Any application that is security critical will have some kind of method to track and maintain user activity. In this article we will begin to build a user management system that will give us control over who has access to which part of our application. This is the second part of a nine-part series.
Our user management system will include the following modules:
These are the basis of all sites and applications that requires secure user management.
Our user information will be stored in a database called "user." This database contains a table called "users" which will actually hold the information. So how will this system work? Basically, the user will log into the system through the login page. This script will then check to see if the user exists in the database and authenticate accordingly. If the user exists, she will be sent to the home page. If not, the user will be informed of the outcome through an error message.
The second part of this system deals with user registration. Basically the registration process will take place if the user clicks on the register link. This link will only be available on certain pages of the system, such as the login page. The user will be required to fill in all the fields on the registration page, and if anything should go wrong, an error message will be displayed.
The third part of the system deals with the maintenance of the user's password. It has two scripts. One deals with forgotten passwords and the other enables a user to change her password.
So all in all, the system is made up of the following scripts:
login.php - This script is responsible for authenticating a user by checking to see if the user exists in the database, and that the user's account is active.
logout.php - This script ends a user session and returns the user to the login page.
register.php - This script registers new users to the system. It is through this registration process that the user will be granted login details that will enable them log into the user management system.
activate.php - This script activates a newly registered user account.
forgotten_password.php - The name of the script already tells you its purpose. It is responsible for generating a new password for a user, and then sending it to the user.
changepass.php - This script enables a logged-in user to change her password.
Other application wide scripts include:
user.css - This style sheet contains all of the styles that are used to give the user management system a uniform look and feel.
main.dwt.php - This is the template that underpins all of the pages and scripts of the site.
global.php - Contains the database connection information.
func.inc - Contains helper functions for the system scripts.