Case study: user authentication
Derek Bridge
Department of Computer Science,
University College Cork
Case study: user authentication
Aims:
- to learn how to use a database, PHP sessions and redirection to implement
a simple user authentication system
Options
How to restrict access to certain content
- HTTP authentication
- As for the CK401 web site:
- Configure the server to send a 401 response to the client
- The client prompts the user for a password, and sends it back to the server
- PHP authentication by IP address
- Your script can check whether the client's IP address is allowed to access the content
- PHP authentication using a database of user names and passwords
MySQL database for feedback system
CREATE TABLE users (
user_name VARCHAR(50) NOT NULL,
password VARCHAR(32) NOT NULL,
PRIMARY KEY (user_name)
);
- Before storing in the database, passwords will be encrypted using a non-reversible,
one-way encryption algorithm called MD5
- PHP provides a built-in function,
md5
, to do this