Search

Basic User Authentication with PHP & MySQL

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

2 comments

Comments 1 - 2 of 2 previous next Post a comment

  • + chadhutchins Chad Hutchins 3 weeks ago
    Thanks. Be sure to check slide #27... there’s much more to consider in an authentication system for a production system.
  • + AryanAjmer Aryan college 3 weeks ago
    Its Very Nice and easy to learn ...
Post a comment
Embed Video
Edit your comment Cancel

Notes on slide 1

Favorites, Groups & Events

Basic User Authentication with PHP & MySQL - Presentation Transcript

  1. Internet Programming The Basics of User Authentication Wednesday, November 4, 2009
  2. Warning... The following slides outline the basics of how a user authentication system in PHP & MySQL works. The example code snippets are not recommended solutions for a production-level web application. Wednesday, November 4, 2009
  3. Why User Authentication? Protect certain areas of a web application Ensure certain user data, via registration Track and Maintain user data throughout application Wednesday, November 4, 2009
  4. Flow of User Authentication Visitor visits the application Visitor visits user-protected area. Visitor asked to log in. If credentials are incorrect, If correct,Visitor becomes a User Visitor asked to try again and may access protected areas Wednesday, November 4, 2009
  5. How does this work? Magic ... and a little code ... PHP Sessions ... and a Users table Wednesday, November 4, 2009
  6. PHP Sessions Sessions support in PHP consists of a way to preserve certain data across subsequent accesses. meaning... As a visitor to a web application travels through our site, Sessions allow us to maintain data that pertains to a particular visitor. Wednesday, November 4, 2009
  7. For example... Sue visits index.php Joe visits index.php Even though they are viewing the same page, different information is being viewed depending on who is viewing the page. The visitor-specific information is stored with PHP Sessions. Wednesday, November 4, 2009
  8. Three things to know about Sessions On every page we want to protect, session_start() needs to be the first line in our code. Session data is stored in the $_SESSION array. Sessions can be deleted with the session_destroy() function. Wednesday, November 4, 2009
  9. Steps to User Authentication Create a ‘users’ table and insert user records in our database. Create and code login.php to serve as our login form. Create and code authentication.php to handle user authentication logic. Create and code index.php to test. Wednesday, November 4, 2009
  10. Create ‘users’ table In your database, create a table named ‘users’ with four fields according to the following schema: users id int auto_increment username varchar, 255 length password varchar, 255 length name varchar, 255 length This table will store username a passwords that will be used to authenticate a user. Wednesday, November 4, 2009
  11. Insert a few User Records To test our authentication system, we will need to create a few user records. After inserting test records, my users table looks like this: Wednesday, November 4, 2009
  12. Create Login Form In a file named login.php, we need to write the code to display a form with a username and password field. Wednesday, November 4, 2009
  13. Create Authentication System Start PHP Sessions and connect to Database Get data from the submitted login form Select the user from the ‘users’ table Set the user’s session data and redirect Wednesday, November 4, 2009
  14. Create Authentication Logic: Start PHP Sessions In authenticate.php, we need to tell PHP to start saving session information. To abstract the database logic from this presentation, assume database.php contains logic to connect to and select the database. Wednesday, November 4, 2009
  15. Create Authentication Logic: Get data from the submitted login form With our input elements in login.php, we are able to retrieve the user’s submitted username and password. Wednesday, November 4, 2009
  16. Create Authentication Logic: Select the user from the ‘users’ table Generate the SQL query using the variables from login.php submitted by the user, then run the query. Wednesday, November 4, 2009
  17. Create Authentication Logic: Set the user’s session data and redirect If our query returns one row, then we have found a record where the username and passwords match. Set the session data and redirect the user to index.php Wednesday, November 4, 2009
  18. Create Authentication Logic: Set the user’s session data and redirect If our query does not return one row, then the username and password does not match a valid user Redirect the user back to the login page to try again. Wednesday, November 4, 2009
  19. authenticate.php Wednesday, November 4, 2009
  20. Create Authentication Logic: Create and code index.php to test. To test our authenticate.php code, create index.php. Since we will be using Session data in index.php, first we need to start the Session. Wednesday, November 4, 2009
  21. Create Authentication Logic: Create and code index.php to test. In authenticate.php, we set the $_SESSION[‘logged_in’] variable to true if the user logged in successfully If it equals true, we want to let the user know: Wednesday, November 4, 2009
  22. Create Authentication Logic: Create and code index.php to test. If the variable isn’t set to true, let the user know: Wednesday, November 4, 2009
  23. index.php Wednesday, November 4, 2009
  24. Example at a glance Visitor visits the application Visitor visits user-protected area. Visitor asked to log in. If credentials are incorrect, If correct,Visitor becomes a User Visitor asked to try again and may access protected areas Wednesday, November 4, 2009
  25. Logging out To clear a user’s sessions (log them out), simply link to logout.php logout.php This code will clear all session data and redirect the user to index.php Wednesday, November 4, 2009
  26. Applying User Authentication Elsewhere Create a login page. Submit the login form to authenticate.php script. Add the session_start() function and wrap the “if ($_SESSION[‘logged_in’])” code around anything that needs to be protected in any other scripts. Wednesday, November 4, 2009
  27. More to Consider Check for malicious data input. Never trust user data. Password encryption Client and Server-side data validation Wednesday, November 4, 2009
  28. Resources PHP Sessions http://www.php.net/manual/en/book.session.php Wednesday, November 4, 2009
  29. For questions, comments or feedback, feel free to contact me. Chad Hutchins hutchins.chad@gmail.com twitter.com/chadhutchins Wednesday, November 4, 2009

+ Chad HutchinsChad Hutchins, 3 weeks ago

custom

190 views, 0 favs, 0 embeds more stats

This presentation shows the basics of user authenti more

More info about this document

© All Rights Reserved

Go to text version

  • Total Views 190
    • 190 on SlideShare
    • 0 from embeds
  • Comments 2
  • Favorites 0
  • Downloads 9
Most viewed embeds

more

All embeds

less

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

Cancel
File a copyright complaint
Having problems? Go to our helpdesk?

Categories

Tags

-->
Search
RSS Feed
What's new?

© 2009 SlideShare Inc. All Rights Reserved