Use session to replace apache Server Verification

For pages that require authentication, it is best to use the apache server for authentication. However, the interface for apache server authentication is not user-friendly. In addition, not all cases can be verified using the apache server, such as cgi mode php and iis php. Session can be used to save user identities on different pages, such as login. phplt ;? If ($ name Apache

For pages that require authentication, it is best to use the apache server for authentication.
However, the interface for apache server authentication is not user-friendly. Besides, not all situations
You can use the apache server for verification, such as cgi mode php and iis php.

Session can be used to save user identities on different pages, such

Login. php

<?
If ($ name = "" & $ pass = "")
{
?>

<Form action = "login. php">
User: <input type = "text" name = "name"> <br>
Pass: <input type = "text" name = "pass"> <br>
<Input type = "submit" value = "OK">
</Form>

<?
}
Else
{
If ($ name! = "Uuu" | $ pass! = "Ppp ")
{
Echo "login fail! ";
}
Else
{
Session_register ("user ");
Session_register ("passwd ");
$ User = $ name;
$ Passwd = $ pass;
Echo "OK! <Br> <a href = "next. php"> next page </a> ";
}
}

?>

Next. php

<?
Session_start ();
Echo "username: $ user ";
?>

But can users use http://domain.name.com/next.php? User = uuu
To bypass authentication.

Therefore, the actual next. php must be like this:
<?
Session_start ();
If (! Session_is_registered ("user "))
{
Echo "login fail ";
}
Else
{
Echo "username: $ user ";
}
?>

Use session_is_registered () to detect session variables,
In this way, session has basically achieved reliable authentication of identity.