 Hey everybody, this is Brian. Welcome to the fifth Ye2 tutorial. Today we're going to be going over the very high-level version of authentication. If you go to your website and you click on Login, you can see we're presented with this nice little login screen and it says you can either log in with admin, admin, or demo, demo. So let's try that. Let's go. Demo, demo. And it doesn't really do much in the basic skeleton of a project that Yee's created for us, but you can see how it says log out demo. So if we click log out and then we do log in admin, oops, you can see it says log out admin. So what we're really demonstrated is that you can log in with different credentials. How does that work? Well, that's what we're going to cover. Very high level here. Go to YeeFramework.com and you can go to documentation guide 2.0 and I believe it's under security. I kind of scroll up and there's authentication. Now some of these guides are not fully fleshed out, but authentication is actually pretty well done. And it really explains, oops, I just nudged my microphone here, it really explains how all this works. For example, you can configure the identity class. Now what is an identity class? Whenever you go to a website, you have an identity. Even if you haven't logged in yet, your user 537 or whatever, or if you log in, you're me at home.com or whatever you've logged in as. So that's what an identity is. And this really defines what class controls that. And we'll look at that in detail. And then you can implement the identity interface on your own. So if you want to skip ahead and go, how do I authenticate from a database? Well, they actually give you directions right on this page. And it's pretty simple, actually. We won't actually write the code, but I'll show you what it looks like. And then in future tutorials, we're going to actually write the code and, you know, generate all that from scratch. So but you should go out and really read the authentication guide, because I mean, this is kind of a mini tutorial in itself. And that's really how I learned it. I thought it was pretty well done. So we'll go out here and we've we've kind of looked at that. So let's look at the underlying method under this. What do you think this is going to be? You can see where it says to modify the username and password, please check out the code in app models user and then users. So let's go out there. Well, app is pretty much just the root of your project pet store. And it said models. And then user user. So there's user. And then the dollar sign denotes a variable. So there's our user class. Now this is our identity. How do we know that? Well, two reasons it implements or, you know, uses an interface called identity interface. And if you actually go into your config here under these web, yeah, user identity class, and then well, there it is, you can actually switch these out as you want. And I believe you can actually on the fly dynamically do that if you want to do different authentication schemes for whatever reason. So if you're ever opening a project, you're like, Oh, what's the identity clashing? Just go into the config and it'll tell you app models users app is your root models and then ta-da users. So it extends or inherits the object class for ye and it implements the interface. Now if you slept through your PHP classes, what is an interface? What does it mean when it implements it? Well, an interface is a contract. It's a binding agreement between two classes saying thou shall have these properties. It's a lot like applying for a job. If you're going to apply for a job as say a brain surgeon that has 10 years of experience, well, you need to have that interface on your resume. You need to say I am a brain surgeon with 10 years experience. So if you work at McDonald's, you're not going to get a job for a brain surgeon. It's pretty much the gist of what an interface is. It's a contract. And you can see this bare bones class that he's automatically generated. It's got some, it's a model, right? It has some properties. I shouldn't really call it a model. It's not truly a model, but it's in the model's namespace. It has some properties and these are the actual credentials right here. You can see the username, password, off key, off token. What are those? Well, those really go in for like mobile authentication. They've actually done really well in E2. If you kind of want to see something awesome, take this website. If it's on like your local, you know, whatever, your local computer or whatever, find out your computer's IP address. It's IP config on Windows or IF config on Linux. And basically just surf that on your mobile phone, on your local network. And it actually scales beautifully for mobile development. I was very surprised when I saw that because a project I'm working on, I was like, oh, I got to build a separate view for mobile and blah, blah. No, it does it all. So anyways, the way mobile authentication typically works is you won't pass a username and password. What you'll do is you'll do an initial login, like a username and password login and it'll hand you what's called an off key or an off access token. And you as a mobile app will hand that back to the application. So that's unique per user. All right, anyways, so let's look at this identity interface because this class extends it. You can see there's some properties in here. Find identity, find by access token, you know, find by username, get ID, you know, what's all this stuff? Why do we need it? So let's go out to web. Oops, not web. Sorry. My bad. Vendor. Is it Yeesoft? I think it's Yeesoft. E2. Web. And there is the identity interface class. So if you ever want to inherit or implement something, you're like, where is it? I want to look at that code. Well, it's right there. All right, so in here you can see a full description of what's going on here. This should be implemented by a class providing identity information. This interface can typically be implemented by a user model class, for example, and then they give you a whole how to do it. And they have full descriptions of what each one of these are, which you can go out and really read. So in short, if you're going to do an identity, you need to implement this interface. And it's not hard. You