Hi,
I have found what looks like a good, secure PHP login script, however i am having trouble figuring out how to implement it. (It is located here http://www.adesdesign.net/php/tutorials/php/php_login1.php)
I am new to PHP so don't know much yet. I can't figure out how you actually authenticate a user and return a message to them if it fails and where to stick all the functions and classes mentioned throughout.
I know it may be very obvious to some but i just don't get it!
Thanks.
Not the easiest script/way to do it, but quite complete. You say you're new to php, what about OOP ? IMO, this one seems easier : tutoriel.
Principle always stays the same : you have in your database a table with your user.
The visitor come and try to log.
If his login/password are good, you redirect him to his profil/any page you want and you store in $_SESSION['verifiedUser'] = true ,
if his login/pass are wrong, he's redirected to the login page, with an error message.
And in every page restricted to logged user, you add
if (!isset[$_SESSION['verifiedUser']) )
header('Location:loggingForm.php');
Clement answer is perfect.
May be the pear Auth class can be usefull
Just a note because you siad your are new to php: the authetication process is not the only important thing. You should also think about the ACL (access control list), a mechanism which allows an authenticated user to do some things but not others on one or more pages
--
Dam