1
00:00:00,330 --> 00:00:06,660
Now that we have our form in JavaScript code completed we need to create the HP script that validates

2
00:00:06,660 --> 00:00:11,900
our form and inputs it into the database we've created earlier.

3
00:00:11,910 --> 00:00:18,270
We also need our HP script to encrypt our plain text password prior to storing it into the database

4
00:00:19,600 --> 00:00:20,710
so to get started.

5
00:00:20,710 --> 00:00:30,240
Create a new file and save it is add user dot P. HP.

6
00:00:30,340 --> 00:00:33,100
Make sure to save it in the perfect cup directory

7
00:00:36,660 --> 00:00:40,530
the HP script will start with a session start.

8
00:00:40,530 --> 00:00:41,130
Function

9
00:00:49,000 --> 00:00:55,810
this will make sure that the user is logged into their account after registration will store their user

10
00:00:55,810 --> 00:01:03,430
I.D. first name and last name using session variables later on we'll create a logout button that will

11
00:01:03,430 --> 00:01:04,940
terminate the session.

12
00:01:07,860 --> 00:01:10,890
So you'll see this in action later on.

13
00:01:12,440 --> 00:01:18,100
Next we need to create a connection to our database so that we can insert a new record.

14
00:01:18,200 --> 00:01:24,100
If the form data passes validation so this syntax should look familiar.

15
00:01:24,800 --> 00:01:32,160
We've just created a database connection and we've set the parameters to local host route user.

16
00:01:32,270 --> 00:01:37,150
Password and the perfect cup database has been selected.

17
00:01:37,160 --> 00:01:44,090
Now we need to create the variables that will store the first name last name email and password from

18
00:01:44,150 --> 00:01:44,900
our form

19
00:01:50,770 --> 00:01:54,970
since we use the post method in our ajax call.

20
00:01:54,970 --> 00:01:58,790
We'll set the method to post in our HP script as well.

21
00:01:59,140 --> 00:02:05,230
You can see that we've used the my rescue while I real escape string function to escape any special

22
00:02:05,230 --> 00:02:09,040
characters that the user might have typed into the form inputs.

23
00:02:09,040 --> 00:02:13,060
This keeps your web page secure by preventing Eskew all injection

24
00:02:15,950 --> 00:02:23,230
so the values that have been entered have been stored into these variables f name l name email and password.

25
00:02:23,240 --> 00:02:29,890
Next we'll set up our validation so here we have an if statement and I haven't closed the if statement

26
00:02:29,890 --> 00:02:34,270
yet and we'll explain that in just a second.

27
00:02:34,390 --> 00:02:42,940
The first three statements check to make sure that the F name l name and email data meets a minimum

28
00:02:42,940 --> 00:02:44,040
number of characters.

29
00:02:45,090 --> 00:02:47,790
Each check will output a different error message.

30
00:02:47,790 --> 00:02:56,680
If the validation fails for example if f name is less than two characters the error message will be

31
00:02:56,890 --> 00:03:08,850
f name and if you recall on a registered IP HP page we had our javascript interpret these error codes

32
00:03:08,910 --> 00:03:14,370
and display an error message to the user depending on the error code

33
00:03:19,180 --> 00:03:27,830
so the first second and third check for the length using the string length function.

34
00:03:27,850 --> 00:03:32,000
This line here checks to make sure that the email format is correct.

35
00:03:32,010 --> 00:03:34,610
P HP has a built in function for this.

36
00:03:34,780 --> 00:03:36,550
It's called filter.

37
00:03:36,550 --> 00:03:44,600
Var and if the format is incorrect the error code we've set is e format.

38
00:03:45,050 --> 00:03:50,180
So this is the email variable that stores the email address the user input it.

39
00:03:50,280 --> 00:03:57,450
It will be checked for the correct format and if the check fails the format will be output.

40
00:03:57,540 --> 00:04:04,160
The last statement checks to make sure that the password input contains more than four characters.

41
00:04:04,200 --> 00:04:09,520
So essentially we want the password to be a minimum of four characters just for security purposes.

42
00:04:09,690 --> 00:04:18,510
And if that check fails we've set the output to P. short if the form data passes all validation.

43
00:04:18,510 --> 00:04:26,630
The next step in the process is to encrypt the password and that's why we have an L statement so if

44
00:04:26,630 --> 00:04:33,170
all this passes and there's no error codes the next step is to encrypt our password

45
00:04:44,560 --> 00:04:51,730
the password encryption is done using the password hash function that's built into BHP.

46
00:04:51,760 --> 00:04:58,820
This function will hash a plain text password into a 60 character string inside this function.

47
00:04:58,850 --> 00:05:03,210
We specified the password to hash and the encryption method.

48
00:05:03,260 --> 00:05:10,330
So we want to hash the data contained in the password variable so that's the text at the user's input

49
00:05:10,330 --> 00:05:12,230
it into the password field.

50
00:05:12,250 --> 00:05:19,950
We also need to specify the encryption method and the be crypto method is is most widely used and considered

51
00:05:19,950 --> 00:05:22,380
one of the best methods for hashing.

52
00:05:22,380 --> 00:05:25,840
So that's why we have the password B crip statement here.

