Coding

Laravel 5.2 PHP Build a social network – Signup Controller & Model

  • 00:00:01 welcome back everyone and the last video
  • 00:00:04 we both kind of our or view or basic
  • 00:00:06 view we put our sign up in our sign-in
  • 00:00:09 form and now in this one you will fill
  • 00:00:12 it with some life right because we're
  • 00:00:14 developing with Larry ball and therefore
  • 00:00:17 well like it's it's time for us to
  • 00:00:19 create some flat back and logic which we
  • 00:00:22 will need for application so what I'll
  • 00:00:25 do in this video is I will create a user
  • 00:00:28 model set it up and level and will then
  • 00:00:32 hook it up to my sign up or my sign-in
  • 00:00:35 form so that we are actually able to
  • 00:00:37 either create a user by signing up or to
  • 00:00:41 login if we already have a user so let's
  • 00:00:44 get started
  • 00:00:46 I'll start by creating my model and I'll
  • 00:00:50 use the command line tool of level 4 for
  • 00:00:53 this so I'll write PHP artisan make
  • 00:00:59 model and I want to name that model user
  • 00:01:04 now I know that I first have to clean up
  • 00:01:07 my installation here I guess because
  • 00:01:10 yeah because level already ships with
  • 00:01:12 the user model and while I could use
  • 00:01:14 that and would provide all the
  • 00:01:16 functionality I need I really want to
  • 00:01:18 show you how to set up your your own
  • 00:01:20 user model and it's real easy to do so I
  • 00:01:22 just deleted a user PHP file here in the
  • 00:01:26 app folder which is the level user model
  • 00:01:28 we have and in the database folder I'll
  • 00:01:31 also get rid of the two PHP files which
  • 00:01:33 live in there so now I can execute my
  • 00:01:36 make model command and I want to make a
  • 00:01:39 user model and I also add tag – M – also
  • 00:01:44 create a migration for the user model
  • 00:01:47 right away now what our migrations what
  • 00:01:50 our models and laravel models are
  • 00:01:53 basically as an every MVC framework and
  • 00:01:56 the place where you wear your business
  • 00:02:00 logic is where you access your data
  • 00:02:02 where you were able to connect to your
  • 00:02:04 data fetch data manipulate data so yes
  • 00:02:07 it's the data decor logic of your
  • 00:02:10 application so to say and migrations are
  • 00:02:15 to level offers to us where we can very
  • 00:02:19 conveniently generate our tables in the
  • 00:02:23 database so we what we do is use a
  • 00:02:26 migration file create a bolero or we
  • 00:02:29 create when we are on our own and in
  • 00:02:31 this file we basically define a scheme
  • 00:02:34 which should be used to create the
  • 00:02:37 respective table so for example to make
  • 00:02:40 the more classical I created my user
  • 00:02:45 model and told laravel to also create a
  • 00:02:47 migration file by using – M at the end
  • 00:02:50 now if I go into that migration file
  • 00:02:53 under database migrations I got this
  • 00:02:56 basic setup here and what this file
  • 00:02:59 basically does is it specifies a
  • 00:03:01 function which will be run when we when
  • 00:03:05 we migrate or our migration files so
  • 00:03:08 this will create a table in our database
  • 00:03:10 that's all it will do this up function
  • 00:03:14 will create a table in our database and
  • 00:03:16 here inside this function we specify how
  • 00:03:20 this table should be structured which
  • 00:03:22 fields it should have how this field
  • 00:03:23 should be configured so if they are not
  • 00:03:26 able and so on that is what we do in our
  • 00:03:29 migration file and we also got the down
  • 00:03:32 function which basically says if you
  • 00:03:34 want to roll back my bed migrations
  • 00:03:36 because that is possible narrable if you
  • 00:03:38 want to start fresh or undo things then
  • 00:03:41 what should what should be done and
  • 00:03:43 normally you just drop the table so that
  • 00:03:46 you could recreate it
  • 00:03:47 if you migrated again so there's that
  • 00:03:50 convenient way of accessing your
  • 00:03:52 database and creating and deleting
  • 00:03:55 tables if you need to roll back without
  • 00:03:59 having to write any SQL or without
