1
00:00:02,200 --> 00:00:05,440
So let's start with the most important question.

2
00:00:05,440 --> 00:00:09,603
What exactly is authentication? What does this term mean?

3
00:00:10,520 --> 00:00:12,190
Well, as mentioned before in the

4
00:00:12,190 --> 00:00:14,707
last lecture on some websites,

5
00:00:14,707 --> 00:00:16,910
I would say on many websites, actually,

6
00:00:16,910 --> 00:00:20,690
you have certain areas on the website that should not be

7
00:00:20,690 --> 00:00:23,310
accessible by everyone. For example,

8
00:00:23,310 --> 00:00:25,660
if you are building a social network site,

9
00:00:25,660 --> 00:00:29,280
then you of course need to give users a off creating

10
00:00:29,280 --> 00:00:33,020
profiles so that they can use your site.

11
00:00:33,020 --> 00:00:34,620
If you're building an online shop,

12
00:00:34,620 --> 00:00:38,700
then people need to be able to log in to access their

13
00:00:38,700 --> 00:00:41,920
shopping cart, maybe, or most importantly,

14
00:00:41,920 --> 00:00:45,603
to access their past orders or place a new order.

15
00:00:46,980 --> 00:00:49,380
Or even if you're just building a blog,

16
00:00:49,380 --> 00:00:52,590
then visitors might not need an account,

17
00:00:52,590 --> 00:00:55,170
but the administrator, the owner of the

18
00:00:55,170 --> 00:00:58,820
blog probably should also have some kind of account,

19
00:00:58,820 --> 00:01:02,860
which grants exclusive access to the administration area

20
00:01:02,860 --> 00:01:05,600
where new block posts can be created.

21
00:01:05,600 --> 00:01:08,700
And existing blog posts can be managed.

22
00:01:08,700 --> 00:01:11,110
Not every user should be able to add

23
00:01:11,110 --> 00:01:14,460
it or delete or create blog posts.

24
00:01:14,460 --> 00:01:17,820
And for example, in the example, blog website,

25
00:01:17,820 --> 00:01:21,860
we built before in this course, that was the case There,

26
00:01:21,860 --> 00:01:26,850
Every user was able to do everything that was no problem.

27
00:01:26,850 --> 00:01:29,670
Back then in the course, because the focus of those

28
00:01:29,670 --> 00:01:34,240
course sections was to learn how to incorporate a database.

29
00:01:34,240 --> 00:01:37,170
We did not build a finished website there. It was

30
00:01:37,170 --> 00:01:40,090
just a demo website, but if you would be building

31
00:01:40,090 --> 00:01:42,400
a real blog, then of course you would

32
00:01:42,400 --> 00:01:45,040
want to lock down access to certain

33
00:01:45,040 --> 00:01:47,900
features and you would want to ensure that

34
00:01:47,900 --> 00:01:50,493
not every user is able to do everything.

35
00:01:51,510 --> 00:01:56,400
So therefore these are areas where you want authentication

36
00:01:56,400 --> 00:02:01,400
to lock down certain aspects or areas off your website and

37
00:02:01,930 --> 00:02:05,150
only grant access to authenticated users.

38
00:02:05,150 --> 00:02:09,690
So only grant access to users who do have an account.

39
00:02:09,690 --> 00:02:12,823
So how do you then implement authentication?

40
00:02:13,750 --> 00:02:16,100
Well, you can roughly split it into

41
00:02:16,100 --> 00:02:20,500
three main steps. The first step of course,

42
00:02:20,500 --> 00:02:24,610
is that you need to give your users a way of signing up of

43
00:02:24,610 --> 00:02:27,380
creating an account. If you don't have an account,

44
00:02:27,380 --> 00:02:30,570
you can't log in, they offer the next step.

45
00:02:30,570 --> 00:02:34,390
Once you added to the user sign up functionality is that you

46
00:02:34,390 --> 00:02:36,930
also add a log in functionality,

47
00:02:36,930 --> 00:02:39,200
allowing users to use their account,

48
00:02:39,200 --> 00:02:41,820
to then log in with their credentials.

49
00:02:41,820 --> 00:02:44,243
So with the email and password today choose,

50
00:02:45,600 --> 00:02:48,203
and then once users are logged in,

51
00:02:49,316 --> 00:02:51,410
you wanna kind of keep track of them.

52
00:02:51,410 --> 00:02:54,570
You wanna store the information that a certain user is

53
00:02:54,570 --> 00:02:58,370
locked in so that you can then grant that user access to

54
00:02:58,370 --> 00:03:01,550
certain protected pages in the future.

55
00:03:01,550 --> 00:03:03,570
If you don't keep track of that,

56
00:03:03,570 --> 00:03:07,590
then the login process alone won't be that helpful.

57
00:03:07,590 --> 00:03:11,280
The user logs in and then tries to visit a protected page.

58
00:03:11,280 --> 00:03:12,770
If you didn't store information

59
00:03:12,770 --> 00:03:14,160
that the users should be granted,

60
00:03:14,160 --> 00:03:16,740
access, access will be denied and the

61
00:03:16,740 --> 00:03:19,970
user will still not be able to access that page.

62
00:03:19,970 --> 00:03:23,680
So therefore storing that information that a certain user is

63
00:03:23,680 --> 00:03:27,620
locked in now is also a crucial part and will be one of the

64
00:03:27,620 --> 00:03:30,670
main parts of this course section, actually,

65
00:03:30,670 --> 00:03:33,774
that is where we will soon dive into sessions and cookies

66
00:03:33,774 --> 00:03:37,530
because those features will help us with keeping track of

67
00:03:37,530 --> 00:03:40,610
the authentication status of a user.

68
00:03:40,610 --> 00:03:43,890
But let's just get there. Step-by-step Shall we?

69
00:03:43,890 --> 00:03:46,550
let's ignore steps two and free for now.

70
00:03:46,550 --> 00:03:51,330
And let's start with step one user account creation and

71
00:03:51,330 --> 00:03:53,890
adding such a signup functionality and

72
00:03:53,890 --> 00:03:57,103
therefore allowing users to create accounts.