PHP and MySQL Web Development - P66

PHP and MySQL Web Development - P66: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | Implementing Access Control 297 Listing Continued php else if name user password pass visitor s name and password combination are correct echo h1 Here it is h1 echo I bet you are glad you can see this secret page. else visitor s name and password combination are not correct echo h1 Go Away h1 echo You are not authorized to view this resource. The code from Listing will give you a simple authentication mechanism to allow authorized users to see a page but it has some significant problems. This script Has one username and password hard-coded into the script Stores the password as plain text Only protects one page Transmits the password as plain text These issues can all be addressed with varying degrees of effort and success. Storing Passwords There are many better places to store usernames and passwords than inside the script. Inside the script it is difficult to modify the data. It is possible but a bad idea to write a script to modify itself. It would mean having a script on your server which gets executed on your server but is writable or modifiable by others. Storing the data in another file on the server will let you more easily write a program to add and remove users and to alter passwords. Inside a script or another data file there is a limit to the number of users you can have without seriously affecting the speed of the script. If you are considering storing and searching through a large number of items in a file you should consider using a database instead as previously discussed. As a rule of thumb if you want to store and search through a list of more than 100 items they should be in a database rather than a flat file. Using a database to store usernames and passwords would not make the script much more complex but would allow you to authenticate many different users quickly. It 298 Chapter 14 Implementing Authentication with PHP and MySQL would also allow you to easily write a script to add new users delete users and allow users to change .

Không thể tạo bản xem trước, hãy bấm tải xuống
39    9    2    02-04-2023
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.