  • 00:04:02 having to go into the database even if
  • 00:04:05 you might use a graphical interface and
  • 00:04:07 it would still be a lot of clicking and
  • 00:04:11 doing it by hand whereas here you yeah
  • 00:04:14 you just create this table like you
  • 00:04:16 would set up a model by accessing
  • 00:04:18 certain or adding certain properties so
  • 00:04:20 to say to a object and then you just
  • 00:04:23 write it into the database so it's a
  • 00:04:25 very handy feature and
  • 00:04:28 when you'll often use when developing
  • 00:04:31 with laravel and the sequel database at
  • 00:04:33 least so this is a migration file for
  • 00:04:37 our users table and I want to have a
  • 00:04:40 very simple and plain user model so all
  • 00:04:43 I will do is add a string here so this
  • 00:04:46 will be a bar chart field if you're
  • 00:04:49 familiar with sequel and this string
  • 00:04:51 will have two name or this field will
  • 00:04:53 that have the name of shares email
  • 00:04:56 because let's say we want to have our
  • 00:04:58 users registered with an email instead
  • 00:05:02 of a username and I'll copy that and
  • 00:05:05 have another string which will be the
  • 00:05:06 password so string as I said will just
  • 00:05:09 be a bar chart here and that is almost
  • 00:05:13 all I want a password in an email
  • 00:05:15 there's one more thing I want to add
  • 00:05:17 because otherwise so rather to some
  • 00:05:19 problems with to build a level of
  • 00:05:21 application I'll add another field which
  • 00:05:25 is called remember token and this is
  • 00:05:28 basically a field where Larry could then
  • 00:05:30 store a token if we had like remember me
  • 00:05:33 checkbox and which store that key are in
  • 00:05:37 a cookie on the user's computer and also
  • 00:05:40 in our database table so that we could
  • 00:05:42 find out if the user closest in his
  • 00:05:45 browser and then comes back later if
  • 00:05:48 he's still locked in we're probably not
  • 00:05:51 going to use that in this application
  • 00:05:53 though it would be very easy to
  • 00:05:55 implement and we should implement this
  • 00:05:57 field nonetheless because otherwise when
  • 00:05:59 we as I said when we use the built-in
  • 00:06:01 authentication methods which level has
  • 00:06:04 you get kind of an annoying error if you
  • 00:06:07 don't have to remember tilton field
  • 00:06:10 specified so let's just do that good so
  • 00:06:13 that's everything we need to do that
  • 00:06:15 we'll set up our database table and what
  • 00:06:19 do we do in our user model file this one
  • 00:06:21 here in our app folder at the moment to
  • 00:06:25 be honest nothing because in the
  • 00:06:28 background
  • 00:06:28 lerigot we'll have as we're using a
  • 00:06:30 sequel database a kind of a strong
  • 00:06:33 connection to the database with eloquent
  • 00:06:37 which is leras or m so it's M yeah it's
  • 00:06:42 it's yes it's really a connection to the
  • 00:06:46 database table in the background so as
  • 00:06:47 we set up our table here we will be able
  • 00:06:52 to access all our fields in this table
  • 00:06:56 very very conveniently and intuitively
  • 00:06:59 through this user model without
  • 00:07:01 specifying any finger that's Celtic
  • 00:07:04 magic done by Lera low as we're using
  • 00:07:08 eloquent which again is a convenient way
  • 00:07:11 to access the the tables or the database
  • 00:07:16 behind the user Malone we're very user
  • 00:07:19 model is stored so for this to work it's
  • 00:07:23 important that we have a certain naming
  • 00:07:25 convention so our class here our model
  • 00:07:27 is called user uppercase user with
  • 00:07:30 beginning with an uppercase letter and
  • 00:07:32 our table for the user is called users
  • 00:07:35 all lower cases and plural with an S at
  • 00:07:40 the end this way level we'll be able to
  • 00:07:42 figure out that the users table belongs
  • 00:07:45 to the user model if we were to have say
  • 00:07:51 users – as our table name for some
  • 00:07:54 reason then we would have to change
  • 00:07:56 something in our user model name you
  • 00:07:58 would have to tell arival the table name
