« The just_sql() Function & The $reply Hash | Main | Doing Database "Create Review Update Delete" With Functions In add_update.php »
March 30, 2009
Authentication (Login / Logout) & Sessions
Authentication runs of off one table called user and is based upon email address and a password stored as a hash. Once authenticated the user_id from the table is passed around using PHP's $_SESSION variable and relies on cookies.
Sessions are trixy in PHP and you may benefit from referring to the manual - http://uk.php.net/session. You have no real control over the session timeout length for example and currently the user can get unceremoniously dumped out to the login page when the session expires.
The login_doozer.php script handles registration of new users too. This invloves the user being provided with a registration key from the system administrator. If you wish to change your password or have forgotten it, this same mechanism will do the job. Your old row will be expired and a new one created. The system would benefit from an email verification function.
Once you have logged in your user_id from the user table will be used as insert_by and update_by values when doing DB inserts and updates from the system and is encoded in the $user_id variable.
See the login_doozer.php and logout.php scripts in one of the example applications for more details.
For an authenticated script your should include the following lines:
<?
include("paths.inc.php");
session_start();
if(!$_SESSION['user_id']){ header('Location: login.php'); }
$user_id = $_SESSION['user_id'];
................................
?>
Tags: Lightweight PHP Web Application Framework
Posted by pj at March 30, 2009 03:18 PM