With your new database-driven login facility, you have lots of new possibilities, First and foremost, you can create groups in the database, and grant users access to certain parts of your application based on their group membership. For example, instead of letting just anyone into show_users.php you can grant access only to users that are members of an administrator’s…

Read More →

Databases are better for storing passwords because, among other reasons, they’re typically more difficult to access than your scripts, which are to some degree web accessible. Your database, on the other hand, is generally at least a layer further removed from the typical web user. Additionally, your database and SOL require structural knowledge to be useful. Scripts are just…

Read More →

Once again, you find yourself with some code in show_user.php. that probably doesn’t belong in show_user.php. Why is that? Because the same authorization and authentication you have in show_user.php. belongs in every other script that should require logging in, such as delete_user.php.  You don’t want to write that code over and over; it becomes just like other repeated code you…

Read More →

Authentication, like everything else, can be done Simply or with tremendous complexity. Also, like nearly everything else, it’s best to start with the basics and add complexity as needed. For a simple application, you don’t need thumbprint readers and lasers scanning a user’s face. (Granted, it might be fun, but it’s not necessary. James Bond almost certainly isn’t going…

Read More →

Something important arises at just about this point in your application design and creation. You have four, five, maybe more core pieces of functionality in place to add users, upload photos, and so on. You have a few tables set up in which to store data. You have most of your application’s central components built. and even though it’s…

Read More →