Case study: user authentication

Derek Bridge

Department of Computer Science,
University College Cork

Case study: user authentication

Aims:

• to learn how to use a database, PHP sessions and redirection to implement a simple user authentication system

Options

How to restrict access to certain content

HTTP authentication

As for the CK401 web site:

• Configure the server to send a 401 response to the client
• The client prompts the user for a password, and sends it back to the server

PHP authentication by IP address

Your script can check whether the client's IP address is allowed to access the content

PHP authentication using a database of user names and passwords

MySQL database for feedback system

CREATE TABLE users (
   user_name VARCHAR(50) NOT NULL,
   password VARCHAR(32) NOT NULL,
   PRIMARY KEY (user_name)
);

• Before storing in the database, passwords will be encrypted using a non-reversible, one-way encryption algorithm called MD5
• PHP provides a built-in function, md5, to do this