This article is Part 2 of User Personalization with PHP: Beginning the Application.
In this article, we will be looking at user authentication. User authentication simply means verifying that a particular user has the right to access a part of our application. Because our application deals with user preferences, access control is even more pertinent especially since multiple users are going to try to access this application at any given time. To ensure that each user is treated as individual with their preferences loaded when they access the application, we are going to require some login information from the user. This information includes a username and password, which will be unique to each user. To track user activity we will make use of PHP's session management functionality. The authentication section of the application consists of about six scripts:
login.php- This script is responsible for verifying a users login credentials. It presents the user with an HTML form that requires, among other things, a username and password, which must be entered in the form for validation. The script also starts or opens a session for the user upon successful login.
logout.php- Simply logs a user out of the application and terminates any sessions that were created for the user.
register.php- Adds new users to our site.
activate.php- This script activates a new user's account.
numgen.php- Generates a verification code for the login form.
forgot_pass.php- Resets a forgotten password.
Access control in most cases, exists to make your application or resource more secure and to keep unwanted guests (such as hackers) out. As part of overall access control, we are going to add code to our login script, which will require the user to enter a code in addition to their username and password. This code will be contained in a script called numgen.php, which will be included on the login page. We've already mentioned previously that this is a pretty effective way of stopping automated logon by means of robots. The rest of the article will look at how to implement this functionality in this application
The Verification Code
To use the first method, you
will need to check if the GD library is enabled in your version of PHP. I'm
using PHP 5 and it is automatically enabled. To test if the library is enabled,
run the following code:
The script basically checks if a function called
imagecreate() is loaded. This function is part of the GD
library and should be loaded and accessible if the library is loaded. Depending
on your version of PHP, and whether the GD library
is enabled, you should get a result similar to the one
If you don't get a similar result then simply open up your PHP configuration file and go to the section that list all your extensions; it should look something like this:
and uncomment the following line:
Depending on what version of PHP you have, the extensions list might look different; either way, look for the GD library. Also, make sure that the DLL file is actually in your extensions folder. Once you've enable the GD library and all is well, the first thing we need to do is to create the verification image. Below is the code that does this: