Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

321

322

323

324

325

326

327

328

329

330

E-commerce and Security

ART III

304

This chapter will discuss how to implement various PHP and MySQL techniques for authenti-

cating a user.

Topics include

• Identifying visitors

• Implementing access control

• Basic authentication

• Using basic authentication in PHP

• Using Apache’s .htaccess basic authentication

• Using basic authentication with IIS

• Using mod_auth_mysql authentication

• Creating your own custom authentication

Identifying Visitors

The Web is a fairly anonymous medium, but it is often useful to know who is visiting your site.

Fortunately for visitors’ privacy, you can find out very little about them without their assis-

tance.

With a little work, servers can find out quite a lot about computers and networks that connect

to them. A Web browser will usually identify itself, telling the server what browser, browser

version, and operating system you are running. You can determine what resolution and color

depth visitors’ screens are set to and how large their Web browser windows are.

Each computer connected to the Internet has a unique IP address. From a visitor’s IP address,

you might be able to deduce a little about her. You can find out who owns an IP and sometimes

have a reasonable guess as to a visitor’s geographic location. Some addresses will be more use-

ful than others. Generally people with permanent Internet connections will have a permanent

address. Customers dialing into an ISP will usually only get the temporary use of one of the

ISP’s addresses. The next time you see that address, it might be being used by a different com-

puter, and the next time you see that visitor, she will likely be using a different IP address.

Fortunately for Web users, none of the information that their browsers give out identifies them.

If you want to know a visitor’s name or other details, you will have to ask her.

Many Web sites provide compelling reasons to get users to provide their details. The New York

Times newspaper (http://www.nytimes.com) provides its content for free, but only to people

willing to provide details such as name, sex, and total household income. Nerd news and dis-

cussion site Slashdot (

http://www.slashdot.org) allows registered users to participate in dis-

cussions under a nickname and customize the interface they see. Most e-commerce sites record

18 7842 CH14 3/6/01 3:35 PM Page 304