Logo         Community
  Trog
Services
The Company
Community
Columns
Your Account
Contact Us
 
 
User Authentication With Apache And PHP
Want to protect parts of your site from unauthorized visitors? It's easier than it sounds.

| Of Myth And Men |

Before we get into the nitty-gritty of code and syntax, there's one very important thing that you should be aware of. It's a common myth among newbie developers that access control is merely a matter of verifying a user's password once, and allowing or denying access to a single page based on the results of that verification. While this description is certainly true, it's also incomplete, as it fails to address the matter of re-verifying user credentials on all subsequent, linked pages after the initial user login.

In real-world development projects, access control typically involves writing code to handle the following events:

1. Initial user verification and session creation (login): The first time a user logs in to a Web site, a Web application must be capable of requesting the user's credentials (usually a unique username/password combination), and allowing or denying access based on these credentials. This step also involves the creation of a persistent user "session", which stores user variables across multiple HTTP transactions.

2. Session maintenance and re-verification of user credentials: Once a user has logged in successfully, the application must be able to re-verify the user's credentials, on a per-page or per-script basis, and allow or deny access to specific pages or scripts based on this user data (the session created at the first step comes in very handy here). At the very least, the application must check to ensure the existence of a valid user session; more complex applications may additionally perform second-tier checks to ensure that the user has appropriate permissions or security privileges to execute the script or view the page.

3. Session destruction (logout): The application must provide the user with the ability to log out and thereby destroy all user-specific session variables created during the first step. Though this is the last step in the process, its importance cannot be underrated; omitting it can have serious repercussions on the security of your Web application.

In order for a Web application to be considered even marginally secure, it must address all three of the requirements above.


How to do Everything with PHP & MySQL
How to do Everything with PHP & MySQL, the best-selling book by Melonfire, explains how to take full advantage of PHP's built-in support for MySQL and link the results of database queries to Web pages. You'll get full details on PHP programming and MySQL database development, and then you'll learn to use these two cutting-edge technologies together. Easy-to-follow sample applications include a PHP online shopping cart, a MySQL order tracking system, and a PHP/MySQL news publishing system.

Read more, or grab your copy now!


previous page more like this  print this article  next page
 
Search...
 
In trog...
Logging With PHP
Building A Quick-And-Dirty PHP/MySQL Publishing System
Output Buffering With PHP
Date/Time Processing With PHP
Creating Web Calendars With The PEAR Calendar Class
more...
 
In the hitg report...
Crime Scenes
Animal Attraction
Lord Of The Strings
more...
 
In boombox...
Patience - George Michael
Think Tank - Blur
My Private Nation - Train
more...
 
In colophon...
Hostage - Robert Crais
The Dead Heart - Douglas Kennedy
Right As Rain - George Pelecanos
more...
 
In cut!...
American Chai
The Core
Possession
more...
 
Find out how you can use this article on your own Web site!


Copyright © 1998-2018 Melonfire. All rights reserved
Terms and Conditions | Feedback