  • 00:08:00 because it would look for a user's table
  • 00:08:03 with an S at the end and it wouldn't
  • 00:08:04 find the table so then we would have to
  • 00:08:06 add our protected property table here
  • 00:08:10 and just give this the name of users –
  • 00:08:15 if that was the name were choosing and
  • 00:08:17 then again it would work because now
  • 00:08:19 would know okay I'm not looking for
  • 00:08:21 users I'm looking for the table
  • 00:08:23 specified in this model here but won't
  • 00:08:26 be necessary since we're using users and
  • 00:08:29 yeah so everything is working right out
  • 00:08:31 of the box that is a very cool feature
  • 00:08:33 of laravel in my opinion that was a lot
  • 00:08:38 of talking about the users but that's
  • 00:08:40 really an important thing to to
  • 00:08:42 understand how to use that because is a
  • 00:08:44 core feature and you might have a non
  • 00:08:47 sequel database in your back and then
  • 00:08:49 you will have to come up with your own
  • 00:08:50 code but if you're using a mice
  • 00:08:53 Oh database then hey why not use that so
  • 00:08:56 now that we got that it's time to create
  • 00:08:59 our first controller because we want to
  • 00:09:02 be able in our in our welcome few here
  • 00:09:07 will click on a sign up or on the
  • 00:09:09 sign-in buttons here and then we want
  • 00:09:11 you to fire a certain action which will
  • 00:09:13 check if if you can sign in the user if
  • 00:09:17 the sign-in button was clicked or if we
  • 00:09:19 can sign up the user if the button in
  • 00:09:23 the signup form was click and we'll
  • 00:09:25 handle that logic neck control first let
  • 00:09:28 me get rid of this off folder here in
  • 00:09:30 the controller's directory and now I'm
  • 00:09:33 going to create a new file which I will
  • 00:09:35 call user controller dot PHP and yeah
  • 00:09:42 it's a PHP file it is it has a name
  • 00:09:44 space of app HTTP controllers and it is
  • 00:09:52 called user controller and will it
  • 00:09:54 extend the default controller that's our
  • 00:10:01 user controller and now what I want to
  • 00:10:03 have here is I want to have a post sign
  • 00:10:09 up method 0 which is executed when we
  • 00:10:12 click the submit button in the sign up
  • 00:10:15 form and a post side in method which is
  • 00:10:18 executed if we collect a button and a
  • 00:10:20 sign in form so I'll create those two
  • 00:10:22 functions public function post sign up
  • 00:10:31 oops and another function post sign in
  • 00:10:42 both of those function will receive a
  • 00:10:45 request object because we click on our
  • 00:10:48 button and then the request is sent to
  • 00:10:51 to our server and is handled by Lera lo
  • 00:10:55 and we will soon in our routes file hook
  • 00:10:59 up our functions our methods were
  • 00:11:01 writing at the moment to the responding
  • 00:11:05 requests phone from this form and as
  • 00:11:08 this will be post requests we won't have
  • 00:11:10 any get parameters obviously but we will
  • 00:11:13 have our parameters in the request body
  • 00:11:16 therefore we need to access the request
  • 00:11:18 we do this by using laravel dependency
  • 00:11:21 injection which is very powerful and all
  • 00:11:24 we have to do for this is to specify the
  • 00:11:26 object you want to specify to inject so
  • 00:11:29 the type of the object in this case it
  • 00:11:32 will be off type request and will be
  • 00:11:35 living in the illuminate HTTP namespace
  • 00:11:42 so you want to use to add this import
  • 00:11:45 here this use import routing to
  • 00:11:49 illuminate HTTP request and then we'll
  • 00:11:53 just give this variable which will be
  • 00:11:55 injected a name and then we can use that
  • 00:11:58 name or this mary i will throughout our
  • 00:12:00 function so that's how the patency
  • 00:12:02 injection level works really really easy
  • 00:12:04 and really cool you can inject all kinds
  • 00:12:07 of objects lateral knows about a lot of
  • 00:12:10 objects by default how to inject them
  • 00:12:12 and you can also create custom objects
  • 00:12:14 where you will then have to like add a
  • 00:12:16 one line in one file to tell learn how
