1
00:00:01,520 --> 00:00:09,110
So now we need to turn our attention to secure user authentication, and what I want to do is to extend

2
00:00:09,110 --> 00:00:16,970
our application such that property owners are able to log in securely using best practices to look at

3
00:00:16,970 --> 00:00:20,810
reservations and bookings and to modify them and everything else they need to do.

4
00:00:21,380 --> 00:00:25,650
So the first thing we're going to have to have, obviously, is some means of logging in.

5
00:00:26,120 --> 00:00:30,350
So what I'm going to do, I have our application running here is I'm going to put a log in a link here,

6
00:00:30,950 --> 00:00:35,430
and that will take us to a page that allows the user to fill out a form to log in.

7
00:00:35,540 --> 00:00:36,680
So let's get started with that.

8
00:00:36,740 --> 00:00:37,860
This is an easy step.

9
00:00:38,810 --> 00:00:45,290
So the first thing I'll do is look at my base layout, which is something that appears on every page

10
00:00:45,290 --> 00:00:46,550
of the public facing site.

11
00:00:46,940 --> 00:00:57,290
And I'll scroll down to the menu part and I will simply copy this and paste it here and change the path

12
00:00:57,290 --> 00:00:58,840
to a route that doesn't exist yet.

13
00:00:58,850 --> 00:01:03,470
I'll call it user log in and I'll change the name to log in.

14
00:01:04,160 --> 00:01:08,750
And when I save that and come back here and reload the page, now I have a log in like it doesn't work

15
00:01:08,750 --> 00:01:09,020
yet.

16
00:01:09,410 --> 00:01:11,180
And there's going to have to be some work here.

17
00:01:11,180 --> 00:01:17,870
Of course, when somebody is actually logged in, which we haven't done yet, that log in should change

18
00:01:17,870 --> 00:01:22,090
to log out and then once they're logged out, it should change back to log in.

19
00:01:22,100 --> 00:01:24,190
So obviously that's something we're going to have to do.

20
00:01:24,620 --> 00:01:28,100
We also need to have a page with a form that lets you log in.

21
00:01:28,110 --> 00:01:29,560
Well, we can make the page right now.

22
00:01:29,570 --> 00:01:30,320
Let's go do that.

23
00:01:31,100 --> 00:01:40,940
So in my templates, I'll create a new page or a new file, which I'll just call log in page tempo and

24
00:01:40,940 --> 00:01:42,050
yes, add that to it.

25
00:01:42,470 --> 00:01:50,000
And for the sake of making this pretty fast, I will copy the about page pasted in here and replace

26
00:01:50,000 --> 00:01:51,180
this content with a form.

27
00:01:51,200 --> 00:01:54,440
So is there anywhere I already have a form I can copy and paste from.

28
00:01:54,440 --> 00:01:55,160
Yes, there is.

29
00:01:55,520 --> 00:01:56,420
Make reservation.

30
00:01:56,840 --> 00:01:59,050
So let's copy this bit right here.

31
00:01:59,060 --> 00:01:59,900
The first part.

32
00:02:01,370 --> 00:02:05,900
And go back here to my login page and replace the title with log in.

33
00:02:08,310 --> 00:02:12,960
And the whole thing has to be wrapped in a form tag, so I'll put the form tag in and just paste this

34
00:02:12,960 --> 00:02:18,540
in and I will change the login from first name, because you don't want people logging in by first name.

35
00:02:18,540 --> 00:02:23,700
You want a unique user ID and the unique user I.D., the easiest one to use.

36
00:02:23,700 --> 00:02:27,290
And the vast majority of the site to do this is to use an email address.

37
00:02:27,300 --> 00:02:34,750
So I'll change this to email and call this email and call this email and leave that alone.

38
00:02:35,490 --> 00:02:36,840
And this has to be email.

39
00:02:38,970 --> 00:02:42,960
The type will be email and will leave this empty.

40
00:02:42,960 --> 00:02:51,750
No value in there at all right now and call this email and this email and I think that's it for that

41
00:02:51,750 --> 00:02:52,020
one.

42
00:02:52,560 --> 00:02:56,360
And then we can copy the whole thing and put it in a place for their password.

43
00:02:58,050 --> 00:02:58,920
We don't need to merge.

44
00:02:58,920 --> 00:02:59,610
And top three.

45
00:02:59,610 --> 00:03:02,190
So I'll get rid of that and I'll call this password.

46
00:03:04,440 --> 00:03:06,990
And this password copy

47
00:03:09,330 --> 00:03:18,930
and paste and paste and paste, and the tape is not going to be text or email, it will be password.

48
00:03:19,770 --> 00:03:20,150
All right.

49
00:03:20,250 --> 00:03:21,620
That should be enough for that.

50
00:03:22,020 --> 00:03:27,270
Now, after this is all done, of course, we'll need an H.R. tag just to make it look good and a button

51
00:03:27,270 --> 00:03:33,060
that allows them to log in input type equals button or submit.

52
00:03:35,550 --> 00:03:41,490
Class equals button button primary and value equals submit.

53
00:03:42,330 --> 00:03:47,700
All right, so that gives us a basic form and there's no error checking on this yet, but we'll get

54
00:03:47,700 --> 00:03:48,600
to that before too long.

55
00:03:48,930 --> 00:03:53,220
Right now, all I've done is created a link and created a page.

56
00:03:54,090 --> 00:03:56,370
And now we need to create the necessary handlers.

57
00:03:56,370 --> 00:04:01,060
And there's a fair bit of work required to make this all as secure as it needs to be.

58
00:04:02,040 --> 00:04:04,740
So we'll get started on that in the next lecture.