Page 330 - Beginning PHP 5.3
P. 330

Part III: Using PHP in Practice


              Try It Out     Create a User Login System
                  One common use of sessions is to allow registered users of your site to log in to the site in order to
                access their account and carry out actions. For example, customers of your online store could log in
                so that they could check their order history; similarly, users of a Web - based email system need to log
                in to the system to check their email. In addition, once the users have finished using the system, they
                need to log out.
                  Sessions are a relatively secure way to build login systems because the only piece of information
                stored in the browser is the hard - to - guess session ID. Although the login username and password
                need to be sent from the browser when the user logs in, this only occurs during the login process. For
                every other request, only the session ID is sent by the browser.
                  The following script allows the user to log in with a predefined username ( “ john ” ) and password
                ( “ secret ” ). It then displays a welcome message, along with the option to logout. Save it as   login.php ,
                then run the script in your Web browser. At the login page (Figure  10 - 4 ), log in with the username and
                password to view the welcome message (Figure  10 - 5 ), then log out to return to the login form.


                      < ?php
                    session_start();
                    define( “USERNAME”, “john” );
                    define( “PASSWORD”, “secret” );
                    if ( isset( $_POST[“login”] ) ) {
                      login();
                    } elseif ( isset( $_GET[“action”] ) and $_GET[“action”] == “logout” ) {
                      logout();
                    } elseif ( isset( $_SESSION[“username”] ) ) {
                      displayPage();
                    } else {
                      displayLoginForm();
                    }

                    function login() {
                      if ( isset( $_POST[“username”] ) and isset( $_POST[“password”] ) ) {
                        if ( $_POST[“username”] == USERNAME and $_POST[“password”] == PASSWORD ) {
                          $_SESSION[“username”] = USERNAME;
                          session_write_close();
                          header( “Location: login.php” );
                        } else {
                        displayLoginForm( “Sorry, that username/password could not be found.
                    Please
                    try again.” );
                        }
                      }
                    }
                    function logout() {
                      unset( $_SESSION[“username”] );
                      session_write_close();
                      header( “Location: login.php” );
                    }


              292





                                                                                                      9/21/09   9:05:16 AM
          c10.indd   292                                                                              9/21/09   9:05:16 AM
          c10.indd   292
   325   326   327   328   329   330   331   332   333   334   335