Reputation: 63349
How server side page decide a request to a page is authorized?
It's normal case, user inputs a username with password, and after that the entire system can be accessed. Suppose I have a page a.php(or ASP), how can I restrict only the user that has been authorized can view a.php, for other user if they type (http://host/a.php) in browser, they will get an error?
And furthermore, is it done thru cookie? If you can explain the details under the hood I would appreciate more :)
Upvotes: 3
Views: 121
Answers (2)
Reputation: 46692
This is somewhat lengthy topic and needs so much explanation to fit in this space. I'd advise you to go through the following beginner level tutorials on how to create a Login system with PHP. You will then understand what happens under the hood:
- PHP Simple Login Script Tutorial – Very details guide to create a PHP and MySQL login system.
- Creating a Secure PHP Login Script – How to create a secure PHP login script that will allow safe authentication.
- Developing a Login System with PHP and MySQL – another greate PHP and MySQL login tutorials.
- Login – Logout with a Session in 1 file – Write a php code for login and logout in one file.
- Creating a file based login system – PHP Login system without mysql database
- Login system – Learn to create a PHP and Mysql Login system by using cookie
- PHP Log In Script – video tutorial – Video Tutorials how to create a PHP and Mysql login system.
Upvotes: 3
Reputation: 11039
It can be done with Cookies but most PHP sites use Sessions.
See for detailed information: http://www.php.net/manual/en/session.examples.basic.php
The steps involved:
1.) Create a sign-in page that checks for valid username and password then save a key value to a session variable that references the user table. signin.php (sudo-code)
session_start();
if(username is correct && password is correct)
{
$_SESSION['userkey'] = GUID from database
}
2.) Create a PHP page that has the session variable and checks if the variable is set.
signincheck.php (sudo-code)
session_start();
$is_signed_in = false;
if (isset($_SESSION['userkey']))
{
if(isvalid userkey)
{
$is_signed_in = true;
}
}
3.) Require that page in each of your pages that needs to be for registered only.
require('signincheck.php');
if($is_signed_in === true)
{
allow access to page
}
else
{
header redirect to some other page
}
Upvotes: 1
Related Questions
- How to know if user authorized by request header
- How to validate if it's an authorised user sending a request?
- How does laravel check if users are authenticated?
- How does magento check if user is logged in order page
- How to verify authenticated user for each valid page request
- How exactly does HTTP Authentication with PHP work?
- htaccess & php check for authorization
- How to do server side authentication in php
- How to ensure the HTTP_REQUEST Is coming from the right place?
- How to authenticate your server to my server when a user loads your page in PHP?