: Password Protection with PHP, MySQL, and Session Variables by: Dan McConkey One of the great promises that actually came true when our Internet-enabled world reached the twenty-first century is efficient customer-to-business
Password Protection with PHP, MySQL, and Session Variables
by: Dan McConkey
One of the great promises that actually came true when our Internet-enabled world reached the twenty-first century is efficient customer-to-business interaction. Each day, I find a new way to go through life's errands without ever waiting on hold for a bank teller, a pharmacist, or an insurance agent. I do it all online.
Internet savvy consumers are coming to expect such web empowerment. And while these information transactions usually require some sort of private data traveling the ether, you, as the webmaster, bear the burden of keeping that data away from those who have no right to it.
Since retina scans and brain wave signatures are still properties of James Bond flicks, we're stuck using plain old boring passwords.
Is this really secure?
Let's get this out of the way first. The only truly secure computer is one that's unplugged. Kind of like "the only safe car is the one that sits in your garage." Life is a risk/reward proposition and, let's face it, this (probably) isn't Fort Knox, we're securing.
The security measures listed here are suitable for garden-variety data. I've used these schemes to write back-end website administration pages for online shopping carts. I've used them to write "partner" pages where retailers can download ads and sales data from wholesalers. I wouldn't use them to secure credit card numbers, social security numbers, or nuclear launch codes.
So what are PHP, MySQL, and session variables?
PHP is a programming language used (in this case) to write HTML. MySQL is a database. Session variable are used by web servers to track information from one page on a domain to another. This article isn't a how-to for either technology. If you aren't very comfortable with them, you could just copy and paste the code samples in this article and build yourself a basic password protected website. You could also just read the Cliff's notes for Pride and Prejudice and get a C+ in literature class. Your choice.
Let's get started with sessions
It's often been said that the web is "stateless", meaning that each web page is entirely independent, needing no other page to exist, and taking no information from the previous page. This is great for anonymous surfing from one site to the next, but it stinks for password protection. Consumers want password protected information, but they don't want to enter their password on every page. So we turn to our web server to keep track of a user while he's on our site.
Ex. 1.
End Ex. 2
As I said, this is just a frame-work. I like to start all my projects this way. It allows me to get a grand view of what I'm doing before getting mired down in the details.
Basically, so far, all we've done is place some secret content inside an if statement. If the user is valid, we show the content, if not, we don't.
Writing a log-in form
The first thing we should flesh out is our log-in function. This is a basic form, with no bells and whistles, so it should be pretty straight forward.
Ex 3
function write_log_in( $text )
{
echo "
$text
User ID:
best stocks under 100 TBR jar read books Money systematic investment planning cheers
0 Reactions React
0 Comments
Sorted by best first Latest Oldest Best
Terms of Use Create Support ticket Your support tickets Powered by ePowerPress Stock Market News! Top Seo SMO © mncguru.com2024 All Rights reserved.