Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Well done!
You have completed Introduction to User Authentication in PHP!
You have completed Introduction to User Authentication in PHP!
Preview
We need another function that we can use, on pages that require authentication. This requireAuth function will use our isAuthenticated function.
Requiring Authentication on Pages
Add requireAuth(); to the following files
- add.php
- procedures/addBook.php
- procedures/vote.php
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
We need another function that we can use
on pages that require authentication.
0:00
Let's create a new function and
we'll name this requireAuth.
0:06
This function will use our
isAuthenticated function.
0:16
If the user is not authenticated,
we will add a flash error message, and
0:21
redirect to login.
0:26
Don't forget to add the global session.
0:27
We'll set our session get flash bag,
0:34
add ('error', 'Not Authorized'),
0:40
And redirect, To login.php.
0:50
Now we can use the requireAuth
function at the top of any file
0:58
we want to require authentication.
1:03
Let's start by adding
this to the add.php file.
1:06
After the Boostrap file,
we can use requireAuth().
1:11
We also want to add the same
thing to our addBook procedure.
1:17
After Boostrap, we requireAuth,
1:25
we also want to add the authorized
user ID to our addBook function.
1:29
We can use the session get auth_ user_id.
1:40
Let's test this out in the browser.
1:48
When we visit add.php, while we're
logged in everything looks fine.
1:52
But if we log out and
then try to go to add.php,
1:58
we get a not authorized error and
we're redirected to the login page.
2:02
If we also try procedures, Addbook.php,
2:10
we also get the not authorized and
redirected to the login page.
2:18
Great, we can use this function
to lock down any page we want.
2:25
For our Book List page we only want to
lock down certain portions of the page.
2:30
The voting, and
the modification will require a login.
2:36
But everyone will be able to
see the book list itself.
2:40
If we go into books, we can see that
our book is located in templates/book.
2:47
First, we only want to allow
registered users to vote on a book.
2:57
So we can add a conditional
around the voting portion
3:03
to check if a user is
authenticated if isAuthenticated,
3:08
And then we'll end if.
3:24
We don't want to use
the requireAuth function
3:26
because we don't want to redirect.
3:30
We just want to decide if
we should show the vote.
3:32
Let's take a look at this in the browser.
3:35
When we are logged in, and we visit
the book list page, we see the vote.
3:39
If we log out, and go to the book list,
we no longer see the vote.
3:45
For the edit and
delete portions of the book,
3:52
we don't want to allow all logged
in users to be able to edit and
3:55
delete all books but
only the books added by that user.
3:59
Unless the user is an administrator
then they will be able to edit and
4:04
delete all books.
4:09
This brings us to the authorization
portion of the project, and
4:12
we'll learn about that
in the next section.
4:16
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up