How to do user authentication using PHP?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How to do user authentication using PHP?

PHPz

Apr 19, 2024 pm 06:42 PM

mysqlphplaravelUser AuthenticationSensitive data

User authentication is crucial in PHP and can be achieved in a variety of ways, including relying on sessions, using a database, or leveraging third-party libraries. With the session method, you can verify that the user is logged in by checking if the $_SESSION variable exists. When using a database, you can compare submitted credentials with those retrieved from the database. Additionally, third-party libraries such as Laravel, Zend Framework, or Slim Framework can be used to simplify the validation process.

如何使用 PHP 进行用户验证？

How to use PHP for user authentication

User authentication is crucial in web applications, it ensures that only authorized users have access sensitive data or perform specific operations. In PHP, there are several ways to implement user authentication, including:

Relying on session

This method uses the $_SESSION variable to store the relevant Encrypted information of logged in users.

// 检查用户是否已登录
if (isset($_SESSION['user_id']) && isset($_SESSION['user_name'])) {
    // 用户已登录
} else {
    // 用户未登录，重定向到登录页面
    header('Location: login.php');
    exit;
}

Using a database

This method stores user information in a database and uses the database credentials for authentication when the user logs in.

// 从表单中获取已提交的凭证
$username = $_POST['username'];
$password = $_POST['password'];

// 使用 PDO 连接到数据库
$conn = new PDO("mysql:host=localhost;dbname=my_database", "user", "password");

// 准备并执行查询以获取用户信息
$stmt = $conn->prepare("SELECT user_id, password FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();

// 获取查询结果
$result = $stmt->fetch(PDO::FETCH_ASSOC);

// 比较提交的凭证和数据库中的凭证
if ($result && password_verify($password, $result['password'])) {
    // 设置会话变量并重定向到受保护的页面
    $_SESSION['user_id'] = $result['user_id'];
    header('Location: protected_page.php');
    exit;
} else {
    // 显示错误页面
    header('Location: error.php');
    exit;
}

Use third-party libraries

There are also some third-party libraries that can simplify the user authentication process in PHP, for example:

[ Laravel](https://laravel.com/docs/9.x/authentication)
[Zend Framework](https://docs.zendframework.com/zf3/authentication/)
[Slim Framework](https://www.slimframework.com/docs/v4/middleware/#authentication)

Practical Case

Let’s Create a simple PHP user authentication system using session methods:

<?php
// 开始会话
session_start();

// 如果提交了登录表单
if (isset($_POST['submit'])) {
    // 获取已提交的凭证
    $username = $_POST['username'];
    $password = $_POST['password'];

    // 检查凭证（假设从数据库中获取）
    if ($username == 'admin' && $password == '12345') {
        // 设置会话变量以指示用户已登录
        $_SESSION['logged_in'] = true;

        // 重定向到受保护的页面
        header('Location: protected_page.php');
        exit;
    } else {
        // 显示错误消息
        echo '<p>Invalid credentials</p>';
    }
}

// 如果用户已登录，则显示受保护的页面
if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true) {
    echo '<h1 id="Welcome-admin">Welcome, admin!</h1>';
} else {
    // 显示登录表单
    echo '<form action="login.php" method="post">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username">
        <label for="password">Password:</label>
        <input type="password" id="password" name="password">
        <input type="submit" name="submit" value="Login">
    </form>';
}
?>

The above is the detailed content of How to do user authentication using PHP?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn