Specifications
their customers’ details when they make their first order. This means that a customer is not
required to type her details every time.
Having asked for and received information from your visitor, you need a way to associate the
information with the same user the next time she visits. If you are willing to make the assump-
tion that only one person visits your site from a particular account on a particular machine and
that each visitor only uses one machine, you could store a cookie on the user’s machine to
identify the user. This is certainly not true for all users—frequently, many people share a com-
puter, and many people use more than one computer. At least some of the time, you will need
to ask a visitor who she is again. In addition to asking who a user is, you will also need to ask
a user to provide some level of proof that she is who she claims to be.
As discussed in Chapter 13, “E-commerce Security Issues,” asking a user to prove her identity
is called authentication. The usual method of authentication used on Web sites is asking visi-
tors to provide a unique login name and a password. Authentication is usually used to allow or
disallow access to particular pages or resources, but can be optional, or used for other purposes
such as personalization.
Implementing Access Control
Simple access control is not difficult to implement. The code shown in Listing 14.1 delivers
one of three possible outputs. If the file is loaded without parameters, it will display an HTML
form requesting a username and password. This type of form is shown in Figure 14.1.
Implementing Authentication with PHP and MySQL
C
HAPTER 14
14
IMPLEMENTING
AUTHENTICATION
305
FIGURE 14.1
Our HTML form requests that visitors enter a username and password for access.
If the parameters are present but not correct, it will display an error message. Our error mes-
sage is shown in Figure 14.2.
18 7842 CH14 3/6/01 3:35 PM Page 305