Logging In - PHP

The alternative approach involves bypassing Apache's HTTP authentication altogether, relying instead on custom programming to perform access control and session management. This allows you to customize both the user interface presented for login, and also the data source used for credential verification.

You can write code for this in any language; I'll be using PHP, since it comes with built-in session management support, which will make things easier.

Let's assume the following directory structure:

/usr/local/apache/htdocs/
index.php
login.php
error.php
inner.sanctum.php

Let's also assume that the file I need to protect is "inner.sanctum.php"

First up, I need to define my custom login form. Here's what I came up with:

<?
// index.php - login form
?>
<html>
<head>
<basefont face="Verdana">
</head>
<body>
<center>
<table border="0" cellspacing="5" cellpadding="5">
<form action="login.php" method="POST">
<tr>
<td>Username</td>
<td><input type="text" size="10" name="f_user"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" size="10" name="f_pass"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit"
name="submit" value="Log In"></td> </tr> </form> </table> </center>
</body>
</html>

Here's what it looks like:



Once the user submits this form, the username and password entered will be stored in the form variables $f_user and $f_pass respectively. These variables can be accessed by the PHP-based form processor, coming up on the next page.

>>> More PHP Articles          >>> More By The Disenchanted Developer, (c) Melonfire

blog comments powered by Disqus