[Previous] [Contents] [Next]


Forcing users to a login page


Many traditional database applications require users to log in before they can perform any operations. For example, an online banking application may allow access only after a user has entered credentials from a login page. In session-based applications, forcing users to always authenticate themselves via a login script allows session variables to be registered so that the rest of the application pages operate correctly. A single point of entry can also record when users access an application or force users to view advertising.

Using HTTP authentication, if a user makes a request for a script other than the login page of the application, and the request doesn't contain the Authorization header field, the response should redirect the user to the login page. This fragment of code sets the Location header field, which instructs the browser to relocate to the login page if either the $PHP_AUTH_USER or $PHP_AUTH_PW variables aren't set:

<?php
// If this is an unauthorized request, just
// re-locate to the login page of the application
if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW))
  header("Location: login.php")
  exit(  );

  // ... perform authentication and authorization ...
?>

... rest of script ...

[Previous] [Contents] [Next]


A+ Certification ASP C C# Flash HTML and CSS Java MS Access MS Excel MS Excel 2007 MS FrontPage MS PowerPoint MS Word MySQL Networking Perl and CGI Photoshop PHP PHP and MySQL Visual Basic XML XML