A website login script is used to identify a user according to the user name and password he provides. Actually this identification restricts other users from accessing some particular pages. A simple example of explaining the necessity of login-script is your email server. No one but you can access your email account with your unique login name and password.
Basically a login-script may be of two types. (1). Single user login script and (2). Multi-user login script. A single login script is one in which only one user can login and can access some particular pages. Example of such script is administrator control panel of a bulletin board, etc. In multi-user login script several users share same login page to identify themselves with different user name and password.
How to design a website login-script?
Design of a website login script entirely depends upon how much security requires restricting unwanted user in viewing the restricted pages. Consider the case of a blog site. There is a security restriction. Malicious users can't post any comment in the name of you. But the security level certainly much and much higher when a website dealing with the credit card number of their customers.
A simple login script consists of the following parts.
- A login page having at least two text field, user name and password.
- A database driven login verification page. This verification page actually accepts the user submitted form data (user name and password); verify them whether there is any such user in their database with this name and password combination.
After successful login there must be some method to remember the user during its visiting session. Otherwise the user has to repeatedly verify him self when he try to move from one page to another. Some common and accepted methods of identifying user whether he already logged in are,
- Assigning a session variable based on the name of the user.
- Assigning a cookie in the user computer.
- Keeping record of user IP and login time in the database under the user account.
When a user requests a restricted page, the verification page first verifies whether the user is already logged in or not. If not verified, he will be redirected to the login page. When the user click on the logout link or when he leaves that site the login information may be deleted.