  • 00:12:18 to create that object and then you can
  • 00:12:20 inject this custom object too so that's
  • 00:12:23 really powerful thing and we will see
  • 00:12:25 this in later videos and yeah I'll just
  • 00:12:28 inject we request your cue and now I
  • 00:12:34 want you yeah do to basically create
  • 00:12:37 this to sign up functionality here so we
  • 00:12:41 will have a email industry
  • 00:12:44 we can't just access it access it by
  • 00:12:47 adding the request function here and it
  • 00:12:51 will be an array where we can just
  • 00:12:52 access our email field because if we go
  • 00:12:57 to our welcome few in our sign up post
  • 00:13:02 here form here we got our email field
  • 00:13:07 here and here this name of this input
  • 00:13:10 will be passed in this request array and
  • 00:13:14 we can access this name a word this this
  • 00:13:17 field in this area by just using the
  • 00:13:19 name we specify in our view very very
  • 00:13:21 easy and intuitive to do just recognized
  • 00:13:24 I also had a first name so let me
  • 00:13:26 quickly add that to our migration here
  • 00:13:28 so yeah just another string first name
  • 00:13:32 so that we can add us to if we got it in
  • 00:13:34 the form we should probably store it
  • 00:13:36 somewhere go ahead back in the
  • 00:13:38 controller I'll copy that three times on
  • 00:13:41 the first name we'll all three store now
  • 00:13:45 requests the access accessible by using
  • 00:13:49 this first name key because this is the
  • 00:13:52 name we are using here and then we'll
  • 00:13:54 have our password here our password
  • 00:14:06 which will be storing this password
  • 00:14:09 variable here and now what I want to do
  • 00:14:14 is I don't want to store the password in
  • 00:14:18 its raw format in our database right
  • 00:14:21 I want to encrypt it in some way
  • 00:14:23 therefore I'll use a helper function
  • 00:14:25 level the bcrypt function oops
  • 00:14:28 bcrypt which will hash my password so
  • 00:14:36 that it is safely decrypted in my
  • 00:14:39 database and later when we try to
  • 00:14:42 authenticate a user we will put a little
  • 00:14:45 use a built-in function or yeah helper
  • 00:14:49 provided by level which will
  • 00:14:51 automatically match or hash check the
  • 00:14:55 hash values of excuse me which will
  • 00:14:59 automatically check the hash values of
  • 00:15:01 the entered password and the password
  • 00:15:04 stored in the database
  • 00:15:05 so that it is able to find out if the
  • 00:15:08 correct password was entered now let's
  • 00:15:10 finish this user sign up here by adding
  • 00:15:16 by creating the user now and I will do
  • 00:15:19 this by just adding a variable called
  • 00:15:21 user which will be a new user new
  • 00:15:26 instance of our user object here and be
  • 00:15:29 sure to add this import to app user
  • 00:15:32 which is just where our user model lives
  • 00:15:34 here app user and now we can as a set
  • 00:15:39 just access the fields of in our
  • 00:15:41 database table like properties of this
  • 00:15:43 model so we'll just access user email
  • 00:15:48 like a property and set it equal to
  • 00:15:50 email then I'll access user first-name
  • 00:15:56 and set it equal to first name and I
  • 00:16:00 will access the password and set it
  • 00:16:05 equal to our encrypted password and all
  • 00:16:09 I do then is I run user safe and this
  • 00:16:12 will write it to the database and then
  • 00:16:15 let's say I want to return
  • 00:16:19 just yeah let's just returned back for a
  • 00:16:21 moment I will between a redirect back to
  • 00:16:24 the few where we came from so are
  • 00:16:26 welcome few back and that's all I'll do
  • 00:16:32 for in a moment obviously later we will
  • 00:16:35 automatically be automatically be
  • 00:16:37 redirected to like a dashboard or
  • 00:16:39 something like this and this is all now
  • 00:16:42 it won't work at the moment because I
  • 00:16:45 haven't set up my database connection so
  • 00:16:47 I'll just do this do this real quick and
  • 00:16:49 this will be done our dot Ian V file
  • 00:16:51 here under the these for database
  • 00:16:54 parameters now you will have to
