Beauford.2002 wrote:
I am looking for a simple authentication script that uses MySQL. I have downloaded about 10 of them (most with no instructions on it's use), but even at that they are not what I need.
The PEAR project has 7 different authentication packages, including Auth which I understand lets you design your own. PEAR code tends to be widely used and well-tested. Also there is a mailing list similar to this one dedicated to discussion of and support for PEAR projects.
http://pear.php.net/packages.php?catpid=1&catname=Authentication
When you go to the main page of my site it will ask you to login or signup. So I want to be able to authenticate the user if he logs in (not to much of a problem here, but I want to protect all pages (I don't want to use cookies as not everyone has these enabled). What other options do I have? If anyone knows a small script that can be modified, or point me in the right direction of how to do this, it would be appreciated.
If you really want to reinvent the wheel, write an include file that is included onto every page of your site except your login page and the ones that you don't need to protect. This include file should check for a flag that indicates whether or not the user is logged in. If the user is not logged in, send a redirect header to the login page followed immediately by an exit() call. This way none of your scripts will be accessible without the user being logged in. To handle the login, the simple way to do it is to accept a username and password input from the user on the login screen and ship these to the database or wherever your user list is kept and test to see if they are valid. If they are valid, set the flag in the user's session indicating that they are logged in (which is checked by the include file). For maximum security, use SSL and beware the possibility of session hijacking. If you don't want to use cookies, you can either embed the SID in all hyperlinks of your site or just recompile PHP with the --enable-trans-sid flag (unless you're on PHP 4.2 or greater).
Erik
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