53
00:05:25,890 --> 00:05:33,580
We can also specify a cost the higher the cost value the stronger the hash.

54
00:05:33,610 --> 00:05:39,220
Note that encrypting with very high cost values slows down the Web page and is more demanding on the

55
00:05:39,220 --> 00:05:50,190
server and we've set it to twelve so a higher cost value would be a 13 or 14 and any number below that

56
00:05:50,190 --> 00:05:53,470
would be considered a low cost.

57
00:05:53,470 --> 00:05:59,690
The hash password is stored in a new variable called s password.

58
00:05:59,710 --> 00:06:04,010
We'll show you how to unpack the password when we create the log in page.

59
00:06:04,030 --> 00:06:09,520
So for now don't worry about on hashing we're only concerned concerned with hashing the password after

60
00:06:09,520 --> 00:06:11,650
validation and password hashing.

61
00:06:11,680 --> 00:06:17,720
We execute a query statement and this query statement is executed on the members table.

62
00:06:17,740 --> 00:06:23,560
So we select records from members where email is equal to the email variable.

63
00:06:23,560 --> 00:06:29,380
This is done to make sure that the registrants email does not already exist exist in the system.

64
00:06:29,380 --> 00:06:35,170
If the user's email does exist we're going to be outputting an error code false and you'll see that

65
00:06:35,170 --> 00:06:36,210
in just a moment.

66
00:06:36,220 --> 00:06:38,940
So here's our if statement that's what that's what it looks like.

67
00:06:49,570 --> 00:06:50,950
This comment just trailed off.

68
00:06:50,980 --> 00:06:52,350
I'm going to put it back in the right place.

69
00:06:56,210 --> 00:06:58,300
OK so this is what the if statement looks like.

70
00:06:58,370 --> 00:07:05,360
If the number of rows resulting from our query statement is less than 1 that means that the user's email

71
00:07:05,360 --> 00:07:07,520
does not exist in the system.

72
00:07:07,790 --> 00:07:15,840
And if that's the case we're going to insert a row into our database and into the member's table which

73
00:07:15,840 --> 00:07:22,480
contains the first name last name email and password that the user input it.

74
00:07:22,590 --> 00:07:24,860
So these are the the column names.

75
00:07:25,050 --> 00:07:30,570
These are the values that are going to be inserted into these columns if the row insertion was successful.

76
00:07:30,570 --> 00:07:37,860
We create a three session variables that store the record I.D. and the idea will be stored in a session

77
00:07:37,860 --> 00:07:39,180
variable called log in.

78
00:07:39,480 --> 00:07:45,660
We also store the user's first name and last name and this way the user will be logged into their account

79
00:07:45,900 --> 00:07:51,090
and they can access the member only blog until they decide to log out.

80
00:07:51,090 --> 00:07:55,620
We've also set the p HP script to output this access code is true.

81
00:07:55,620 --> 00:08:02,140
Once the record is inputted so if the records input it their account has been created successfully and

82
00:08:02,830 --> 00:08:12,870
our javascript code on the registered dog HP page is then going to redirect them to indexed IP HP which

83
00:08:12,870 --> 00:08:20,800
is the home page and that's going to happen after the account process message appears

84
00:08:25,840 --> 00:08:33,300
so user L statement the L statement again is if the email does exist exist in the system.

85
00:08:33,400 --> 00:08:41,350
So if the user is already in the system we echo the error code false and on a registered IP HP page

86
00:08:41,890 --> 00:08:48,040
you can see here that if HP AML is equal to False the alert will be email address already exists in

87
00:08:48,040 --> 00:08:48,550
the system

88
00:08:53,800 --> 00:08:57,060
and that's the complete script.

89
00:08:57,090 --> 00:09:05,350
So what we can do now is go ahead and test our script to make sure that it does work and that the record

90
00:09:05,350 --> 00:09:07,460
does input into the database.

91
00:09:07,510 --> 00:09:14,300
I'm going to bring back p p my admin and I'm just gonna click on our members table.

92
00:09:14,530 --> 00:09:17,820
So right now we can see that there's no records in sight.

93
00:09:17,830 --> 00:09:18,490
Our table

94
00:09:22,610 --> 00:09:29,130
is going to go back to the Web page and here's the registered IP HP page

95
00:09:34,700 --> 00:09:37,500
you'll just refresh it.

96
00:09:37,510 --> 00:09:45,300
So first of all if I click submit you can see that we get the first name is required so that tells us

97
00:09:45,300 --> 00:09:47,760
that the validation is working.

98
00:09:47,760 --> 00:09:52,860
So the javascript and Ajax code is successfully communicating with our HP script which is a good sign

99
00:09:53,620 --> 00:09:55,590
and so I'll just enter a test record

100
00:10:08,860 --> 00:10:17,060
and I'll click submit so account process and it redirects to the index page so that tells us that all

101
00:10:17,080 --> 00:10:19,490
this was most likely successful.

102
00:10:19,530 --> 00:10:27,280
And when you refresh the table and there is the record we just created with the hashed password

103
00:10:37,880 --> 00:10:42,350
and in the next lesson we'll create our log in page so stay tuned for that.