Authenticating user identities is a common practice in today’s Web applications. This is done not only for security-related reasons but also to offer site customization features based on user preferences and type. Typically, users are prompted for a username and password, the combination of which forms a unique identifying value for that user. In this chapter, you’ll learn how to prompt for and validate this information using PHP’s built-in authentication capabilities. Specifically, in this chapter you’ll learn about the following:
  • Basic HTTP-based authentication concepts

  • PHP’s authentication variables, namely, $_SERVER[ ‘PHP_AUTH_USER’ ] and $_SERVER[‘PHP_AUTH_PW’]

  • Several PHP functions that are commonly used to implement authentication procedures

  • Three commonplace authentication methodologies, namely, hard-coding the login pair (username and password) directly into the script, file-based authentication, and databasebased authentication

  • Further restricting authentication credentials with a user’s Internet Protocol (IP) address

  • Testing password “guessability” using the CrackLib extension

  • Recovering lost passwords using one-time URLs


Internet Protocol Internet Protocol Address Secure Socket Layer Oracle Database Authentication Credential 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© W. Jason Gilmore, Bob Bryla 2007

Personalised recommendations