How is server-side authorization allowed?

Question

How is server-side authorization allowed?

In the usual case, the user enters a username with a password, after which you can access the entire system. Suppose I have a.php (or ASP) page, how can I limit myself to an authorized user only, can view a.php, for another user, if they type ( http: //host/a.php ) in a browser, they will get an error message?

And besides, is this done through a cookie? If you can explain the details under the hood, I would be grateful more :)

+3

html php

Bin cin Sep 16 '10 at 3:16

source share

2 answers

, . , PHP. , :

PHP Script - PHP MySQL.
PHP - PHP Script, .
PHP MySQL - PHP MySQL.
- 1 - php- .
- PHP mysql.
- , PHP Mysql cookie
PHP Script - - , PHP Mysql.

+3

shamittomar 16 . '10 4:16

Todd Moses · Accepted Answer · 2010-09-16T04:07:00+0000

This can be done using cookies, but most PHP sites use sessions.

. : http://www.php.net/manual/en/session.examples.basic.php

:

1.) , , , . signin.php(sudo-code)

session_start();

if(username is correct && password is correct)
{
  $_SESSION['userkey'] = GUID from database
}

2.) PHP , .

signincheck.php(sudo-code)

session_start();
$is_signed_in = false;

if (isset($_SESSION['userkey'])) 
{
    if(isvalid userkey)
    {
    $is_signed_in = true;
    }
}

3.) , .

require('signincheck.php');

if($is_signed_in === true)
{
  allow access to page
}
else
{
  header redirect to some other page
}

How is server-side authorization allowed?

More articles: