CT 310 Lecture 15 Authentication Example

The example here illustrates a series of important steps.

To begin learning from this example, review the structure of the include files: support, control then header. This is a relatively common sequence of steps and you may want to emulate this style when building your own password protected websites.

Just for example, note that attempting to load any page other than the login page without first succesfully authenticating yourself results in an immediate re-direct to the login page. This protection is accomplished using the PHP header command in order that the contents of the tiny site is protected until a user successfully logs into the site.

Next, this example uses the more recent PHP password hashing and verification protocols released in PHP 5.5. Also, notice there is an external support library included here for backward compatibility with older versions of PHP. See the phpPasswordHashingLib documentation for additional information.

In this example we also see the use of session variables to maintain state. Specifically, to keep track of whether a user is or is not authenticated. You should play with the connection between session variables and cookies placed in the clients browser when studying this example.

Finally, user and password data is stored in a persistent form; a comma separated variable (CSV) file. PHP has good support for CSV files and you should always ask yourself when faced with the need for persistent data whether a full database solition is necessary. In particular, this simple technique of storing data in spreadsheet files should be considered when:

  1. A user may wish to edit persistent data in a spreadsheet program.
  2. The amount of persistant data is small and fits easily in a single table.

Note also the heavy use of the PHP header commandin order that the contents of the tiny site is protected until a user successfully logs into the site.

The above examples have the drawback that you cannot see the actual PHP code, so they can be downloaded as a zip file.