Posted by: Shofiur Rahman

Posted on: June 27, 2012 4:32 pm


To authenticate a user includes the following steps:

  • Identifying visitors
  • Implementing access control
  • Authentication

Identifying Visitors

The web is fairly anonymous medium, but it is often useful to know who is visiting your site to focus on right business area. You are able to get little about the visitors due to users privacy. With a little work server can find out quite lot about users computers, networks, browsers, etc.  From visitor’s IP address you are able to know visitor’s geographic location.

Implementing access control

Simple access control is not difficult to implement. A simple PHP script is shown below.

//create short names for variables

$name = $HTTP_POST_VARS['name'];

$password = $HTTP_POST_VARS['password'];

if(empty($name) || empty($password)){

//Visitor needs to enter a name and passwor.


<strong>Please Log In</strong>

<form method=”post” action=”login.php”>
<label>User Name: </label> <input type=”text” name=”name” />
<label>Password:</label> <input type=”password” name=”password” />
<input type=”submit” value=”Log In” />




else if($name==’user’&& $password==’pass’){

//login successful


else {
//login failed


Encrypting passwords

To secure the access control you need to implement encryption algorithm on the user login. The PHP function crypt () provides a one-way cryptographic hash function. The prototype for this function is

String crypt (string str [, string salt])

Basic Authentication in PHP

There are some built-in authentication facilities in to HTTP. Scripts or web servers can request authentication from a web browser. The web browser is then responsible for displaying a dialog box or similar device to get required information from the user.

PHP scripts are generally cross-platform, but using basic authentication relies on environment variables set by the server.  A sample of HTTP basic authentication using PHP is shown below.

// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW

if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’ && !isset($PHP_AUTH_USER) && !isset($PHP_AUTH_PW) && substr($HTTP_AUTHORIZATION, 0, 6) == ‘Basic’)

list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(‘:’, base64_decode(substr($HTTP_AUTHORIZATION, 6)));


//Replace this if statement with a database query or similar

if($PHP_AUTH_USER!=’user’ || $PHP_AUTH_PW != ‘pass’)


// Visitor has not yet given details, or their
// name and password combination are not correct

header(‘WWW-Authenticate: Basic realm=”Realm-Name”‘);
if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’)
header(‘Status: 401 Unauthorized’);

header(‘HTTP/1.0 401 Unauthorized’);

echo ‘You are not authorized to view this resource.’;


else {

// visitor provided correct details.



Posted by: SEO Positive

Posted on: November 29, 2010 11:55 am


All developers have to transfer sites at some point, if you don’t I envy you. It seems that site transfers always have teething issues with the difference in server builds, operating systems having different compilations of PHP and the rest.

And worst of all, different hosts limitations…

But to transfer a site you need to make a simple list of things that need to be done in order for it to work.

  • Get all files, including hidden files (many a time I’ve been caught up on the .htaccess on a mac being hidden and a site riddled with 404 errors…)
  • Get all database details of the new server
  • Update all calls to databases
  • Use Dream Weaver (for the only things its any good for) to search and replace across the site for the old URL and change it to the new one, and the same with database details)
  • Make sure image, stylesheet, javascript and any other call is base root not an absolute URL (unless externally hosted)
  • Upload everything, including creating the new databases
  • Test everything, fix bugs and teething issues

If you can do all of the above your site will transfer easy peasy.

Posted by: SEO Positive

Posted on: July 7, 2010 8:23 am


While a lot of php programmers still use standard MySQL no problem, I still do, there is MySQLi Which stands for “MySQL improved” and its simply a driver for PHP with more functionality and safer than using your standard MySQL code.

See below for a pretty bog standard PHP class to connect to MySQL

class mysqlCon
             private static $connection;

             private function __construct($server, $username, $password, $database)
                                       throw new RunTimeException('Could not connect to MySQL server. MySQL said: '.mysql_error());
                                       throw new RunTimeException('Could not connect to MySQL database. MySQL said: '.mysql_error());
                          self::$connection = true;
                          return $this;
$connection = new mysqlCon('localhost', 'username', 'password', 'database');

Which looks, to most PHP programmers pretty standard. But see below for the MySQLi version of this operation

class mysqliCon
             private static $connection;

             private function __construct($server, $username, $password, $database)
                          self::$connection = new mysqli($server, $username, $password, $database);
                                       throw new RunTimeException('MySQLi said no. It also said: '.self::$connection->error);
                          return $this;

Which, as you can see is only half the size, its half the code for twice as much functionality and security.

I recommend a movement to MySQLi because it really is great, there’s not a flaw to it its much easier to use and much easier to learn (And the errors are friendlier)

Posted by: SEO Positive

Posted on: May 28, 2010 7:41 am


Here at SEO Positive we had an issue with one of our blogs, an unresponsive script preventing the editor from working. After some digging around in the shroud that is WordPress’ code I worked it out to be an issue with the wp_postmeta table.

The error occurs in this file, ‘/wp-includes/js/jquery/jquery.js?ver=1.3.2:19′

We updated our site a number of weeks back and re-imported all of our blogs, when you import a blog it would appear there is a glitch that inserts into the wp_postmeta table rows with a postid of 0.

This is what causes the unresponsive script, below is the code that we used to fix it, all you have to do is log into your database, back up the wp-postmeta table (just in case) and enter this into SQL input

delete from wp_postmeta where postid = '0';

After you run that on your table you should find that your WordPress blog works just as well as a new blog.

If you found this blog helpful, leave a comment and visit the SEO Positive blog for up to date news on the SEO and internet Market.

happy blogging!

Posted by: SEO Positive

Posted on: May 12, 2010 8:46 am


Today we are going to expand more on PHP Variables and introduce the define() function as well as touch base with MySQL And getting you connected to a database.

The requirements for todays tutorial are:

  • PHP Server with PHP 5+
  • MySQL Access with all privilages
  • Testing platform (Virtual Server, PHP Hosting)
  • Text authoring software to edit your files

As usual all code can be downloaded via the link at the bottom of the post.

MySQL Code

//resource one
$connect1 = mysql_connect('localhost','test','test');
mysql_select_db('test', $connect1);

//resource 2
$connect2 = mysql('localhost','test2','test2');

//simple query using resource #1
mysql_query("select * from `test`", $connect1);

//simple query using resource #2
mysql_query("select * from `test2`", $connect2);

PHP Function

function feedMe($food)
	if($food == 'cookies')
		return 'Yummy thank you very much for the cookie';
		return "Yuk! I don't like {$food}, I want cookies.";
//feed me apples
echo feedMe('pears');
//will output Yuk! I don't like apples, I want cookies.

//feed me cookies
echo feedMe('cookies');
//will output Yummy thank you very much for the cookie

Download Zipped Source

Tomorrow we will look at handling user input data using PHP and XHTML using POST and GET methods