User Authentication

Anon

Hello, I would like to password protect a site as well as save a small amount of non-personal info about each user. This info would keep users from having to repetitively fill out information to be stored in different db tables.

My original inclination would be just to setup a .htaccess file (my server sets PHP_AUTH_USER automatically when using this type of authentication), check the user name against a database table, and grab the info I need.

I am trying to find out if there are any advantages in my situation to use cookies or session variables, or to manually set up my php scripts to authenticate users.

Also, I would like to timestamp a users last login, but they might not always start at the main page. Is there a way that I can make sure a script runs real quick only after authentication, rather than have it run for every page they go to?

Thanks for any help!

Jason

ziggs

The best way that I have found to do it is have it all in MySQL and use some if statements to check if the password they give you checks out and stuff like that. Then set a small cookie on their computer. Have every page look for the cookie. If not there don't display anything. If it's there then its all good. Keep their user_id or something like that in there so your other PHP files will call that user_id and make their pages according to that. Have the first page they hit tell them their last time there and then at the bottom of the coding page (after its been displayed) have it update your table. That will tell them the last time they were there. Then it secretely takes their new time. Smart eh? Ok well hope this makes sense.
Ziggs