1 00:00:00,000 --> 00:00:00,412 2 00:00:00,412 --> 00:00:02,370 ZAMYLA CHAN: In register, we'll want to display 3 00:00:02,370 --> 00:00:06,650 a form to the user that allows them to register and sign up for the site. 4 00:00:06,650 --> 00:00:10,050 We'll want to check to see whether the passwords that they've submitted 5 00:00:10,050 --> 00:00:14,100 are valid, and if so, we'll add that user to the database 6 00:00:14,100 --> 00:00:19,050 and log them in so that they can start buying and selling their stocks. 7 00:00:19,050 --> 00:00:22,970 Let's start by adding a template for the registration process. 8 00:00:22,970 --> 00:00:26,310 And we can borrow from login.HTML because the forms are 9 00:00:26,310 --> 00:00:29,010 going to look very similar, but when you register 10 00:00:29,010 --> 00:00:32,430 we'll want to add a password confirmation field so that the user has 11 00:00:32,430 --> 00:00:36,120 to enter their password in one more time to ensure that they haven't 12 00:00:36,120 --> 00:00:38,880 made any typos as they're typing it in. 13 00:00:38,880 --> 00:00:42,750 And all of this will be submitted via post request, 14 00:00:42,750 --> 00:00:45,660 so check back into your notes about get versus post 15 00:00:45,660 --> 00:00:48,870 and see that you can understand why. 16 00:00:48,870 --> 00:00:52,440 Now that we've completed the register template as an HTML file, 17 00:00:52,440 --> 00:00:58,490 we can move to the register route in the Python file of application.py. 18 00:00:58,490 --> 00:01:02,900 In our Python code, we'll want to manipulate and at very least access 19 00:01:02,900 --> 00:01:05,390 the information that the user has submitted. 20 00:01:05,390 --> 00:01:08,480 In order to do this, we use the very same name 21 00:01:08,480 --> 00:01:11,330 that we've specified in the HTML template. 22 00:01:11,330 --> 00:01:15,870 In this case if the input name of my box is quite simply "name," 23 00:01:15,870 --> 00:01:22,300 then I reference that in Python with a request.form.get name. 24 00:01:22,300 --> 00:01:25,870 So now that we can retrieve this we want to make sure that all of the fields 25 00:01:25,870 --> 00:01:29,050 are filled in, so if any of the fields are left blank 26 00:01:29,050 --> 00:01:34,150 then you'll want to apologize by returning apology with a relevant error 27 00:01:34,150 --> 00:01:35,500 message. 28 00:01:35,500 --> 00:01:38,830 Then we'll also want to make sure that the password and the confirmation 29 00:01:38,830 --> 00:01:39,340 match. 30 00:01:39,340 --> 00:01:42,550 Otherwise, you should apologize again. 31 00:01:42,550 --> 00:01:46,240 Finally if all of this is valid, then you'll want to protect their password 32 00:01:46,240 --> 00:01:50,890 a little bit, so we won't actually store the password that they typed in 33 00:01:50,890 --> 00:01:55,540 but rather a hash of that password using this encrypt function that I've 34 00:01:55,540 --> 00:01:57,800 shown here. 35 00:01:57,800 --> 00:02:01,700 Once we've done that, let's add the user to our database so that they're stored 36 00:02:01,700 --> 00:02:04,010 and can log in again. 37 00:02:04,010 --> 00:02:09,289 Usernames will be a unique field in the database, as will be their user ID 38 00:02:09,289 --> 00:02:13,220 but what if the username already exists in the database? 39 00:02:13,220 --> 00:02:19,320 then database execute will fail, so you check for that failure as follows. 40 00:02:19,320 --> 00:02:21,980 So what's the query that we actually want to execute? 41 00:02:21,980 --> 00:02:26,330 Well the insert query will allow us to insert into a particular table 42 00:02:26,330 --> 00:02:27,510 particular values. 43 00:02:27,510 --> 00:02:31,550 So here I've used placeholders for the user name and for the hash. 44 00:02:31,550 --> 00:02:35,030 This is important to protect against SQL injection attacks. 45 00:02:35,030 --> 00:02:38,210 Here I have the username and the hash as placeholders 46 00:02:38,210 --> 00:02:40,430 and then I fill it in later on. 47 00:02:40,430 --> 00:02:43,280 After successfully adding a user to the database, 48 00:02:43,280 --> 00:02:47,510 let's log them in automatically by storing their ID number 49 00:02:47,510 --> 00:02:49,810 within the session user ID. 50 00:02:49,810 --> 00:02:54,490 Now that they've registered, they can start looking up stocks. 51 00:02:54,490 --> 00:02:55,704