Specifications
<form method = post action = “secret.php”>
<table border = 1>
<tr>
<th> Username </th>
<td> <input type = text name = name> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type = password name = password> </td>
</tr>
<tr>
<td colspan =2 align = center>
<input type = submit value = “Log In”>
</td>
</tr>
</table>
</form>
<?
}
else if($name==”user”&&$password==”pass”)
{
// visitor’s name and password combination are correct
echo “<h1>Here it is!</h1>”;
echo “I bet you are glad you can see this secret page.”;
}
else
{
// visitor’s name and password combination are not correct
echo “<h1>Go Away!</h1>”;
echo “You are not authorized to view this resource.”;
}
?>
The code from Listing 14.1 will give you a simple authentication mechanism to allow autho-
rized users to see a page, but it has some significant problems.
This script
• Has one username and password hard-coded into the script
• Stores the password as plain text
• Only protects one page
• Transmits the password as plain text
These issues can all be addressed with varying degrees of effort and success.
Implementing Authentication with PHP and MySQL
C
HAPTER 14
14
IMPLEMENTING
AUTHENTICATION
307
LISTING 14.1 Continued
18 7842 CH14 3/6/01 3:35 PM Page 307