Ok, both are fairly easy to accomplish.
A login is an action that requires data to persist between connections presummably for a given amount of time. While the user remains active, the login remains.
So given the fundamentals of what a login is, you must therefore devise a way for that data to perpetuate. The best way to do this is built into PHP.
In PHP data can come from a variety of sources.
Via user input.
$_GET, $_POST and $_COOKIE
From the server, and enviornment
$_SERVER, $_ENV
as well as be defined explicitly by the programmer
$_SESSION, $GLOBALS
These are called superglobal arrays, and you've no doubt already had some experience with these. The superglobal we're interested in is the $_SESSION superglobal. Data stored in the $_SESSION superglobal is set aside in a file on a server for a given amount of time, e.g. a session.
There are three components required to begin and use a session.
1. The function session_start() must be called at the beginning of a script before output has been made.
2. Values are set and accessed in the $_SESSION superglobal array just like any other variable.
3. A unique id is used to associate a user with their server-stored session.
Still with me? Given rule #1, any script that requires use of session data must make a call to session_start(). It must appear at the beginning of a script and there can be no white space or HTML before the opening <?php delimiter and no output from for isntance 'echo' or 'print' before the call. This is because session_start() automatically outputs a cookie containing a unique string of letters and numbers called the session id (see rule 3). The session id is used to tie one particular user to a session stored on the server.
Now given the fundamentals of what a session does and how it works you can create some test cases and experiement with what is possible.
Code:
<?php
// Begin the session
session_start();
if (!isset($_SESSION['access_count']))
{
$_SESSION['access_count'] = 0;
}
else
{
$_SESSION['access_count']++;
}
echo 'You have seen this page '.$_SESSION['access_count'].' times.';
?>
The preceeding is a fairly simple demonstration. The variable $_SESSION['access_count'] increments each time that the script is accessed, then the count is output.
What if you want to link data to multiple pages?
Code:
<?php
session_start();
$_SESSION['foo'] = 'bar';
echo "<a href='some_other_page.php?sid=".session_id()."'>Go to the next page</a>\n";
?>
<?php
// some_other_page.php
session_start();
echo "The value of <em>foo</em> is <strong>{$_SESSION['foo']}</strong>.";
?>
The preceeding demonstrates how data persists between connections, how session_start() must be called on any page requiring the use of session data and how the session id can be passed to maintain that association.
A login script might look something like the following.
Code:
<?php
// index.php
session_start();
if (!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == false)
{
// Do some authentication
// Check to see if the user has submitted a login form
// Do a database query or whatever here.
// Check to see if whatever condition is true, i.e. the user
// has supplied a valid username and password.
// Whereas this variable will be true, otherwise it is set to false,
// but it is always set to one or the other.
$_SESSION['logged_in'] = ($logged_in_condition)? true : false;
}
if ($_SESSION['logged_in'])
{
// Content for registered users only.
}
else
{
// Content for users not logged in.
}
?>
I am assuming you have an Apache HTTP server.
To protect an entire directory you can do a simple .htaccess file which will invoke an HTTP authetication scheme upon any attempts to access a directory or the children of that directory (Directives set by .htaccess are inherited).
Of course there is more than one approach to authentication.
For more information:
http://www.php.net/session
http://www.google.com/search?q=PHP+session+tutorial
http://www.google.com/search?q=htacc...authentication
HTH!
Regards,
Rich
--
[
http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design
Authentication for Idiots
