How to authenticate users

Visitors have to register before to post comments on the page. Registering may be used also if you want allowing contributors to add pages on the site.

How the system works

The user type a login and a password in a form and a PHP program is called by the form either to add these data if he is a new user, or to lookup the database to verify the login and the password.
These data are added into an XML file.

The XML file

These tags and properties may be defined:

  <user login="" password="" email="" />

To register

If the user want to register:
- a lookup is performed on the database, the login should be unique.
- a message displays the result.
The PHP script loads the XML file, insert the profil of the user before the closing marker of the root tag and stores it.
If the name exists, a message is displayed. In all cases, we return to the main page.
This is a simple process that we can perform without using special XML functions.

View the register.php script in the archive at bottom.

To log in

When the user want to log in:
- the name and the password are compared to the content of the database (this is simplified in the demo).
- if all is ok we continue, otherwise a message ask to register or to try again.
The code loads the XML file and puts the content into arrays, and then it compares the data.

View the scripts:

The real system

The real tool can't be so simple. If the list of logins and password is stored directly into an XML file, the file can be read by anyone and anyone can pick a login and a password to log in with them.
We have to encrypt the data, either only the string that hold these data, or the whole XML file. And the program must be able to decode these encrypted data to look up in the list.
It seems to be simpler to encrypt only the strings and we will use this method in the first version of our real authentification tool.

Download the archive of the demos