In TShirtShop, you??™ll use an authentication method called HTTP authentication, which
allows you to control the login process through an HTML form. After the client is authenticated,
we save a cookie on the client and use it to authenticate all subsequent requests. If the
cookie is not found, the client is shown the HTML login form.
?– Note We assume the administrator accesses the administrative pages from a client that has cookies
enabled.
The username and password combinations can be physically stored in various ways. For
example, in Chapter 16, you??™ll see how to store hashed (encrypted) customer passwords in the
database.
?– Tip Hashingis a common method for storing passwords. The hash value of a password is calculated by
applying a mathematical function (hash algorithm) to it. When the user tries to authenticate, the password is
hashed, and the resulting hash value is compared to the hash value of the original (correct) password. If the
two values are identical, then the entered password is correct. The essential property about the hash algorithm
is that, theoretically, you cannot obtain the original password from its hash value (the algorithm is one
way). In practice, scientists have recently found vulnerabilities with the popular MD5, SHA-0, and SHA-1
hashing algorithms.
CHAPTER 10 ?– CATALOG ADMINISTRATION: DEPARTMENTS AND CATEGORIES 275
A more simple method is to store the username and password combination in your PHP
file.
Pages:
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394