1
00:00:01,440 --> 00:00:08,670
So we have our post log in or a post show log in handler that will allow us to validate whether someone

2
00:00:08,670 --> 00:00:14,220
is actually in the database, has the correct username, which is an email address and has the correct

3
00:00:14,220 --> 00:00:14,850
password.

4
00:00:15,060 --> 00:00:17,690
But we don't have any information in our database.

5
00:00:17,700 --> 00:00:24,600
So if I look at the table users and I'll show you using postal code, but you can use DB or whatever,

6
00:00:24,630 --> 00:00:25,770
whatever client you want.

7
00:00:26,220 --> 00:00:31,920
This is my users table and it's currently empty and I can easily enough add someone so I can put myself

8
00:00:31,920 --> 00:00:32,370
in here.

9
00:00:33,120 --> 00:00:33,660
Trevor.

10
00:00:35,070 --> 00:00:40,080
My email will be me or I'll call it admin at admin dot com.

11
00:00:40,800 --> 00:00:41,730
Here's the problem.

12
00:00:41,730 --> 00:00:42,410
Password.

13
00:00:42,420 --> 00:00:43,860
What am I going to put in for password?

14
00:00:43,860 --> 00:00:49,350
Because I'm not storing clear text passwords because that's a serious violation of good security.

15
00:00:50,220 --> 00:00:55,130
So I need some means of generating a hash from a valid password.

16
00:00:55,440 --> 00:00:56,280
How am I going to do that?

17
00:00:56,640 --> 00:00:58,460
Well, let's fill out the rest of this stuff first.

18
00:00:58,530 --> 00:01:03,540
I'll make my access level three, which I've arbitrarily decided is going to be the admin level of access

19
00:01:03,930 --> 00:01:05,670
and created that I'll put in some date.

20
00:01:07,200 --> 00:01:08,070
There's one.

21
00:01:11,790 --> 00:01:14,310
But I still need some means of putting a password in there.

22
00:01:14,490 --> 00:01:15,770
Well, it's actually pretty easy.

23
00:01:16,380 --> 00:01:23,550
And what I'm going to do is take you to some code that I've written and saved on Play Langue, which

24
00:01:23,550 --> 00:01:28,920
is a nice place where you can actually enter short programs and run them right from a Web browser.

25
00:01:29,400 --> 00:01:35,250
And you'll see here that I've created a very simple program that has just package making and it has

26
00:01:35,250 --> 00:01:41,120
to import the format package and this one decrypt, which we're using already in our code.

27
00:01:41,700 --> 00:01:45,810
And all I'm doing is specifying a password as a string variable.

28
00:01:45,810 --> 00:01:51,410
And I've used arbitrarily the password password, by the way, don't use the password password in production.

29
00:01:51,420 --> 00:01:57,300
It's a bad idea, but I just want to get this running and then I'm using the secret package to actually

30
00:01:57,300 --> 00:01:59,460
generate a hash from a password.

31
00:02:00,570 --> 00:02:01,680
It takes two parameters.

32
00:02:01,710 --> 00:02:07,920
The first one is the is is a slice of bytes and I'm just taking my string password and in passing that

33
00:02:07,920 --> 00:02:14,190
in as a slice of bytes and the second parameter will generate the level of complexity for the hash.

34
00:02:14,670 --> 00:02:15,920
And then I'm just pointing it out.

35
00:02:15,930 --> 00:02:16,920
So when I run this.

36
00:02:19,530 --> 00:02:24,510
I actually get a hashed password, so I'll copy that, oops, get the whole thing here.

37
00:02:26,100 --> 00:02:26,730
Copy it.

38
00:02:27,030 --> 00:02:31,440
Go back to my database editor and paste that password in.

39
00:02:32,440 --> 00:02:39,880
And then save changes and now I have an entry in the database that I can actually use to test validation

40
00:02:39,880 --> 00:02:43,020
when we log in to test whether or not someone has entered the correct password.

41
00:02:43,060 --> 00:02:51,220
So I've put a link to the actual play this code on played go on the course resources, or you can just

42
00:02:51,220 --> 00:02:54,910
type this out in your favorite text editor and run it on your local machine.

43
00:02:55,150 --> 00:02:56,310
It's entirely up to you.

44
00:02:57,340 --> 00:03:01,840
So we'll test the newly added user in the database in the next lecture.