Learn:

• How to add a log out link on the admin menu.

• The log out page gets rid of the session data.

Learn:

• Every admin page checks the log in flag in the session. You can put the code in a separate file, and use the require statement to insert it.
• Admin pages can check permission data in the session.
• Use permission data from the session to change the admin interface. Don’t show users actions they’re not allowed to do.

Learn:

• There two parts to restricting access to Web applications: authentication and permissions.

• Authentication is about knowing who the user is.

• Permissions is about knowing what the user is allowed to do.

• Create a database table with information about users, including their user names, passwords, and permissions.

Learn:

• There are two pages for adding a record: one page with a form the user fills in, and another page that adds the user’s data to the database.

• The SQL INSERT statement does the work.

• Use stripslashes() to remove backslashes that PHP adds to form data.

• Use $db->escape_string() to foil SQL injection attacks.

You will learn that:

• The log in form gets a user name and password from the user.
• It sends the data to a page that checks whether the user name and password is in the database table users.
• If the user name and password are found, permission information is stored in the session.

Learn:

• Create a users table in the database. It will have user names, passwords, and permission flags.

• Good passwords have lowercase letters, uppercase letters, digits, and special characters. They don’t correspond to a dictionary word.

Learn:

• How to append form data to a file.

• How to read back data from the file.

• Know how to do some basic security stuff.

Learn how to restrict what different people can do on a site.