Build Your Own PHP Framework
This episode is for members only

Sign up to access "Build Your Own PHP Framework" right now.

Get started
Already a member? Sign in to continue
Playing
32. Showing authenticated state

Episodes

0%
Your progress
  • Total: 4h 45m
  • Played: 0m
  • Remaining: 4h 45m
Join or sign in to track your progress
01. Setting up
01. Introduction
2m 23s
0%
02. Composer and PSR-4 Autoloading
6m 17s
0%
03. Bootstrapping and structure
3m 18s
0%
04. Error reporting with Ignition
3m 49s
0%
02. Container
05. Using a container
3m 21s
0%
06. Adding service providers
5m 23s
0%
07. Autowiring with reflection
5m 5s
0%
08. Refactoring to a singleton
4m 17s
0%
03. Application config
09. Building the Config class
6m 19s
0%
10. Reading and merging config files
6m 21s
0%
11. Registering service providers through config
2m 13s
0%
12. Using env files
6m 26s
0%
04. Routing and controllers
13. Everything starts with requests
6m 52s
0%
14. Adding routing
5m 27s
0%
15. Responding in routes
4m 13s
0%
16. Cleaning up responding
7m 12s
0%
17. Defining routes in a separate file
3m 10s
0%
18. Creating a controller
5m 17s
0%
19. Using services inside controllers
2m 3s
0%
05. Views
20. Installing Twig
6m 22s
0%
21. Rendering a view
3m 36s
0%
22. Debugging in Twig
4m 45s
0%
23. Creating a base layout
3m 38s
0%
24. Page titles in Twig
4m 31s
0%
25. Creating a Twig config helper
8m 57s
0%
06. Database
26. Setting up and querying the database
13m 29s
0%
27. Working with models
4m 32s
0%
28. Creating an example user profile page
5m 49s
0%
07. Authentication
29. Setting up Sentinel
8m 36s
0%
30. Creating the registration flow
5m 44s
0%
31. Registering and authenticating a user
5m
0%
32. Showing authenticated state
5m 40s
0%
33. Logging in
3m 59s
0%
34. Logging out
3m 2s
0%
08. CSRF Protection
35. Protecting routes with CSRF
7m 51s
0%
36. Adding tokens to forms
6m 5s
0%
09. Flashing messages
37. Basic session flashing
5m 46s
0%
38. Creating a Twig helper and flashing globally
1m 39s
0%
10. Validation
39. Validating the login form
6m 40s
0%
40. Manually adding validation errors
1m 24s
0%
41. Validating the registration form
4m 5s
0%
42. Custom validation rules
9m 39s
0%
11. Middleware
43. How middleware works
5m 41s
0%
44. Adding auth middleware and grouping routes
7m 37s
0%
45. Persisting old form data
6m 53s
0%
12. Exception handling
46. Creating an exception handler
3m 38s
0%
47. Custom 404 (and other error) views
7m 27s
0%
48. Rendering views for CSRF errors
5m 18s
0%
13. Pagination
49. Paginating with Eloquent
7m 48s
0%
50. Building a pagination view with Twig
7m 38s
0%
14. Global helpers
51. Registering functions with PSR-4
1m 50s
0%
52. Container resolution helper
2m 24s
0%
53. View and config helpers
4m 12s
0%
54. Route generator helper
4m 34s
0%

