To eliminate the possibility of compromise
through such a method, you need to implement a secure communications channel,
typically accomplished using Secure Sockets Layer (SSL). SSL support is available for
all mainstream Web servers, including Apache and Microsoft Internet Information
Server (IIS).
PHP Authentication
Integrating user authentication directly into your Web application logic is convenient
and flexible; convenient because it consolidates what would otherwise require some
level of interprocess communication, and flexible because integrated authentication
provides a much simpler means for integrating with other components of an application,
such as content customization and user privilege designation. The remainder of this
chapter examines PHP??™s built-in authentication feature and demonstrates several
authentication methodologies that you can immediately begin incorporating into your
applications.
Authentication Variables
PHP uses two predefined variables to authenticate a user: $_SERVER['PHP_AUTH_USER']
and $_SERVER['PHP_AUTH_PW']. These variables store the username and password
values, respectively. While authenticating is as simple as comparing the expected
username and password to these variables, there are two important caveats to keep
in mind when using these predefined variables:
??? Both variables must be verified at the start of every restricted page.
Pages:
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444