A session establishes an anonymous relationship with a particular user. Requiring a user to log in to your web site lets them tell you who they are. The login process typically requires a user to provide you with two pieces of information: one that identifies them (a username or an email address) and one that proves that they are who they say they are (a secret password).
Once a user is logged in, they can access private data, submit message board posts with their name attached, or do anything else that the general public isn't allowed to do.
Adding user login on top of sessions has five parts:
Displaying a form asking for username and password
Checking the form submission
Adding the username to the session (if the submitted password is correct)
Looking for the username in the session to do user-specific tasks
Removing the username from the session when the user logs out
The first three steps are handled in the context of regular form processing. The
validate_form( ) function gets the responsibility of
checking to make sure that the supplied username and password are acceptable. The
process_form( ) function adds the username to the
session. Example 8-14 displays a login form
and adds the username to the session if the login is successful.
Example 8-14. Displaying a login form
<?php require 'formhelpers.php'; // This is identical to the input_text( ) function in formhelpers.php but // prints a password box (in which asterisks obscure what's entered) // instead ...