1 00:00:00,850 --> 00:00:04,489 It's now time to create the user, since all our checks have passed. 2 00:00:04,489 --> 00:00:08,052 We do however need to work with our password a little bit. 3 00:00:08,052 --> 00:00:14,260 PHP has a nice feature that we can use for password hashing and for verification. 4 00:00:14,260 --> 00:00:17,090 We'll be using password hash to actually create 5 00:00:17,090 --> 00:00:19,610 the password we store in the database. 6 00:00:19,610 --> 00:00:23,190 This method will create a single direction hash, 7 00:00:23,190 --> 00:00:28,110 meaning this hash cannot be reversed to see the plain text password. 8 00:00:28,110 --> 00:00:31,930 The password hash function, takes in some properties. 9 00:00:31,930 --> 00:00:35,130 The first property is the Plain text password. 10 00:00:35,130 --> 00:00:39,290 The next property defines what algorithm you want to use. 11 00:00:39,290 --> 00:00:44,470 I suggest that you leave this as password default since PHP will update 12 00:00:44,470 --> 00:00:50,010 to a new default for you if the better algorithm exists or is created. 13 00:00:50,010 --> 00:00:53,410 Currently the algorithm that is used is B crypt, 14 00:00:53,410 --> 00:00:56,960 which will produce a modular crypt format password. 15 00:00:56,960 --> 00:01:00,420 The final property is an array of options. 16 00:01:00,420 --> 00:01:03,630 We'll be using all the default options for this project, but 17 00:01:03,630 --> 00:01:06,160 to learn more, you can find information in the notes. 18 00:01:07,360 --> 00:01:11,390 Let's take a quick look at what a password in modular crypt format looks like. 19 00:01:12,570 --> 00:01:17,870 [SOUND] The first part states that this is a B crypt hash in Modular Crypt Format. 20 00:01:17,870 --> 00:01:24,602 Modular Crypt Format or MCF is a standard for encoding password hash strings, 21 00:01:24,602 --> 00:01:29,500 other options the password may start with are 2A or 2B. 22 00:01:29,500 --> 00:01:32,090 The next part of the hash is the cost. 23 00:01:32,090 --> 00:01:36,090 This defines how many iteration is over the hashing you want. 24 00:01:36,090 --> 00:01:40,329 This iteration count will be two to the exponent of cost value. 25 00:01:40,329 --> 00:01:43,738 Typically, this cost is ten and that's fine. 26 00:01:43,738 --> 00:01:48,410 But if your computer hardware can handle more you can increase this value. 27 00:01:48,410 --> 00:01:52,372 Third in the string is the saw that is used for hashing. 28 00:01:52,372 --> 00:01:55,983 The last part of the string is the resulting hash. 29 00:01:55,983 --> 00:01:59,560 The plain text of the user password is never stored. 30 00:01:59,560 --> 00:02:04,351 Once you put all that together, you will receive a 60 character string that 31 00:02:04,351 --> 00:02:06,792 you can safely store in your database. 32 00:02:06,792 --> 00:02:09,964 Now with our understanding of password hash, 33 00:02:09,964 --> 00:02:13,310 we can hash our password for use in our database. 34 00:02:13,310 --> 00:02:15,809 Inside our do register procedure. 35 00:02:15,809 --> 00:02:24,469 We're going to add $hashed = password_hash, 36 00:02:24,469 --> 00:02:29,418 we'lll pass password, and 37 00:02:29,418 --> 00:02:34,169 then PASSWORD_DEFAULT. 38 00:02:34,169 --> 00:02:38,075 Next, let's add a new function called createUser. 39 00:02:48,528 --> 00:02:51,061 We'll need the email and the password. 40 00:02:55,940 --> 00:03:02,235 Again start with global $db, And our try to catch block. 41 00:03:16,502 --> 00:03:18,003 And we'll throw our exception. 42 00:03:22,249 --> 00:03:28,013 For our query, we're going to INSERT INTO USERS. 43 00:03:29,408 --> 00:03:35,617 Email, password, and role_id. 44 00:03:35,617 --> 00:03:40,025 We'll be using a role ID of two for general users and a role ID of one for 45 00:03:40,025 --> 00:03:41,250 administrators. 46 00:03:41,250 --> 00:03:46,017 There will be more on this coming up when we talk about authorization. 47 00:03:46,017 --> 00:03:50,125 For our values, 48 00:03:50,125 --> 00:03:54,821 we'll use email, 49 00:03:54,821 --> 00:03:59,229 password and 2. 50 00:04:06,002 --> 00:04:07,545 Prepare our query. 51 00:04:11,852 --> 00:04:13,714 And bind the values 52 00:04:39,051 --> 00:04:40,868 Then we execute. 53 00:04:42,307 --> 00:04:48,809 And we'll return findUserByEmail and 54 00:04:48,809 --> 00:04:51,571 pass the email. 55 00:04:51,571 --> 00:04:55,360 This function will now return the user if the user was created. 56 00:04:55,360 --> 00:04:58,556 Let's use this function in our procedure. 57 00:05:02,074 --> 00:05:08,571 $user = createUser($email, 58 00:05:08,571 --> 00:05:11,709 $hashed);. 59 00:05:11,709 --> 00:05:15,181 We'll make use of this user after we handle our login. 60 00:05:15,181 --> 00:05:20,315 For now, we'll just redirect the user back to the home page, 61 00:05:20,315 --> 00:05:23,001 redirect back to the home page. 62 00:05:23,001 --> 00:05:26,127 Let's go back to the browser and register a user.