Please try again.';
}
}
?>
Isn't this how you would process a standard web form? We first check if we got the
username and password, and then let the User class handle the authentication. Once
verified, we set a cookie if the user opted to remember the login details. We then
redirect the user to a return URL if specified, or to the profile page. If we could not
verify, we show an error message. This PHP code is placed before the login form
XHTML code, so the username and password entered will be auto-filled if the login
failed. That's all!
Handling Sessions and User Login
We made the homepage and login script and showed it to Luigi. Luigi pulled up his
mobile browser and went ahead to log in. And then Murphy hit us! Luigi entered the
correct username and password, it showed him the profile page, but if he moved to
any other page, it would say he was not logged in! Murphy's law says that anything
that can go wrong will go wrong, and at the worst possible time. That time is
typically when your client is going to test the app. And then we learn!
Even though we are not using cookies for authentication, PHP uses a cookie to
store the Session ID.
Pages:
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95