Php technology Php course modules Php training Php careers Php developemnt
Best php developers, php development services hyderabad
We discussed there that HTTP Basic Authentication has a number of drawbacks, and that you can avoid those with PHP-based authentication.The PHPLib features sophisticated classes for handling user authentication and permission management. The PHPLib authenticates sessions; thus it depends on the Session class.
On those pages in which you need authentication, the following page_open() call should be made to instantiate a session and authentication object:
page_open(array(“sess” => “Session_Example”, “auth” => “Auth_Example”));
Being based on sessions introduces a number of advantages for the authentication:
The username and the authentication element are sent only once, at the login. Once authenticated, the server stores the authentication data inside the session, and doesn’t transmit username or authentication element again.This is different than in HTTP Basic Authentication, where the username and password are transmitted in the HTTP headers of each request. But it also means that, if you lose the session, you lose the authentication.
•The authentication procedure on the server can be complex. It can use any database or any other mechanism you can think of.The authentication is handled by an undefined function of the Auth class (auth_validatelogin()) and you have to implement it. 214 Chapter 6 Database Access with PHP
•It’s not limited to a whole directory, but can be different for individual files of the application, and can even implement authentication levels inside a script. It’s possible to hide parts of the script from users who are not allowed to access them.
•Users who aren’t known to the system can register themselves before logging in. A registration form is offered and the PHPLib will automatically create a standard entry in the user database.
•Authentication via PHPLib works even with the CGI version of PHP.
•You can log users out cleanly.This means that you can give your users the chance to terminate the current sessions (a logout button).
•Users can be logged out automatically after a certain idle time. Doing so provides additional security for your application, because you can prevent session hijacking after a longer idle time.
