Implementing Authentication with PHP and MySQL CHAPTER 14 305 their customers’ details when they make their first order. This means that a customer is not required to type her details every time. Having asked for and received information from your visitor, you need a way to associate the information with the same user the next time she visits. If you are willing to make the assumption that only one person visits your site from a particular account on a particular machine and that each visitor only uses one machine, you could store a cookie on the user’s machine to identify the user | Implementing Authentication with PHP and MySQL 305 Chapter 14 their customers details when they make their first order. This means that a customer is not required to type her details every time. Having asked for and received information from your visitor you need a way to associate the information with the same user the next time she visits. If you are willing to make the assumption that only one person visits your site from a particular account on a particular machine and that each visitor only uses one machine you could store a cookie on the user s machine to identify the user. This is certainly not true for all users frequently many people share a computer and many people use more than one computer. At least some of the time you will need to ask a visitor who she is again. In addition to asking who a user is you will also need to ask a user to provide some level of proof that she is who she claims to be. As discussed in Chapter 13 E-commerce Security Issues asking a user to prove her identity is called authentication. The usual method of authentication used on Web sites is asking visitors to provide a unique login name and a password. Authentication is usually used to allow or disallow access to particular pages or resources but can be optional or used for other purposes such as personalization. Implementing Access Control Simple access control is not difficult to implement. The code shown in Listing delivers one of three possible outputs. If the file is loaded without parameters it will display an HTML form requesting a username and password. This type of form is shown in Figure . Figure Our HTML form requests that visitors enter a username and password for access. 14 Implementing Authentication If the parameters are present but not correct it will display an error message. Our error message is shown in Figure . 306 E-commerce and Security Part III Figure When users enter incorrect details we need to give them an error message. On a real