Home arrow PHP arrow Project Management: Authentication

Project Management: Authentication

I recently completed an article series in which we built a project management application. Every application that wants to control access to its resources has an access control mechanism that will verify if a user is allowed to use the particular application. A project management application is a good candidate for such a control. In this four-part series, we will build an authentication system for the application.

TABLE OF CONTENTS:
  1. Project Management: Authentication
  2. Create the Table
  3. The Login Code
  4. Login Code continued
By: David Web
Rating: starstarstarstarstar / 3
July 28, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

There may be any number of reasons an application needs to control access. For example, the application may need to grant certain privileges to some and different ones to others. It can also be that the application simply wants to keep track of the user.

In our application, we want to keep track of the user in addition to making sure that a user is actually allowed to use the application. And we also grant different levels of security or access for different users, to sections of the application. The application has an administration section that will make use of this access control, as you will see later on.


How it works:


As the diagram shows, the user is presented with an HTML login form that has the username and password fields. Once the user enters the required username and password, PHP tries to match the password and username that the user entered to the username and password in the database.

If it finds a match, the user is granted access to the Project Management application; if it does not find a match, the user is redirected to the HTML login form with a error message saying that the username or password did not match. Before we go on to look at the code that enables this to happen, let's look at the users table. It holds the user login credentials.

The Database Table

Let's look at the requirements for a table that will hold the user log-in information. Any user that wants to use our application needs to have a username and password. These are the key log-in details that are required. I've decided that the username must have the following format:


name.surname


This is because I want to make it that little bit harder for a hacker to get access to the application. We need the name and surname of the user. This is because the application assumes that it will be used in an intranet environment, where different members of the company will access it, to check on the progress of projects in which they are interested. The application will be able to address the user by his or her name, when it needs to, instead of a username that is not really appropriate.

A user will also need application level access that will enable them to create projects and users. To create a project is natural in an application that is designed for it, but to create users will require a higher level of access, simply because creating a user involves the two key aspects of user authentication: the username and more importantly the password. And if we just allow any user to create new users, then the system will not be secure. So it is essential that only certain people have the right to do so.

This is why I created two levels of access, "admin" and "normal." The "admin" access level has no restrictions, while, as you'd expect, the "normal" access level does. If a user forgets his or her password, we need some way of getting the password to him or her. In that case, we need to have an email address for the user. So based on the above considerations, our "users" table should have the following fields:


username - The username with format name.surname

password - a seven character password is automatically generated

name - name of user

surname - surname of user

level - access level is either admin or normal

email - user email address, in case the pass word is forgotten

last_login - date of last log-in



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: