Example 20-4 shows the helper functions stored in the authentication.inc include file. The function newUser( ) creates a new row in the users table, and digests the password that's passed as a parameter using the md5( ) hash function. This is discussed in detail in Chapter 11.

The function authenticateUser( ) checks whether a row in the users table matches the supplied username and password (the supplied password is digested prior to comparison with those stored in the database). It returns true when there's a match and false otherwise.

The registerLogin( ) function saves the user's username as a session variable, and also stores the IP address from which they've accessed the winestore. The presence of the $_SESSION["loginUsername"] variable indicates the user has logged in successfully. The function unregisterLogin( ) deletes the same two session variables.

The function sessionAuthenticate( ) checks whether a user is logged in (by testing for the presence of $_SESSION["loginUsername"]) and that they're returning from the same IP address. If either test fails, the script calls unregisterLogin( ) and redirects to the script supplied as a parameter. This approach won't work for all situations—for example, if a user's ...