Ok...
Well I've got a basic web interface written in PHP to talk to a mysql database. All is set up and good. The user logs in with u/p via http authentication.
This website is going to be fairly in-depth... (ie: have ability to insert/modify/etc data from multiple tables) and as such will consist of several (web)pages.
On the original page, I do a mysql_pconnect and get info on all the tables and display the contents. Then there's links to other pages to do other things (modify other tables). There will be a page to modify each table in the database.
On the first/login page, the user logs in with the following PHP code at the top of the page:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic-realm="Authorized Access Only"');
header('HTTP/1.0 401 Unauthorized');
echo 'Sorry, you must provide a valid username and password to enter'";
exit;
}
The database is opened with $_SERVER['PHP_AUTH_USER'] and PHP_AUTH_PW.
My question is the following: What is the best way to code each page as far as connecting to the database? If I place that above code on the top of each page, apache (or PHP) remembers the u/p and does not ask for it on each page. But is that the best method, opening and closing a connection to the database with each page visited? In reality, this database will carry a very light load so it's not like it matters greatly, I'm just curious what the best/correct/standard programming practices are.
And as an aside... How would I go about setting up a secure socket layer (I think that's what I want). Basically I want an encrypted method for providing the u/p to the server so no one sniffing could discover it. This site will be accessed from many different locations so it must be secure. Thank you.
