You'd be surprised by the number of folks who have a secret master plan for world domination and even more surprised at the number who post these plans on their Web sites. Why haven't you spotted these plans, you ask? Probably because savvy Web developers require users to be authenticated before entering the secret area. Similarly, there are multimillion-dollar international corporations that make their top-secret product specifications available to only a select group of engineers. How do they do it? The same way the would-be Napoleons of the Web do: by using basic HTTP user authentication. And we're all familiar with the obnoxious username/password dialog box that pops up when HTTP authentication is used.
User authentication (or password-protection) is built into all Web servers, and you don't need root-level access to use it. You can learn all about basic HTTP authentication in Keeping Secret Plans Hidden. Later on in this article, you'll learn how to do it with PHP.
Once you've authenticated your users, you might want to track where they're going and what they're doing. User tracking requires a bit of planning on your part. Unfortunately, there's no magic wand you can wave over your Web server that will make it list the vital statistics and buying trends of your customers. There are, however, magic cookies!
Cookies, those little pieces of text that are sent to a user's browser along with the pretty pictures and well-worded content of a good site, will help you create shopping carts, user communities, personalized sites all of those things that, with a little marketing, can make you millions of dollars.
Say you've planned to assign unique identification variables to each user so you can track what they do (or what they buy!). First, a user logs on to your site, you send a cookie with variables designed to say, "This is Joe, and Joe is allowed to be here." While Joe is surfing around your site, you can say, "Hello, Joe!" on each and every page. If Joe clicks through your catalog and picks 14 different items to buy, you can keep track of these items and display them all in a bunch when Joe clicks on the Checkout button. But what happens when a user doesn't accept cookies? Are your well-laid plans all for naught? Will Joe ever get to buy those 14 items?
I'll answer these and other burning questions in the following pages. First, I'll discuss validating your users with HTTP authentication and PHP, then we'll set some cookies, and finally we'll learn about the long-awaited, No. 1 feature of PHP 4: sessions!