-1

Possible Duplicate:
How do I authenticate a user in PHP / MySQL?

How to do user authentication in PHP i know session + cookies sounds good but i mean whats the logic's behind it. I match username and password with database and then assign session ID and i put this ID back in database? Or i don't store it in DB but then how i make sure its id of user A not user B etc?

Community
  • 1
  • 1
John
  • 11
  • 1
  • 1

2 Answers2

0

Why not try a framework? One I would recommend (there are many others) is CodeIgniter It is very straight forward to setup login ability plus you don't need to mess with all the 'boilerplate' code (which you are referring to) and actually get on with your application development.

Jakub
  • 20,418
  • 8
  • 65
  • 92
0

Here are the steps

  1. Have a user table with a username and password

  2. Give a form for the user to type in his username and password

  3. Get the username and pull up the appropriate record from the DB and compare the passwords (see note)

  4. If the username and password match, set a flag in the session and put the logged in user into the session ($_SESSION['user'] = $user_obj)

  5. Make sure you have a common script in all your pages that check whether $_SESSION['user'] is set and populated. If it's not set, simply point him to the login page.

Note : Make sure you do not store clear passwords. You should store the hash of a password. You can hash it with a salt and use a strong hashing mechanism

Some links to look at

How can I encrypt password data in a database using PHP?

How do you use bcrypt for hashing passwords in PHP?

Also here's a video tutorial on Nettuts about the subject matter : http://net.tutsplus.com/articles/news/how-to-build-a-login-system-for-a-simple-website/

Community
  • 1
  • 1
JohnP
  • 49,507
  • 13
  • 108
  • 140