two things with php I don't get

Anon

I was reading alot last night, (up til 4:00 a.m) but still there are two things in php i am totally lost about. authentication and sessions.

The farthest in depth i've found about authentication is no much to be honest. I read on another site that you need the two header statements, but it doesn't really give a working example. It says just the basic stuff like,
if(......) { echo "hello PHP_AUTH_USER\n";
}
else {
echo "you must authenticate first";
.....
ok, as if that told me alot, like, where do I put the code for logging into the database, comparing the names and passwords, and the actual logging in?

to put it simple, I havent found a helpful example as of yet.

another thing i don't get is sessions. say, if i did magically get authentification through my head and wanted to keep a username and email address as variables to fill in the appropriate form fields (like i've noticed this site does) would i just have to use a few lines like:
session_start();
session_register($name);

and that variable would stick through the whole site or what would i have to do

dalecosp

Sessions is one way.

Cookies are another.

Keep reading....

G'luck

KDK

sp0rk

Here's an excellent tutorial on authentication: http://www.zend.com/zend/tut/authentication.php

bretticus

Okay, 1st of all, AUTH and sessions are two different methods for authentication.

php $AUTH* variables provides you with a way to hook into HTTP authentication. So say you just wanted to make sure nobody could see anything under a virtual directory with Apache. You throw in a .htaccess file in that directory and each time your browser requests a file from that directory, you get that browser popup window until you supply the correct credentials. Now you have free reign of that directory as the server remembers you via cookie.

Sessions are much more flexible. Sessions weren't neccessarily created for authentication, but work great. Basically the principle is: php stores values for you serverside and remembers you via id from a locally stored cookie. Since this id is HUGE and random, it can provide for pretty decent authentication.

So what you do is (in theory) you use a basic html form to request a username and password with are queried against a database. If you find a match you can register x number of session variables to store just about anything. Then you just have a few lines of code (or header include script) that checks to make sure the session varible(s) is/are set. If not, send a redirect via Header() function.

Good luck

kris81

session_start();
session_register($name);

and that variable would stick through the whole site or what would i have to do

You are right about that.
If a user goes to another page of your website, you can always do something like this: echo $name;
and his name will be echoed.
When a user clicks on a logout-link,
you can use destroy_session();
Than all these variables you registered will be destroyed and you can't use $name anymore.