Transcript

00:00
Let's update our navigation so we can see if a user is signed in and also get rid of links like register if we are signed in and specifically show things like dashboard if we are. Okay.
00:10
So before we do anything, let's just take a look at how we get the authenticated users details. We can check this just over on the home controller or even on the dashboard controller. It doesn't matter where we do this. Let's go ahead and pull in our auth functionality inside of here and let's just dump this when we invoke this controller.
00:30
So I'll kill the page here and let's go ahead and use dump here to access this auth. And sure enough, we have a get user method, which will grab the currently authenticated user. So if we head over to the browser and give this a refresh, sure enough, we now have an instance of an eloquent user with all of the attributes that we would expect. So remember Sentinel uses eloquent to get this working.
00:54
Now, before we go any further, one thing that we can do, because we've already got a user model inside of our application, we can actually configure which model gets used for the user that's returned with Sentinel. So at the moment, if we were to head over to our user model and start to add any methods on here, helpers or anything that we need, what we're going to end up with is the instance of the eloquent user and not our user. So let's change that over quickly and then we'll create a twig helper to access whether the user is authenticated and to grab their details and show them in the navigation. So remember a little bit earlier over in our config, we created this auth config, which came from Sentinel.
01:36
Let's search in here for model. And you can see that sure enough, this is the base model that's being returned when we see that authenticated user. So what we can do is very easily just switch this over to our instance of our model, extend the base eloquent user, which we need to do, and then just tidy up a couple of bits. So I'm going to switch this over to app models and user, and we just pull out the fully qualified namespace of that.
02:01
That will have been imported at the top, but you can do that in line if you want to. So now that we've done this, let's give the dashboard a refresh and you can see we get an error. That's just because our user model extends the base eloquent model and it doesn't extend the Sentinel model that we need. So let's go and extend, I think it's called eloquent model, our eloquent user.
02:22
And there we go. That's all we need to do. We'll have to add in some more fillable things, but that's fine for now. Give that a refresh and perfect.
02:29
We now have our own instance of our model being returned for that authenticated user. Now, what you'll find is when you try and register a user now, unless you have guarded set to false, you'll need to add in the fillable things. Now I don't typically use fillable when I'm working with eloquent. I just set guarded to false or just set guarded to the user's ID.
02:50
So I'm going to go ahead and uncomment this, get rid of fillable and just comment it out. And I'm going to change that to first name since we are dealing with a first name now, and I'm just going to set this to guard the ID. So now when we register users and it uses this model, it will be able to fill in all of the other fields in here. Okay.
03:07
So now that we've done that, we have access to our user, but what about this twig helper function? Well, we're just going to do exactly what we did before. So remember over in our view section, we have our twig extension, which registers out these functions. Let's register a new one here just called auth.
03:23
And we pretty much just want to return all of the auth functionality so we can use that in our templates. So over in the twig runtime extension, now we can create out a new method, which returns to our auth from the controller. So let's go ahead and say, get sentinel in here. That's all we need to do.
03:40
We should now have that function registered in our templates. So over in the navigation now, we can go ahead and just test dumping out the user. So let's just say auth.user.firstname. And because we're authenticated from the last episode, we should now see that.
03:59
Let's just get rid of that dump from the dashboard controller and we should be good. Okay. Let's have a look. And yeah, there we go.
04:06
We see my name. So we now know that we can use any of the auth functionality to do some checks. So let's go and just tidy up our navigation. So we know that the dashboard needs to be shown when we're signed in register and log in, which we'll be building in the next episode needs to be shown when we're not signed in.
04:24
So let's just start to create some if statements in here. So let's say if auth.check, so that will check if the user is authenticated and end the if there. So if we are authenticated, we show this. Otherwise, if we're not authenticated, so let's say if not auth check, it's a little bit different to standard PHP syntax within Twig.
04:43
So you have to sort of get used to this if you've not used it before, then we're good to go. Okay. So let's go and just add the user's name to a list item inside of here. So let's say auth and user.name or first name, and we should be good.
05:06
There we go. So because we're signed in now, we have access to dashboard and it shows my name. And of course you can start that up how you want. If we manually get rid of our PHP session and give this a refresh, we're back to the state that we have here.
05:21
Now we can still access our dashboard. So we're going to be covering things like middleware a little bit later, so we can prevent a user accessing certain pages if they're not signed in. But for now, that is just changing state around with that Twig helper inside of our templates. And you can use that to output absolutely anything you need.

Episode summary

In this episode, we make our app's navigation aware of the user's authentication state. First, we look at how to grab details of the authenticated user using the auth functionality provided by Sentinel. We check out the user instance that's returned and realize we can tweak which model Sentinel uses for users, so we update the config to point to our own User model, making sure it extends the right Sentinel model for everything to work correctly.

Once that's sorted out, we update our User model to use proper mass-assignment protections (using $guarded instead of $fillable, just for simplicity). With all this in place, Sentinel now returns our custom User model when a user is authenticated.

Next, we want to make auth checks available inside our Twig templates. To do this, we register a new Twig helper that lets us use all the auth functionality in our views. We then add some logic to the navigation template to show or hide links like 'Dashboard', 'Register', and 'Login' based on whether a user is signed in. If the user is authenticated, we display their name too.

Finally, we test this all out by logging in and out, making sure the navigation updates as expected! We mention that access controls for routes (like middleware to protect pages) will come later. For now, your navigation is smart and user-aware!

Episode discussion

No comments, yet. Be the first!