How to authenticate users
Visitors have to register before to post comments on the page. Registering may be used also if you want allowing contributors to add pages on the site.
How the system works
The user type a login and a password in a form and a PHP program is called
by the form either to add these data if he is a new user, or to lookup the
database to verify the login and the password.
These data are added into an XML file.
The XML file
These tags and properties may be defined:
<users> <user login="" password="" email="" /> etc... </users>
If the user want to register:
- a lookup is performed on the database, the login should be unique.
- a message displays the result.
The PHP script loads the XML file, insert the profil of the user before the closing marker of the root tag and stores it.
If the name exists, a message is displayed. In all cases, we return to the main page.
This is a simple process that we can perform without using special XML functions.
View the register.php script in the archive at bottom.
To log in
When the user want to log in:
- the name and the password are compared to the content of the database (this is simplified in the demo).
- if all is ok we continue, otherwise a message ask to register or to try again.
The code loads the XML file and puts the content into arrays, and then it compares the data.
View the scripts:
- logcheck.php Parses the database, checks if the login exists, in this case, call logok.php otherwise calls login.php.
- login.php The login entered by the user doesn't exists. Enter a login again (for the demo, the password is not required).
- logok.php The name is recognized, a message is displayed and the script reloads the main page.
The real system
The real tool can't be so simple. If the list of logins and password is stored
directly into an XML file, the file can be read by anyone and anyone can pick
a login and a password to log in with them.
We have to encrypt the data, either only the string that hold these data, or the whole XML file. And the program must be able to decode these encrypted data to look up in the list.
It seems to be simpler to encrypt only the strings and we will use this method in the first version of our real authentification tool.
Download the archive of the demos