365
?– ?– ?–
C H A P T E R 1 4
Authenticating Your Users
Authenticating user identities is common practice in today??™s Web applications. This
is done not only for security-related reasons, but also to offer site customization
features based on user preferences and type. Typically, users are prompted for a username
and password, the combination of which forms a unique identifying value for
that user. In this chapter, you??™ll learn how to prompt for and validate this information,
using PHP??™s built-in authentication capabilities. Specifically, in this chapter
you??™ll learn about:
??? Basic HTTP-based authentication concepts
??? PHP??™s authentication variables, namely $_SERVER['PHP_AUTH_USER'] and
$_SERVER['PHP_AUTH_PW']
??? Several PHP functions that are commonly used to implement authentication
procedures
??? Three commonplace authentication methodologies: hard-coding the login pair
(username and password) directly into the script, file-based authentication,
and database-based authentication
??? Further restricting authentication credentials with a user??™s IP address
??? Taking advantage of the Auth_HTTP package
??? Testing password guessability using the CrackLib extension
??? Recovering lost passwords using one-time URLs
366 CHAPTER 14 ?– AUTHENTICATING YOUR USERS
HTTP Authentication Concepts
The HTTP protocol offers a fairly effective means for user authentication.
Pages:
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442