  • 00:16:56 obviously configure that the way you
  • 00:16:58 need it to be configured on your local
  • 00:17:00 development environment or wherever
  • 00:17:01 you're working in my case I am using
  • 00:17:04 vagrant and a virtual machine my
  • 00:17:06 database will be called larold ville
  • 00:17:09 basics but you have entered whatever
  • 00:17:11 name you your database has obviously and
  • 00:17:14 I have this very secure default settings
  • 00:17:18 on my local environment and now we can
  • 00:17:23 run our migrated command under the
  • 00:17:26 command line by typing PHP artisan
  • 00:17:28 migrate and this will create a table in
  • 00:17:31 our database and now if we have a look
  • 00:17:35 at this this is just my secure program
  • 00:17:42 your application now I have these two
  • 00:17:45 tables in my database the migrations
  • 00:17:48 table just holds we are information
  • 00:17:50 about migrations which we run and layer
  • 00:17:52 we'll even use this if we were to roll
  • 00:17:55 back or reset our database now the users
  • 00:17:58 tables table we just set up in our PHP
  • 00:18:02 file and as you can see we got this
  • 00:18:03 email field first name password or
  • 00:18:05 remember token and an ID and our two
  • 00:18:08 time steps so that is everything we need
  • 00:18:11 here and now let me hook our our signup
  • 00:18:20 form up to this function here therefore
  • 00:18:22 I will go to my routes file under app
  • 00:18:25 rau HTTP routes and in here
  • 00:18:31 in this route group here as of level 5.2
  • 00:18:35 I will add a new route post and this
  • 00:18:41 will just be called signup slash sign up
  • 00:18:45 that will be what it will be displayed
  • 00:18:47 in the URL and I will then pass an array
  • 00:18:52 as the second argument and here this
  • 00:18:54 array I'll first specify the users key
  • 00:18:57 should be the controller we're using
  • 00:19:00 user controller and then add post sign
  • 00:19:06 up this will be the function which will
  • 00:19:08 get executed when we hit this request
  • 00:19:13 here to sign up post request and I'll
  • 00:19:17 also give the drought a name for me to
  • 00:19:20 make it easier to identify and use it
  • 00:19:23 throughout my application by just naming
  • 00:19:25 it yeah really sign up now back my
  • 00:19:29 welcome view here I'll take my form and
  • 00:19:33 currently it has no action and I'll just
  • 00:19:35 actual change because I will use my
  • 00:19:38 template expression here by using those
  • 00:19:42 double opening and closing curly braces
  • 00:19:44 and here I will use the route command so
  • 00:19:46 that in this action in the real HTML a
  • 00:19:50 link should be filled in leading to our
  • 00:19:54 signup route because I just gave it a
  • 00:19:58 name and I can just type route signup
  • 00:20:00 and this will then when it's ready to
  • 00:20:02 screen we turned into a full link which
  • 00:20:05 will be used as the route of this for
  • 00:20:10 now currently we would get an error
  • 00:20:12 because it might look correct here and
  • 00:20:15 got all the fields we need and so on but
  • 00:20:18 what we haven't got is a certain hidden
  • 00:20:22 input field we need to add do two levels
  • 00:20:25 built and security features so to say
  • 00:20:28 level has a built in protection against
  • 00:20:30 cross-site request forgery which
  • 00:20:32 basically means that someone gets your
  • 00:20:35 recession key so to say he'd be able to
  • 00:20:42 to log in or to
  • 00:20:44 to tie check that session shortly
  • 00:20:49 briefly described so to have some extra
  • 00:20:52 protection with each request we are
  • 00:20:54 passing a very specific session key
  • 00:20:56 already stored in our yet error in our
  • 00:20:58 current session and not in a cookie or
  • 00:21:01 something like this and as we add some
  • 00:21:03 protection against this these attacks
  • 00:21:05 therefore I'll create an input field of
  • 00:21:08 type hidden' and this will have a name
  • 00:21:11 of underscore token its name is
  • 00:21:14 important otherwise level won't be able
  • 00:21:16 to identify it and a value off again in
  • 00:21:20 template expression here session token
