Managing Users with PHP Sessions and MySQL

Wrap-Up

At this point, I've provided you with all the makings of a simple access control system. Here's the complete code in a ZIP file for you to download an play with! All of the places where you need to modify things for use on your own server are indicated in bold in this article.

There are still a few things to be added, however:

• A page where users can change their password, their email address, and whatever other options and information you want to store in your user profiles. This will obviously be a members-only page, and the $uid variable should come in handy in determining which record to update in the database.
• A "send me my password" facility that will allow the user to have forgotten login details emailed to him or her. Of course, you can't store the passwords encrypted using MySQL's PASSWORD function if you want to implement this feature (since PASSWORD is a one-way operation that cannot be reversed). If you want greater security, you could implement one of those schemes where the user chooses a question during signup that he or she must answer to retrieve a forgotten password.
• Members-only access to non-HTML files. Since PHP is equally capable of sending HTML and binary information, you could create a pass-through script that would only retrieve the requested file if a correct $uid/$pwd combination was found in the current session.

These are just a few ideas to get you started, I'm sure you can think up some more exciting ones. I'll leave them for you to complete as an exercise, but if you do get stuck feel free to stop by the SitePoint.com Forums to ask for help!