diff options
Diffstat (limited to 'content/blog/2020-08-29-php-auth-flow.org')
| -rw-r--r-- | content/blog/2020-08-29-php-auth-flow.org | 87 |
1 files changed, 40 insertions, 47 deletions
diff --git a/content/blog/2020-08-29-php-auth-flow.org b/content/blog/2020-08-29-php-auth-flow.org index 8797e51..c2c9786 100644 --- a/content/blog/2020-08-29-php-auth-flow.org +++ b/content/blog/2020-08-29-php-auth-flow.org @@ -5,16 +5,15 @@ * Introduction -When creating websites that will allow users to create accounts, the -developer always needs to consider the proper authentication flow for -their app. For example, some developers will utilize an API for -authentication, some will use OAuth, and some may just use their own -simple database. +When creating websites that will allow users to create accounts, the developer +always needs to consider the proper authentication flow for their app. For +example, some developers will utilize an API for authentication, some will use +OAuth, and some may just use their own simple database. -For those using pre-built libraries, authentication may simply be a -problem of copying and pasting the code from their library's -documentation. For example, here's the code I use to authenticate users -with the Tumblr OAuth API for my Tumblr client, Vox Populi: +For those using pre-built libraries, authentication may simply be a problem of +copying and pasting the code from their library's documentation. For example, +here's the code I use to authenticate users with the Tumblr OAuth API for my +Tumblr client, Vox Populi: #+begin_src php // Start the session @@ -39,24 +38,23 @@ $client = new Tumblr\API\Client( ); #+end_src -However, developers creating authentication flows from scratch will need -to think carefully about when to make sure a web page will check the -user's authenticity. +However, developers creating authentication flows from scratch will need to +think carefully about when to make sure a web page will check the user's +authenticity. -In this article, we're going to look at a simple authentication flow -using a MySQL database and PHP. +In this article, we're going to look at a simple authentication flow using a +MySQL database and PHP. * Creating User Accounts -The beginning to any type of user authentication is to create a user -account. This process can take many formats, but the simplest is to -accept user input from a form (e.g., username and password) and send it -over to your database. For example, here's a snippet that shows how to -get username and password parameters that would come when a user submits -a form to your PHP script. +The beginning to any type of user authentication is to create a user account. +This process can take many formats, but the simplest is to accept user input +from a form (e.g., username and password) and send it over to your database. For +example, here's a snippet that shows how to get username and password parameters +that would come when a user submits a form to your PHP script. -*Note*: Ensure that your password column is large enough to hold the -hashed value (at least 60 characters or longer). +*Note*: Ensure that your password column is large enough to hold the hashed +value (at least 60 characters or longer). #+begin_src php // Get the values from the URL @@ -95,9 +93,9 @@ $conn->close(); ** Validate Returning Users -To be able to verify that a returning user has a valid username and -password in your database is as simple as having users fill out a form -and comparing their inputs to your database. +To be able to verify that a returning user has a valid username and password in +your database is as simple as having users fill out a form and comparing their +inputs to your database. #+begin_src php // Query the database for username and password @@ -114,24 +112,23 @@ if(password_verify($password_input, $hashed_password)) { * Storing Authentication State -Once you've created the user's account, now you're ready to initialize -the user's session. *You will need to do this on every page you load -while the user is logged in.* To do so, simply enter the following code -snippet: +Once you've created the user's account, now you're ready to initialize the +user's session. *You will need to do this on every page you load while the user +is logged in.* To do so, simply enter the following code snippet: #+begin_src php session_start(); #+end_src -Once you've initialized the session, the next step is to store the -session in a cookie so that you can access it later. +Once you've initialized the session, the next step is to store the session in a +cookie so that you can access it later. #+begin_src php setcookie(session_name()); #+end_src -Now that the session name has been stored, you'll be able to check if -there's an active session whenever you load a page. +Now that the session name has been stored, you'll be able to check if there's an +active session whenever you load a page. #+begin_src php if(isset(session_name())) { @@ -141,9 +138,9 @@ if(isset(session_name())) { ** Removing User Authentication -The next logical step is to give your users the option to log out once -they are done using your application. This can be tricky in PHP since a -few of the standard ways do not always work. +The next logical step is to give your users the option to log out once they are +done using your application. This can be tricky in PHP since a few of the +standard ways do not always work. #+begin_src php // Initialize the session. @@ -181,14 +178,10 @@ die(); * Wrapping Up -Now you should be ready to begin your authentication programming with -PHP. You can create user accounts, create sessions for users across -different pages of your site, and then destroy the user data when -they're ready to leave. - -For more information on this subject, I recommend reading the -[[https://www.php.net/][PHP Documentation]]. Specifically, you may want -to look at [[https://www.php.net/manual/en/features.http-auth.php][HTTP -Authentication with PHP]], -[[https://www.php.net/manual/en/book.session.php][session handling]], -and [[https://www.php.net/manual/en/function.hash.php][hash]]. +Now you should be ready to begin your authentication programming with PHP. You +can create user accounts, create sessions for users across different pages of +your site, and then destroy the user data when they're ready to leave. + +For more information on this subject, I recommend reading the [[https://www.php.net/][PHP Documentation]]. +Specifically, you may want to look at [[https://www.php.net/manual/en/features.http-auth.php][HTTP Authentication with PHP]], [[https://www.php.net/manual/en/book.session.php][session +handling]], and [[https://www.php.net/manual/en/function.hash.php][hash]]. |