  • 00:21:26 this syntax here session double colon
  • 00:21:29 token is not accessing a static method
  • 00:21:33 in some session class instead session is
  • 00:21:37 a Sade and Larry will uses a lot of that
  • 00:21:40 besides these are basically just
  • 00:21:43 shortcuts cue to other functions to how
  • 00:21:47 core functions you could say in a way
  • 00:21:49 and we have different objects which have
  • 00:21:53 different helper functions and we can
  • 00:21:55 access them through these facets and a
  • 00:21:58 lot of those how the functions or the
  • 00:22:02 sales are already injected into our
  • 00:22:04 views or are usable in our templating
  • 00:22:07 engine here and therefore we can access
  • 00:22:10 the session token
  • 00:22:12 even though over nowhere in this file
  • 00:22:14 like is in any way injecting a session
  • 00:22:18 object and all this does is it fetches
  • 00:22:21 the token of our current session and
  • 00:22:24 will store it in this field here which
  • 00:22:27 will then be also submitted to our to
  • 00:22:31 our yeah and in our request now we don't
  • 00:22:34 have to manually check anything that'll
  • 00:22:37 stand by level automatically we just
  • 00:22:39 have to edit and put field otherwise you
  • 00:22:41 would get an error boo
  • 00:22:43 so again lot of talking and theory but I
  • 00:22:46 think it's very very important to get
  • 00:22:48 those core concepts right and now let's
  • 00:22:51 see if that works
  • 00:22:55 so in my
  • 00:22:57 sign up form here now I'll just enter
  • 00:23:01 some random email at but first name and
  • 00:23:05 then any password click Submit now we
  • 00:23:10 ran into an arrow here in our view even
  • 00:23:12 though we specified this in input field
  • 00:23:14 because it wasn't actually outputting
  • 00:23:19 any data or any token with this command
  • 00:23:21 and that is because in my routes file
  • 00:23:23 here I got this route in this middle
  • 00:23:28 work group but I have got my default
  • 00:23:30 route now it's important that I have
  • 00:23:32 both routes in a small workgroup because
  • 00:23:34 it is dis middle where the webmail where
  • 00:23:36 newly added layer of 5 to 2 which will
  • 00:23:39 ask the description here says add that
  • 00:23:41 CSRF protection so that's kind of little
  • 00:23:43 where which is useful or which should be
  • 00:23:47 used if you're doing front-end
  • 00:23:49 development or if you have like a
  • 00:23:51 wearable app which has fronted views and
  • 00:23:54 this back-end logic where you opposite
  • 00:23:57 would be for example simple restful
  • 00:23:58 service where all you would do with your
  • 00:24:00 lateral application would be consuming
  • 00:24:03 routes coming in from all kind of
  • 00:24:06 computers and servers and therefore no
  • 00:24:09 no sessions going on because as you know
  • 00:24:12 rates rest full service don't have
  • 00:24:16 sessions so here we have normal
  • 00:24:19 application we have sessions and network
  • 00:24:21 therefore we have to use this Web
  • 00:24:23 middleware for all our routes which are
  • 00:24:26 meant to be involved in some kind of
  • 00:24:29 sessions going on and let's and let's
  • 00:24:33 try this again and now this should work
  • 00:24:37 yeah don't get an error let's look in
  • 00:24:41 our database get an entry here and as
  • 00:24:45 you can see our password is hashed this
  • 00:24:47 is not what I entered in this form and
  • 00:24:50 yes we created our user and with this
  • 00:24:53 user were able to now in the next video
  • 00:24:56 create our sign-in form and then
  • 00:24:59 actually go a step further than just
  • 00:25:01 being stuck at our welcome view but it's
  • 00:25:05 very important to get these basics right
  • 00:25:07 to know how to create users how to
  • 00:25:09 access the database
  • 00:25:11 and how to submit forms correctly so
  • 00:25:13 very very important concepts now one
  • 00:25:15 thing we haven't going on in this form
  • 00:25:17 is validation we could pass an empty
  • 00:25:20 form here and we obviously obviously
  • 00:25:22 don't want to do this so that will be
  • 00:25:24 something we'll also have a look at in
  • 00:25:26 the next video so I'll see you there bye