functions_users file. 44 00:03:31,820 --> 00:03:36,480 The function is findUserByUsername. 45 00:03:36,480 --> 00:03:42,770 This function will return an empty array if no username is found or 46 00:03:42,770 --> 00:03:48,670 if a user is found and associative array of the user details from the database. 47 00:03:48,670 --> 00:03:50,916 We'll use this for our next check. 48 00:03:54,648 --> 00:04:01,537 We set $user equal to findUserByUsername. 49 00:04:03,398 --> 00:04:04,704 And we pass our $username. 50 00:04:06,933 --> 00:04:12,237 We want to make sure that there is no user in the system with that username, 51 00:04:12,237 --> 00:04:14,650 so we expect an empty user array. 52 00:04:15,920 --> 00:04:23,700 So we'll check if not empty, $user. 53 00:04:23,700 --> 00:04:28,462 If the user array is not empty, we add a flash error message. 54 00:04:28,462 --> 00:04:34,624 $Session getFlashBag, 55 00:04:34,624 --> 00:04:41,344 add error, and we'll say, 56 00:04:41,344 --> 00:04:46,671 user already exists. 57 00:04:46,671 --> 00:04:53,070 And then we'll redirect to register.php. 58 00:04:55,420 --> 00:04:58,320 Before we can finish off this registration, 59 00:04:58,320 --> 00:05:00,860 we need to talk about passwords and security.