HomePHP Page 10 - User Authentication With Apache And PHP
A Stitch In Time - PHP
Want to restrict access to certain sections of your Web site?Or customize page content on the basis of user preferences? Or eventrack user movement across your site? Well, the bad news is that you'llneed to learn how to authenticate users on your site. The good news isthat this tutorial has everything you need to get started.
Assuming an authentication or session test fails, you've seen that the script "error.php" is invoked, and passed a cryptic error code via the $e variable. This "error.php" script is a generic error-handling script that produces an appropriate error message depending on the code passed to it. Take a look:
<?
// error.php - destroys session and returns to login form
?>
<html>
<head>
<basefont face="Verdana">
</head>
<body>
<?
// check the error code and generate an appropriate error message switch
($e) {
case -1:
$message = "No such user.";
break;
case 0:
$message = "Invalid username and/or password.";
break;
case 2:
$message = "Unauthorized access.";
break;
default:
$message = "An unspecified error occurred.";
break;
}
?>
<center>
<? echo $message; ?>
<br>
Please <a href="index.php">log in</a> again.
</center>
</body>
</html>
Very simple - check the error code, print an appropriate
message to let the user know what happened.
Obviously, this script does not have any session checks at the top. Adding a session check to an error handler which includes code to trap the error of a user failing a session check would be reminiscent of that chicken-and-egg situation we all know and love.
/ 59 
Using Zope With Apache
