User Authenication System (Design) (How did you do yours?)

[Drezard]

I want to make a User Authenication System, (You know, Login/Logout sort of thing). Im not sure how to do it though... Is it better to use cookies or sessions? Can someone give me an idea. I tried making one before but i failed miseriable.

Thanks, Daniel

[manichean]

The best information I can give you without going into a massive explanation is pointing you to PEAR, if you dont know about it you do now.

For an explanation of what PEAR is check this link
Visit : http://pear.php.net/

You will be particualrly interested in the packages list. Go there and check the Authentication package
Visit : http://pear.php.net/packages.php?catpid=1&catname=Authentication

This should help you on your way
;)

[Drezard]

I just need these questions answered then:

[A] When a user logs in do you create a cookie for the username and password? Or just one?

[B] When a user logs in how exaclty does the script go?

- Thanks, Daniel

[swap]

It's p[retty simple,

there are  a few options,

when you login;
1.) the script creates a $_SESSION value that will be checked every page the user requests.
    if the $_SESSION value isn't found, the page will not be opened. (the user will be redirected.)
    A session can either result in a cookie or some header code.

2.) The script inserts a value to the databse, and uses the url, some hidden value or a cookie to let the user pass the value back to the script.
    If the value for that ip matches the value from the database, it passes the validation.
    Some problems occur when more then one user logsin from the same ip.
    Solutions are there, just an example.
*)  lots of other options.

just make sure login pages are going trough ssl and you're safe to go.

GL