tailieunhanh - PHP and MySQL Web Development - P69

PHP and MySQL Web Development - P69: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | 312 Chapter 14 Implementing Authentication with PHP and MySQL Listing .htaccess This .htaccess File Authenticates Users Against a MySQL Database ErrorDocument 401 chapter14 AuthName Realm Name AuthType Basic Auth_MySQL_DB auth Auth_MySQL_Encryption_Types MySQL Auth_MySQL_Password_Table auth Auth_MySQL_Username_Field name Auth_MySQL_Password_Field pass require valid-user You can see that much of Listing is the same as Listing are still specifying an error document to display in the case of error 401 when authentication fails .We again specify basic authentication and give a realm name. As in Listing we will allow any valid authenticated user access. Because we are using mod_auth_mysql and did not want to use all the default settings we have some directives to specify how this should work. Auth_MySQL_DB Auth_MySQL_Password_Table Auth_MySQL_Username_Field and Auth_MySQL_Password_Field specify the name of the database the table the username field and the password field respectively. We are including the directive Auth_MySQL_Encryption_Types to specify that we want to use MySQL password encryption. Acceptable values are Plaintext Crypt_DES or MySQL. Crypt_DES is the default and uses standard UNIX DES encrypted passwords. From the user perspective this mod_auth_mysql example will work in exactly the same way as the mod_auth example. She will be presented with a dialog box by her Web browser. If she successfully authenticates she will be shown the content. If she fails she will be given our error page. For many Web sites mod_auth_mysql is ideal. It is fast relatively easy to implement and allows you to use any convenient mechanism to add database entries for new users. For more flexibility and the ability to apply fine-grained control to parts of pages you might want to implement your own authentication using PHP and MySQL. Creating Your Own Custom Authentication We have looked at creating our own authentication methods including some