1 00:00:00,000 --> 00:00:00,120 2 00:00:00,120 --> 00:00:01,828 SPEAKER 1: Users will be able to interact 3 00:00:01,828 --> 00:00:04,019 with your website in a variety of different ways. 4 00:00:04,019 --> 00:00:06,330 They'll be able to look up prices for stocks. 5 00:00:06,330 --> 00:00:09,450 If they have enough cash for it, then they can buy shares of stocks 6 00:00:09,450 --> 00:00:10,990 that they want. 7 00:00:10,990 --> 00:00:13,710 If they're logged in, then they can see their transaction history 8 00:00:13,710 --> 00:00:16,110 and information about their cash and holdings. 9 00:00:16,110 --> 00:00:19,020 They'll be able to sell the stocks that they have. 10 00:00:19,020 --> 00:00:22,830 And they'll be able to execute any additional feature 11 00:00:22,830 --> 00:00:25,380 that you've chosen to implement. 12 00:00:25,380 --> 00:00:28,260 Now of course, the first thing that we'll have to do 13 00:00:28,260 --> 00:00:32,100 is allow new users to register for our website. 14 00:00:32,100 --> 00:00:35,040 Let's break register down into four tasks. 15 00:00:35,040 --> 00:00:38,940 One, we'll want to display a form so that the user can enter in their user 16 00:00:38,940 --> 00:00:40,890 name and the password that they want. 17 00:00:40,890 --> 00:00:43,990 We'll want to make sure that they know that new password. 18 00:00:43,990 --> 00:00:48,160 So we'll want to ask them to confirm it and make sure that they match. 19 00:00:48,160 --> 00:00:51,270 If that user name doesn't already exist for our website, 20 00:00:51,270 --> 00:00:56,010 then we'll add that user to the database and automatically log them in. 21 00:00:56,010 --> 00:00:58,680 So how might we display a form? 22 00:00:58,680 --> 00:01:02,850 Well, I want you to go back to the login.html template 23 00:01:02,850 --> 00:01:06,720 and borrow from that, because login asks a user 24 00:01:06,720 --> 00:01:09,100 to provide a user name and their password. 25 00:01:09,100 --> 00:01:13,110 So all we need to do is add a password confirmation field. 26 00:01:13,110 --> 00:01:16,410 And this is done via a post request. 27 00:01:16,410 --> 00:01:18,480 Go back to your notes and see if you know why 28 00:01:18,480 --> 00:01:22,107 we've chosen post as opposed to get. 29 00:01:22,107 --> 00:01:23,940 Now that we've finished the template, we can 30 00:01:23,940 --> 00:01:28,140 move on to the route in application.py and access the information 31 00:01:28,140 --> 00:01:29,760 that the user submitted. 32 00:01:29,760 --> 00:01:33,270 Remember, you can do this via request.form.get 33 00:01:33,270 --> 00:01:39,160 and then asking for the name of that relevant input box. 34 00:01:39,160 --> 00:01:43,920 So in order to validate the passwords that the user has provided, 35 00:01:43,920 --> 00:01:46,930 you want to first make sure that the fields aren't left blank. 36 00:01:46,930 --> 00:01:49,230 Otherwise, you'll apologize. 37 00:01:49,230 --> 00:01:52,770 Then you'll want to make sure that the given password and the confirmation 38 00:01:52,770 --> 00:01:57,330 password do match, otherwise apologizing once again. 39 00:01:57,330 --> 00:02:00,660 Now for security's sake, we won't want to actually store 40 00:02:00,660 --> 00:02:03,000 the user's password in our database. 41 00:02:03,000 --> 00:02:07,870 Rather, we'll want to store the hash, generating the hash with this function. 42 00:02:07,870 --> 00:02:10,500 Now let's add our new user to the database 43 00:02:10,500 --> 00:02:12,990 by running this following query. 44 00:02:12,990 --> 00:02:15,390 I'm going to insert into the user's table, 45 00:02:15,390 --> 00:02:19,810 into the user name and hash columns, the following values. 46 00:02:19,810 --> 00:02:23,400 Notice here, I don't actually pass in those variables right away, 47 00:02:23,400 --> 00:02:25,260 but rather use placeholders. 48 00:02:25,260 --> 00:02:28,290 This is to protect against SQL injection attacks. 49 00:02:28,290 --> 00:02:32,760 The user name value is the value that I get from retrieving 50 00:02:32,760 --> 00:02:34,290 the information from my form. 51 00:02:34,290 --> 00:02:38,310 And then the hash is the result of hashing that password. 52 00:02:38,310 --> 00:02:41,910 Once our users have registered successfully, let's do them a favor 53 00:02:41,910 --> 00:02:44,820 and log them in automatically into our website, 54 00:02:44,820 --> 00:02:49,920 by storing their ID in session.get user_ID. 55 00:02:49,920 --> 00:02:53,480 Once they're logged in, they can start using our website. 56 00:02:53,480 --> 00:02:54,845