One of the top qualities of PHP is it's dynamics. That means that everything about a webpage can be changed based on certain elements, either user-supplied or system-based. You can base the output of a webpage roughly on anything the user's browser sends, like the user's resolution. This tutorial is going to cover the general area of making a PHP script user-aware. Basically, that stands for the fact that the webpage is designed for more than one user's preferences.

User management can be either based on username/password pairs, in which case authentication mechanisms have to be built, this method being recommended for private-content webpages; the other method of obtaining user-aware scripts is by using cookies. We'll start by explaining cookie-based systems first, being the easiest to understand. Further in this tutorial you'll find some information on the first type of user-aware scripts - username/password protected areas.

PHP has built-in cookie setting and control functions, easily adaptable to any condition. The following bit of code is a script that checks for a cookie, and based on the result, outputs the page's background in a different color:


We should note that $HTTP_COOKIE_VARS["bgcolor"] could have been replaced with $bgcolor, but if we had done that, we could have been sure whether this variable would have been set actually in a cookie or in a GET request (like accesing the script like this: script.php?bgcolor=deeppurple). In the same fashion, $HTTP_GET_VARS and $HTTP_POST_VARS are available.

Here is the setcookie() script:

Now, when you normally parse a user-sent variable you should always pass it through addslashes(). This makes sure the user doesn't try to "hijack" the HTML output. But in this case we don't need that, since the user could only "hijack" his own HTML output, since the cookie is not available to anyone but himself.

Now, we've only scratched the surface of what control cookies can bring to your website. For example, someone could write a function that orders paragraphs differently for each user, making sure that a user interested in a certain field always gets a paragraph about that first. This can also apply to news! Any news on the topic of hardware shown on the site will always be shown on the main page for users that have specified hardware as an interest.

The most common use for cookies is to store login names and passwords. You may build a full content management system, with a MySQL backbone, storing user interests and preferences, and by retrieving preferences from the database the script could order or change the page elements.

Basically, having a user-aware script using username/password authentication has only one downside. While much simpler cookie auth is completely unstable and cannot be used for any serious authentication, it's very easy to apply to the user. A user just selects what he wants from a list, and doesn't have to worry about it until the cookie expires, is cleared or lost, while username/password pair authentication usually requires a long process of registration which takes longer and usually not enjoyed by users, plus the user has to remember his password. Think what happens when a user signs up for 30 or so of these websites, every time with a different password of course, so as not to compromise his other accounts if one of the passwords gets leaked. You try remembering 30 passwords!

Thanks for Skee

__________________
-
-