O'Reilly logo

PHP Hacks by Jack D. Herrington

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hack #57. Create a Login System

Sturdy login systems are required for any complex multi-user web application.

With any multi-user web application, you are going to need a user authentication system. You can use Apache's authentication mechanism, which pops up a dialog with a username and password when pages are accessed, but that means integrating your application and database with that authentication mechanism. And, unfortunately, it means that you don't have control over the login dialog; you can't include an "I've forgotten my password" option or a contact link.

Figure 6-14 shows the page flow of the login system. The user starts at index.php, the login page. From there, login.php verifies the login credentials the user provides.

The page flow of the login system

Figure 6-14. The page flow of the login system

If login.php approves the credentials, the user receives a session and is sent to welcome.php. At welcome.php, the user can click on the logout link, which takes him back to the logout.php script, removes his session, and then finally sends him to the original index.php page. If the user types the welcome.php URL directly into his browser's location field without logging in, the welcome.php page will detect that and will send the sneaky user back to the index.php login page.

The Code

Save the code in Example 6-14 as users.sql.

Example 6-14. The database definition for the users

DROP TABLE IF EXISTS users; CREATE TABLE ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required