How to Write Basic User Password Authorisation in PHP: Part 1

If like me, you build a lot of online tools you will quickly realise how important it is to be able to authenticate your users to there specific accounts in PHP pages, and have most likely spent a long time researching to find the quickest and easiest method for that internal project which you needed finished last week.

In this series I am going to write such a piece of software for you to use freely, and describe why we are making the decisions as to how each of the elements works and why they work. As usualy I will do this through keeping things as simple as possible for you.

In this article:

  • Introduction
  • Basic Elements of authorisation

Article 2

  • Database Design

Article 3

  • Design of register, login and logout pages

Article 4

  • Conclusion and download of complete source including SQL Database statements

Basic Elements of Authorisation

Before we get our hands dirty, lets take a minute to realise the process of what happens when someone logs into your website:

  1. They arrive and load a web page
  2. They enter a username and password
  3. This usename and password is transmitted to the web server upon submission
  4. The webserver takes this username and password and decides if it is valid
  5. if it is valid, we transmit a cookie in the users web browser and display a successful page.

Once logged on, with each page request this is what happens:

  1. The user requests a page, and transmits the cookie to the server
  2. if the cookie is valid, and security is granted then the server displays the page

To log out:

  1. The user clicks on a exit/logout link
  2. The computer verifies the cookie, and destroys it
  3. As there is no longer a valid cookie, the user is redirected to the normal front end and the login for redisplayed.

Over the next 3 articles, we are going to be focusing on building this system, and we will be providing you with the source code for free, without any limitations! However as always, be aware that this software is provided "as is" and is not guaranteed to be fit for any purpose, and you should always look at further improving security beyond the basic scope of this series of articles