Chapter 8. Authentication

Chapter 8. Authentication
Prev	Part IV. Core Functionality	Next

Authentication management can be used to authenticate a session, that is, to identify the user at the client side of the session.

Authentication is done inline, with HTML forms, not with HTTP authentication (that's the browser popup you get when you hit a page protected with htaccess). Inline authentication has several advantages over HTTP authentication:

It can be undone: A session can be un-authenticated, the user can "log out".
It can expire: A session can automatically be un-authenticated after a given idle time.
It can be customized: You are not limited to user/password pairs. Instead you could use a customer number, operator id and a password to log in. Also, you have full control over the login screen, which is a normal HTML page with logos, help and forms as you see fit.
It is database based. Authentication is being done against a database of your design, not a htpasswd text file.
It is per page. You decide on a per-page basis which pages are authenticated and which aren't.
It can be user authenticating and optionally self registering. In registration mode, a user without a valid login is encouraged to register and an account is created for this user.
It works with CGI PHP. HTTP authentication is available only in mod_php.
It is integrated with a permission checking scheme.

Authentication Instance variables

Accessible instance variables

classname	Serialization helper: The name of this class
persistent_slots	Serialization helper: The names of all persistent slots.
lifetime	Maximum allowed idle time before the authentication expires.
refresh	Maximum allowed time before the authentication info (perms and alike) are re-read from the database calling auth_refreshlogin() method. If set to 0 authentication info are read only at the login stage.
mode	Authentication mode: log or reg (see below).
database_class	A classname. Auth uses this class to make a database connection.
database_table	Database table used to keep the session variables.
magic	An arbitrary value used in uniqid generation.
nobody	Flag: If true, we use default authentication.
cancel_auth	The name of a button that can be used to cancel a login form.

Internal instance variables

db	Internal: The database connection object instance.
auth	Internal: User authentication information, see below.
in	Internal: Used in default authentication mode.

Prev	Home	Next
PHP4 Sessions with PHPlib using session4_custom.inc*	Up	Authentication Instance methods