Jump to content

Coupling Authentication with sessions

AriGold

By AriGold
in PHP Coding Help

 Share

Recommended Posts

AriGold Newbie

AriGold

Posted
Posted

Correct me if I am wrong on how I think I should go about doing this, but if I am right, help!!! :) Thanks in advance:

I am building a MySQL database with a PHP based front-end application that will allow for form based queries, addition/deletion of entries, etc.... All of that is fine. However, I need to implement an authentication component, which I am using PEAR:Auth. Furthermore, I need security on each page that you can navigate to, not just the main page, so that people cannot just type in the URL to bypass the login page. I assume sessions will handle this, and I am just looking for some tips or basic tutorials I can go to that will show me to to create a session, associate it with the logged in (or about to log in) user for a certain duration as they navigate about the site. Thanks a lot!

Link to comment
Share on other sites
AriGold Newbie

AriGold

Posted
  • Author
Posted

I did find some Google results, but they were related to establishing sessions for general web browsing; I need something that will establish a session that is user specific, then for the page to load, a session must have been established. Sorry if I'm not explaining clearly what I am looking for.

Link to comment
Share on other sites
AriGold Newbie

AriGold

Posted
  • Author
Posted

well when you verify a user details are correct and got a result then set the session.

 

$_SESSION['id']=$id;

 

How are you verifying a user is authenticated?

 

All that does is establish a session for someone viewing that particular page. I might look to PEAR's Authentication package, but it's just as much work sometimes trying to use other code and understand it than writing your own.

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

Maybe if you explain what your goal is, we can help you better.

 

The $_SESSION variable is carried across every page on your site.

 

well when you verify a user details are correct and got a result then set the session.

 

$_SESSION['id']=$id;

 

How are you verifying a user is authenticated?

 

All that does is establish a session for someone viewing that particular page. I might look to PEAR's Authentication package, but it's just as much work sometimes trying to use other code and understand it than writing your own.

Link to comment
Share on other sites
AntiScourge Newbie

AntiScourge

Posted
Posted

I'm assuming you know how to do these first parts..

 

create your login form, when they click login have it POST to some kind of authentication page.

 

The page will query the server for a username or password match.. then you use the following

 

if (username and password are correct) {
  $_SESSION['UserAuthenticated'] = $username;
} else {
  $_SESSION['UserAuthenticated'] = "";
}

 

Then at the top of every page that requires authentication

if ($_SESSION['UserAuthenticated'] == "") {
  // Redirect user to login page
}

 

Also, besure to have session_start(); at the top of every page.

 

 

*EDIT*  Here's a decent tutorial

http://www.php-mysql-tutorial.com/user-authentication/basic-authentication.php

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.