Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
- Application Overview 4:18
- Object-Oriented Authentication
- Authentication vs Authorization 1:46
- AuthN vs AuthZ 5 questions
- Registration System 5:01
- Securing Passwords 5:01
- Login System 5:45
- Registration and Security 5 questions
- Verify Authentication 3:52
- Logging Out 4:00
- Require Authentication 4:19
- Authenticated Login 5 questions
Well done!
You have completed Introduction to User Authentication in PHP!
Preview
Video Player
00:00
00:00
00:00
- 2x 2x
- 1.75x 1.75x
- 1.5x 1.5x
- 1.25x 1.25x
- 1.1x 1.1x
- 1x 1x
- 0.75x 0.75x
- 0.5x 0.5x
We need another function that we can use, on pages that require authentication. This requireAuth function will use our isAuthenticated function.
Requiring Authentication on Pages
Add requireAuth(); to the following files
- add.php
- procedures/addBook.php
- procedures/vote.php
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
We need another function that we can use
on pages that require authentication.
0:00
Let's create a new function and
we'll name this requireAuth.
0:06
This function will use our
isAuthenticated function.
0:16
If the user is not authenticated,
we will add a flash error message, and
0:21
redirect to login.
0:26
Don't forget to add the global session.
0:27
We'll set our session get flash bag,
0:34
add ('error', 'Not Authorized'),
0:40
And redirect, To login.php.
0:50
Now we can use the requireAuth
function at the top of any file
0:58
we want to require authentication.
1:03
Let's start by adding
this to the add.php file.
1:06
After the Boostrap file,
we can use requireAuth().
1:11
We also want to add the same
thing to our addBook procedure.
1:17
After Boostrap, we requireAuth,
1:25
we also want to add the authorized
user ID to our addBook function.
1:29
We can use the session get auth_ user_id.
1:40
Let's test this out in the browser.
1:48
When we visit add.php, while we're
logged in everything looks fine.
1:52
But if we log out and
then try to go to add.php,
1:58
we get a not authorized error and
we're redirected to the login page.
2:02
If we also try procedures, Addbook.php,
2:10
we also get the not authorized and
redirected to the login page.
2:18
Great, we can use this function
to lock down any page we want.
2:25
For our Book List page we only want to
lock down certain portions of the page.
2:30
The voting, and
the modification will require a login.
2:36
But everyone will be able to
see the book list itself.
2:40
If we go into books, we can see that
our book is located in templates/book.
2:47
First, we only want to allow
registered users to vote on a book.
2:57
So we can add a conditional
around the voting portion
3:03
to check if a user is
authenticated if isAuthenticated,
3:08
And then we'll end if.
3:24
We don't want to use
the requireAuth function
3:26
because we don't want to redirect.
3:30
We just want to decide if
we should show the vote.
3:32
Let's take a look at this in the browser.
3:35
When we are logged in, and we visit
the book list page, we see the vote.
3:39
If we log out, and go to the book list,
we no longer see the vote.
3:45
For the edit and
delete portions of the book,
3:52
we don't want to allow all logged
in users to be able to edit and
3:55
delete all books but
only the books added by that user.
3:59
Unless the user is an administrator
then they will be able to edit and
4:04
delete all books.
4:09
This brings us to the authorization
portion of the project, and
4:12
we'll learn about that
in the next section.
4:16
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up