htaccess vs php login
Posted: Tue Jan 24, 2006 12:55 pm
Hi,
I'm trying to get my head around php security (surprise surprise), and I have a few questions that im sure are obvious ones:
1)What is the difference between using htaccess or a php system for a login system for a website? ie what scenarios are they used in?
2)The system I will be creating has two groups of users (A and B) that will be able to upload profiles about themselves. An A user can then find a B user, using some criteria, and vice versa. These users can then utilise a private forum where only the two of them can post messages. If a user is not registered they cannot upload anything.
My first impression after reading a bit about both htaccess and php logins is that the php system would be better suited this, as it will heavily rely on data about each user and that each user is a registered user. Is this correct?
3)Finally can I just give a rough description of how the php system works just to check if I understand it correctly?
Step 1: Register as a user with username and pw
Step 2: Login with username and pw
Step 3: Session information based on this authenticated user is entered into a session db table
Step 4: Whenever a user tries to view a restricted page, either through direct URL entry, bookmarked page or a link, the session data for the user is checked against the session db table to see if the user is valid?
Now I realise that this is cutting out a lot of information but at a basic level is this how it works? If so where does the user's session data come from to check against the session info in the session db table?
sorry its so long and any help is appreciated thanks
rj
I'm trying to get my head around php security (surprise surprise), and I have a few questions that im sure are obvious ones:
1)What is the difference between using htaccess or a php system for a login system for a website? ie what scenarios are they used in?
2)The system I will be creating has two groups of users (A and B) that will be able to upload profiles about themselves. An A user can then find a B user, using some criteria, and vice versa. These users can then utilise a private forum where only the two of them can post messages. If a user is not registered they cannot upload anything.
My first impression after reading a bit about both htaccess and php logins is that the php system would be better suited this, as it will heavily rely on data about each user and that each user is a registered user. Is this correct?
3)Finally can I just give a rough description of how the php system works just to check if I understand it correctly?
Step 1: Register as a user with username and pw
Step 2: Login with username and pw
Step 3: Session information based on this authenticated user is entered into a session db table
Step 4: Whenever a user tries to view a restricted page, either through direct URL entry, bookmarked page or a link, the session data for the user is checked against the session db table to see if the user is valid?
Now I realise that this is cutting out a lot of information but at a basic level is this how it works? If so where does the user's session data come from to check against the session info in the session db table?
sorry its so long and any help is appreciated thanks
rj