Professional Documents
Culture Documents
Implementing Authentication With PHP and MySQL
Implementing Authentication With PHP and MySQL
Implementing Authentication With PHP and MySQL
Authentication with
PHP and MySQL
Khalilullah Akbari
Khalil.akbari18@gmail.com
+93 729908855
Identifying visitors
The best way is to use combination of IP address and COOKIES. Saving just IP address
in not enough because it can change often when user is using proxy.
You can save both values to database table visitor if there are none visitor with these
values and so you can say that it is unique new visitor. If there is visitor with one of
these values then it is returning visitor and so you should update your visits table.
Identifying visitors
function getUserIP() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Identifying visitors
function getUserCookie() {
if(isset($_COOKIE['visited'])) {
// cookie is already set
} else {
list($usec, $sec) = explode(" ", microtime()); // Micro time!
$expire = time()+60*60*24*30; // expiration after 30 day
setcookie("visited", "".md5("".$sec.".".$usec."")."", $expire, "/", "", "0");
}
return $_COOKIE['visited'];
}
Implementing Access Control
User access control shows relevant information to user. Only admin or super user has all the
rights to see, insert, update and delete information from system.
Give access to different feature depend on user type.
Start a session:
<?php
// Start the session
session_start();
$_SESSION["favcolor"] = "green";
?>
Basic authentication in PHP
HTTP Basic Access Authentication. This involves adding a header that contains your username and
password. The proper format for the header is:
PHP automatically decodes and splits the username and password into special named constants: