1 00:00:00,610 --> 00:00:06,330 We need another function that we can use on pages that require authentication. 2 00:00:06,330 --> 00:00:12,371 Let's create a new function and we'll name this requireAuth. 3 00:00:16,426 --> 00:00:19,660 This function will use our isAuthenticated function. 4 00:00:21,260 --> 00:00:26,150 If the user is not authenticated, we will add a flash error message, and 5 00:00:26,150 --> 00:00:27,780 redirect to login. 6 00:00:27,780 --> 00:00:31,376 Don't forget to add the global session. 7 00:00:34,483 --> 00:00:40,808 We'll set our session get flash bag, 8 00:00:40,808 --> 00:00:48,129 add ('error', 'Not Authorized'), 9 00:00:50,944 --> 00:00:58,650 And redirect, To login.php. 10 00:00:58,650 --> 00:01:03,120 Now we can use the requireAuth function at the top of any file 11 00:01:03,120 --> 00:01:06,080 we want to require authentication. 12 00:01:06,080 --> 00:01:09,190 Let's start by adding this to the add.php file. 13 00:01:11,120 --> 00:01:17,280 After the Boostrap file, we can use requireAuth(). 14 00:01:17,280 --> 00:01:20,770 We also want to add the same thing to our addBook procedure. 15 00:01:25,189 --> 00:01:29,291 After Boostrap, we requireAuth, 16 00:01:29,291 --> 00:01:36,960 we also want to add the authorized user ID to our addBook function. 17 00:01:40,868 --> 00:01:48,490 We can use the session get auth_ user_id. 18 00:01:48,490 --> 00:01:50,090 Let's test this out in the browser. 19 00:01:52,550 --> 00:01:58,090 When we visit add.php, while we're logged in everything looks fine. 20 00:01:58,090 --> 00:02:02,227 But if we log out and then try to go to add.php, 21 00:02:02,227 --> 00:02:08,507 we get a not authorized error and we're redirected to the login page. 22 00:02:10,770 --> 00:02:18,336 If we also try procedures, Addbook.php, 23 00:02:18,336 --> 00:02:25,430 we also get the not authorized and redirected to the login page. 24 00:02:25,430 --> 00:02:30,410 Great, we can use this function to lock down any page we want. 25 00:02:30,410 --> 00:02:36,310 For our Book List page we only want to lock down certain portions of the page. 26 00:02:36,310 --> 00:02:40,550 The voting, and the modification will require a login. 27 00:02:40,550 --> 00:02:43,775 But everyone will be able to see the book list itself. 28 00:02:47,409 --> 00:02:52,326 If we go into books, we can see that our book is located in templates/book. 29 00:02:57,883 --> 00:03:03,300 First, we only want to allow registered users to vote on a book. 30 00:03:03,300 --> 00:03:08,497 So we can add a conditional around the voting portion 31 00:03:08,497 --> 00:03:14,181 to check if a user is authenticated if isAuthenticated, 32 00:03:24,369 --> 00:03:25,700 And then we'll end if. 33 00:03:26,900 --> 00:03:30,020 We don't want to use the requireAuth function 34 00:03:30,020 --> 00:03:32,230 because we don't want to redirect. 35 00:03:32,230 --> 00:03:35,880 We just want to decide if we should show the vote. 36 00:03:35,880 --> 00:03:37,420 Let's take a look at this in the browser. 37 00:03:39,690 --> 00:03:45,180 When we are logged in, and we visit the book list page, we see the vote. 38 00:03:45,180 --> 00:03:50,830 If we log out, and go to the book list, we no longer see the vote. 39 00:03:52,140 --> 00:03:55,030 For the edit and delete portions of the book, 40 00:03:55,030 --> 00:03:59,200 we don't want to allow all logged in users to be able to edit and 41 00:03:59,200 --> 00:04:04,650 delete all books but only the books added by that user. 42 00:04:04,650 --> 00:04:09,910 Unless the user is an administrator then they will be able to edit and 43 00:04:09,910 --> 00:04:12,350 delete all books. 44 00:04:12,350 --> 00:04:16,290 This brings us to the authorization portion of the project, and 45 00:04:16,290 --> 00:04:18,700 we'll learn about that in the next section.