Password Protection with PHP, MySQL, and Session Variables - FAQ, advises, how-to, reviews, selections, online sales

Popular articles

Password Protection with PHP, MySQL, and Session Variables One of the great promises that actually came true when our Internet-enabled world reached the twenty-first century is efficient customer-to-business interaction. Each day, I find a new way to go through life's errands without ever waiting on hold for a bank teller, a pharmacist, or an insurance agent. I do it all online.

Internet savvy consumers are coming to expect such web empowerment. And while these information transactions usually require some sort of private data traveling the ether, you, as the webmaster, bear the burden of keeping that data away from those who have no right to it.

Since retina scans and brain wave signatures are still properties of James Bond flicks, we're stuck using plain old boring passwords.

Is this really secure?

Let's get this out of the way first. The only truly secure computer is one that's unplugged. Kind of like "the only safe car is the one that sits in your garage." Life is a risk/reward proposition and, let's face it, this (probably) isn't Fort Knox, we're securing.

The security measures listed here are suitable for garden-variety data. I've used these schemes to write back-end website administration pages for online shopping carts. I've used them to write "partner" pages where retailers can download ads and sales data from wholesalers. I wouldn't use them to secure credit card numbers, social security numbers, or nuclear launch codes.

So what are PHP, MySQL, and session variables?

PHP is a programming language used (in this case) to write HTML. MySQL is a database. Session variable are used by web servers to track information from one page on a domain to another. This article isn't a how-to for either technology. If you aren't very comfortable with them, you could just copy and paste the code samples in this article and build yourself a basic password protected website. You could also just read the Cliff's notes for Pride and Prejudice and get a C+ in literature class. Your choice.

Let's get started with sessions

It's often been said that the web is "stateless", meaning that each web page is entirely independent, needing no other page to exist, and taking no information from the previous page. This is great for anonymous surfing from one site to the next, but it stinks for password protection. Consumers want password protected information, but they don't want to enter their password on every page. So we turn to our web server to keep track of a user while he's on our site.

Ex. 1.

session_start();

?>

http:// www.w3.org/ TR/ xhtml1/ DTD/ xhtml1-strict.dtd'>

http://www.w3.org/1999/xhtml"" xml:lang="en" lang="en">

Dan McConkey's Free Web Marketing Guide