just have to have the properties in there. And then you have to fill in what they do. So you have, let's see here, find identity. This finds somebody based off a primary key, if you will. So let me actually pull up on a different project that I've already fleshed out in the database. There we go. I have this accounts class. This is a different project, mind you. You won't have this. And this, as you can see, it's a model, which is just the user, if you will, the account. So I have email and password. That's how they log in. But in the actual user, I have commented out the auto-generated garbage. And then I'm just doing the, and I should grow up, this actually extends the accounts model. So what you do is you make a model out of your database where whatever bucket you want to call it, accounts, users, whatever. And you're going to inherit that using extends. So you have all those base properties, and then you're going to implement this interface on top of it. That way you keep your model separate from your authentication scheme. And then in your authentication scheme, you're going to actually, you know, you see how I've commented that out. You're going to do return static, find one. So what this is doing is it's saying accounts, because I've extended that model, find one based off that primary key. And pretty much the same thing with access token. I put in a little reset. And find by username, I added that myself. Actually, did I add that myself? Let's find out. No, I didn't. Sorry about that. Gosh, got kind of lost there for a minute. That was scary. Anyways, find by username is, you know, you have a username. I used email in the site that I was building. So I just kind of commented that out. And I did, you know, static find one where email equal to, you know, the username, et cetera, et cetera. So it's not hard, but you just need to understand how all this works and why it exists. So we covered how it works. Now, why does this exist? Well, this exists because you want to be able to log in to your website. And when you log in, you want to be able to do certain things. Now, we haven't really covered it, but we will in future tutorials. Let's kind of go back out here. When you look at your controllers, remember controls control the flow of things. You can see in your site controller this access control. And you have to use this E filters access control. So what you can actually do here is you can say if you're logged in, allow this. Otherwise, you do not allow this. If you're an admin, allow this. If you're not an admin, don't allow that. And you can see a prime example of that in the log out button. It's only available for this at sign, which is a shorthand for authenticated users, meaning you have to be logged in for log out to actually work. So let's just kind of play with this for a little bit, right? Let's go demo, demo. We're just going to log in. You see this log out. I don't know if it's picking up in the video, but down in the lower left hand corner kind of down here, you'll see where it says site slash log out. So if I click that, notice how it doesn't appear here because there's a redirect in the controller, but if we just kind of go, and I want to go log out, notice how it just bumps me back. So that's called the intrinsic redirect, meaning if you're not allowed to do it, it's just going to throw you right back there. We can look at that cold, that cold, geez, that code. See? You use your log out. Let's go home. There's another little thing you should understand is how did that actually change here? Like if you log in, log in again, demo, demo. See how it says log out demo? How does it know who you are? Whoops. Yeah, see, because we were playing with it, we broke it. Log out. So that actually demonstrated what I wanted to show you is we went go home and the home was set to log out when we modified the query string. I apologize if that's a little confusing, but I'm going to log out again. Contact. We'll reset the go home so it doesn't screw up on us. There we go. So how does it know if you're logged in or logged out? How does it know that in this view here? Well, if you go out to the, where is it? Views, layouts, and then your main layout. This is your page. I kind of just scroll down here. You see EAP user is guest. Is guest means you really don't have an identity at that point. You're just surfing there. You have an identity, but everything's blank. So if you're not a guest, then it's going to say EAP user identity username. So remember the identity is the identity interface. That's why you have to implement that interface because we're expecting that contract, those properties to be available. And one of those properties as well, username, kind of go back up here and look at this a little bit. See, user name. So that's pretty much it for this tutorial. I realized this is a complex topic. We haven't written any code, but this is all theory at this point. You need to understand the basics of how this works. Before we can really dive in and start writing code, you're really going to be lost because trust me, I was. Some of you out there that have been old school programmers for a long time are going, oh, this is easy. Get to the code. We're going to get to it, I promise. That being said, I get yelled at by my friends all the time. They're like, dude, you have an amazing channel. Why don't you advertise it more? So there's hundreds of videos. I've got like 6 million views and 35,000 subscribers, which in terms of video broadcast or whatever, really isn't much. But it's my little kingdom. Somewhere I've got monetization turned on. I need to figure out because I want these to be free. I've made like 51 cents. They're all like, well, if you put advertisements, you make millions and whatever. I don't want to make millions. I just want to teach people. Anyways, if you want help, go to voidromes.com, contact and click on the Voidromes Facebook group link. We're pushing almost 400 people in there right now. And it's an amazing resource. You ask a question and people will just inundate you with answers. It's kind of ridiculous. I think it's an awesome group and everybody in there is pretty awesome. That's it. I hope you found this educational and entertaining. And thank you for watching.