Example 10-4 shows the
order.1 script that is used for logging into the
winestore application. The script is based on Example 9-8 and Example 9-9
from Chapter 9. If the user isn’t
logged in—which should always be the case unless the script is
unexpectedly called—and no credentials have been provided from
a previous login attempt, the script displays a login
<form> to the user. When the user
successfully logs in, the script redirects to the calling page
that’s stored in the session variable
isn’t set, it redirects to the home page.
When the user provides credentials—a username and a
password—the script is re-requested through the
<form> submission process. The script
encrypts the password provided by the user and checks if this matches
the password stored in the users table. If it
matches, the user is logged in by registering the session variable
loginUsername and unregistering any session
variables associated with failed attempts to update customer details.
The session variable
loginUsername stores the
user’s email address, which, as discussed earlier,
is the same as his username. If the password is incorrect, an error
is generated, and the login
redisplayed so the user can try again.
The framework used here is typical of authentication in a web database application. However, possible improvements to the process can include limiting the number of failed login attempts, a password changing feature, a password reminder module—where ...