Authenticating user identities is a common practice in today’s Web applications. This is done not only for security-related reasons but also to offer site customization features based on user preferences and type. Typically, users are prompted for a username and password, the combination of which forms a unique identifying value for that user. In this chapter, you’ll learn how to prompt for and validate this information using PHP’s built-in authentication capabilities. Specifically, in this chapter you’ll learn about the following:
  • Basic HTTP-based authentication concepts

  • PHP’s authentication variables, namely, $_SERVER[ ‘PHP_AUTH_USER’ ] and $_SERVER[‘PHP_AUTH_PW’]

  • Several PHP functions that are commonly used to implement authentication procedures

  • Three commonplace authentication methodologies, namely, hard-coding the login pair (username and password) directly into the script, file-based authentication, and databasebased authentication

  • Further restricting authentication credentials with a user’s Internet Protocol (IP) address

  • Testing password “guessability” using the CrackLib extension

  • Recovering lost passwords using one-time URLs




Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© W. Jason Gilmore, Bob Bryla 2007

Personalised recommendations