Writing a Basic Authentication System in PHP - Persisting the Authentication

(Page 5 of 6 )

Once access to a resource has been granted to a user, it's typical for the access privileges to persist for a period of time. PHP sessions offer a nice way to carry information such as authentication throughout a series of pages. This way, a user won't have to provide a user ID and password each time a resource is accessed.

The validate.php script would initiate a session, set an access token and then redirect the user to the secured document.

<?php if (mysql_fetch_row($result)) {   /* access granted */   session_start();   header("Cache-control: private");   $_SESSION["access"] = "granted";   header("Location: ./secure.php"); } else   /* access denied &#8211; redirect back to login */   header("Location: ./login.html"); ?>

After which each secured resource would continue the session and check for the access token.

<?php session_start(); header("Cache-control: private"); if ($_SESSION["access"] == "granted")   header("Location: ./secure.php"); else   header("Location: ./login.html"); ?>

I recommend Hermawan Haryanto's tutorial Using Sessions in PHP for more information on working with PHP sessions.

Next: Conclusion >>
 

More Miscellaneous Articles
More By bluephoenix

Comments On: Writing a Basic Authentication System in PHP

· 1. $user = $_POST["userid"];NEVER trust a user input, and do...    · Excellent tutorial Timothy!I was planning on writing an authentication system...    · Excellent tutorial Timothy!I was planning on writing an authentication system...    · I agree with your point, [below], but could you provide an example, I am not a...    · Certainly never trust user input... and remember SQL queries are vulnerable to...    · You're welcome :)-Tim    · My comments has no direct relation with this usefull tutorial's contents. It is a...    · If magic_quote_gpc is off this code is vulnurable to sql injections.See...    · ...>You'll notice I didn't get into those topics as it's a tutorial just...    · quote:Re: Some Sad mistakes posted by bluephoenixDecember 28, 2004, 4:46...    ·     · Zulan, I understand the necessity for security as well as your concerns. Perhaps...    · Just to clarify to anyone using this tutorial, it's brilliant, but beware!If you...    · Great tutorial,but as a beginner I'm confused. How exactly would we insert sha1...    · Great tutorial,but as a beginner I'm confused. How exactly would we insert sha1...    · Great tutorial,but as a beginner I'm confused. How exactly would we insert sha1...    · Thanks a bunch. The mistakes made are irrelevant; don't have to shove the whole...   >>> Post your comment now!