User Authentication With Apache And PHP - A Stitch In Time
(Page 10 of 11 )
Assuming an authentication or session test fails, you've seen that the script "error.php" is invoked, and passed a cryptic error code via the $e variable. This "error.php" script is a generic error-handling script that produces an appropriate error message depending on the code passed to it. Take a look:
<?
// error.php - destroys session and returns to login form
?>
<html>
<head>
<basefont face="Verdana">
</head>
<body>
<?
// check the error code and generate an appropriate error message switch
($e) {
case -1:
$message = "No such user.";
break;
case 0:
$message = "Invalid username and/or password.";
break;
case 2:
$message = "Unauthorized access.";
break;
default:
$message = "An unspecified error occurred.";
break;
}
?>
<center>
<? echo $message; ?>
<br>
Please <a href="index.php">log in</a> again.
</center>
</body>
</html>
Very simple - check the error code, print an appropriate
message to let the user know what happened.
Obviously, this script does not have any session checks at the top. Adding a session check to an error handler which includes code to trap the error of a user failing a session check would be reminiscent of that chicken-and-egg situation we all know and love.
Next: Closing Time >>
More PHP Articles
More By The Disenchanted Developer, (c) Melonfire