Lesson 28

Creating User Logins

In this lesson you learn how to restrict parts of your website to certain people. You learn what access control systems are and to use them to control who sees what on your site. You learn when and how to protect passwords and how to use cookies and sessions to remember who is logged in. Finally, you learn how to use that information to restrict and grant access to different parts of your site.

Understanding Access Control

Access Control Lists, also known as ACLs, are the lists that are used to control who can see, add, change, or delete different elements of a system; in other words, controlling access. ACLs can be as simple as making sure someone is logged in. They can be as complex as listing what different people or groups have the ability to create, read, update, or delete specific files, tables, fields, or windows.

You can create a simple system in which you have only one type of user and all you need to know is whether she is signed on with just a table of users with usernames and passwords. When the user logs in, you check the username and password against a table to verify that the user exists and that the username and password are correct. A more complex system would have different levels of users. Some users can see but not touch. Others could see, touch, and add. Some could delete but not change.

A true ACL comes in when each of the items or groups of items (often called assets) can be addressed individually. So, for example, a user with ...

Get PHP and MySQL® 24-Hour Trainer now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.