Chapter 5: User Authentication

Overview

User authentication methods are used to verify that a user has permission to access certain content on a Web site. When initially developing a Web site, you may want to restrict access to only certain members of your development team. Or, if your corporate Web site contains sensitive financial data, you may want to restrict your financial statements to a particular list of investors.

Web developers usually employ one of the following types of user authentication for reasons ranging from ease of installation and ease of maintenance to how the authentication scheme works within their overall application development:

• Basic HTTP authentication. This method of authentication is built right into your Web server, and it limits access to documents and entire directories. The popularity of this scheme stems from the fact that any site developer, whether he controls his own server or houses his site with an Internet service provider, has the ability to use basic HTTP authentication within his document directories.

• Database-driven authentication. Using this method, usernames and passwords are kept in a database table and accessed via a script. The script determines whether or not you're allowed to see a certain item.

• Limit by IP address. With this method, be it server-based or script-based, access is limited to a specific IP or IP range.

In this chapter, you'll learn how to use various forms of user authentication in your PHP-enabled Web sites.