The Right Creds - PHP

Want to restrict access to certain sections of your Web site?Or customize page content on the basis of user preferences? Or eventrack user movement across your site? Well, the bad news is that you'llneed to learn how to authenticate users on your site. The good news isthat this tutorial has everything you need to get started.

TABLE OF CONTENTS:

By: The Disenchanted Developer, (c) Melonfire

Poor Best

Rating:

/ 59

March 13, 2002

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

So that takes care of the login. Now, what about session verification and logout?

Every time you attempt to access a page under the protected directory, the server will automatically ask for your credentials again. You probably won't see the dialog box again, though, because the password entered the first time is cached for the duration of your visit, and the browser will automatically take care of resending user credentials every time you access a page within the protected area.

In order to log out, you'll have to close the browser. There currently exists no way to "flush" the password cache in the major browsers (although Lynx allows you to do this via the underscore (_) key command).

You can also protect specific files within a directory, rather than the entire directory, if you like. Simply wrap the authentication commands in the ".htaccess" file in a <Files>...</Files> block, as in the example below:

<Files add.cgi edit.cgi delete.cgi index.cgi>
AuthType Basic
AuthUserFile /usr/local/apache/users
AuthName "Administration Module"
Require valid-user
</Files>

This protects only the four files "index.cgi", "add.cgi", "edit.cgi" and "delete.cgi" in the "admin" directory, leaving all other files unprotected.

Next: Hidden Costs >>