User Authentication for a PEAR CMS - Code Explained

The code starts by defining some variables and then checking to see if the form has been submitted:

<?php

ob_start();

session_start();

$err=false;

$error="";

//check if form is submitted

if(isset($_POST['key'])){

This line is responsible for checking if the form has been submitted:

if(isset($_POST['key'])){

 If the "$_POST['key']" global variable has been posted, it means that the form has been submitted. The "$_POST['key']" variable comes from a hidden form field, which we will discuss when looking at the HTML form that collects user input.

If the form has indeed been submitted, the next step is to make sure that the submitted information is security checked. This step is very important, since most attacks against login scripts are carried out here. So we cannot afford to be lax about security at this juncture.

Because there is information that we require, it is logical to make sure that the user has submitted that information. We go about checking for this information by using the empty() and is_numeric functions of PHP. First we check to see if the fields are empty. If they are empty, we set a Boolean variable to true:

//make sure fields are not empty

if(empty($_POST['uname'])){

$err=true;

$error="Please enter a username.<br>";

}

if(empty($_POST['upass'])){

$err=true;

$error .="Please enter a password.<br>";

}

Next: String or Numeric >>
 

More PEAR Articles Articles
More By David Web