- How to add a log out link on the admin menu.
- The log out page gets rid of the session data.
- Every admin page checks the log in flag in the session. You can put the code in a separate file, and use the
requirestatement to insert it.
- Admin pages can check permission data in the session.
- Use permission data from the session to change the admin interface. Don’t show users actions they’re not allowed to do.
- There two parts to restricting access to Web applications: authentication and permissions.
- Authentication is about knowing who the user is.
- Permissions is about knowing what the user is allowed to do.
- Create a database table with information about users, including their user names, passwords, and permissions.
- There are two pages for adding a record: one page with a form the user fills in, and another page that adds the user’s data to the database.
- The SQL
INSERTstatement does the work.
stripslashes()to remove backslashes that PHP adds to form data.
$db->escape_string()to foil SQL injection attacks.
You will learn that:
- The log in form gets a user name and password from the user.
- It sends the data to a page that checks whether the user name and password is in the database table
- If the user name and password are found, permission information is stored in the session.
- Create a
userstable in the database. It will have user names, passwords, and permission flags.
- Good passwords have lowercase letters, uppercase letters, digits, and special characters. They don’t correspond to a dictionary word.
- How to append form data to a file.
- How to read back data from the file.
- Know how to do some basic security stuff.
Learn how to restrict what different people can do on a site.