A Stitch In Time - PHP

Want to restrict access to certain sections of your Web site?Or customize page content on the basis of user preferences? Or eventrack user movement across your site? Well, the bad news is that you'llneed to learn how to authenticate users on your site. The good news isthat this tutorial has everything you need to get started.

TABLE OF CONTENTS:

By: The Disenchanted Developer, (c) Melonfire

Poor Best

Rating:

/ 59

March 13, 2002

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Assuming an authentication or session test fails, you've seen that the script "error.php" is invoked, and passed a cryptic error code via the $e variable. This "error.php" script is a generic error-handling script that produces an appropriate error message depending on the code passed to it. Take a look:

<?
// error.php - destroys session and returns to login form
?>
<html>
<head>
<basefont face="Verdana">
</head>
<body>
<?
// check the error code and generate an appropriate error message switch
($e) {
case -1:
$message = "No such user.";
break;
case 0:
$message = "Invalid username and/or password.";
break;
case 2:
$message = "Unauthorized access.";
break;
default:
$message = "An unspecified error occurred.";
break;
}
?>
<center>
<? echo $message; ?>
<br>
Please <a href="index.php">log in</a> again.
</center>
</body>
</html>

Very simple - check the error code, print an appropriate message to let the user know what happened.

Obviously, this script does not have any session checks at the top. Adding a session check to an error handler which includes code to trap the error of a user failing a session check would be reminiscent of that chicken-and-egg situation we all know and love.

Next: Closing Time >>