Authenticating a user means determining whether the visitor is already registered on the e-commerce site or not. Applying authentication is a two-step process:
1. You have already learned to display and execute a script that enables visitors to sign up and create an account on your site. To verify that that the visitor is already registered, they will be provided with a sign-in form that will prompt them to enter a valid e-mail address and password.
2. After entering an e-mail address and password, when the user clicks the Submit button in the sign-in form, they are taken to another script that accesses the customers table and confirms if any customer (row) exists with the supplied e-mail address and password. If a customer exists with the specified e-mail address and password, it means the visitor is already registered to your site and a welcome message will be displayed on the screen. If no row exists in the customers table with the supplied e-mail address and password, it means either the visitor is not registered to your site or has entered the wrong information. Hence, the visitor is provided two links to choose from—one will navigate them to create a new account and the other will allow them to try to sign in again.
The PHP script called signin.php is shown in Listing 2-14. It performs the first step of implementing authentication—displaying the sign-in form.
Listing 2-14. The signin.php Script for Displaying the Sign-In Form
<html> <head> </head> <body>
<form action="validateuser.php" method="post">
<table border="0" cellspacing="1" cellpadding="3"> <tr><td>Email Aaddress:</td><td><input type="text"
name="emailaddress"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"> </td></tr>
<tr><td colspan=2 align="center"><input type="submit" name="submit" value="Login"></td></tr>
</table> </form> </body> </html>
The script displays two text boxes to the visitor, one for entering an e-mail address and other for entering a password (see Figure 2-10). After the user enters an e-mail address and password and clicks Submit, the information entered in the form will be assigned to the $_POST array and sent to the validateuser.php script to check if any user exists in the customers table with the supplied e-mail address and password.
Figure 2-10. Sign-in form prompting the user to enter a valid e-mail address and password
The PHP script called validateuser.php is shown in Listing 2-15. It performs the second step of authentication—it verifies whether the information entered by the visitor is valid.
Listing 2-15. The validateuser.php Script for Authenticating the User
<html> <head> </head> <body> <?php
$connect = mysqli_connect("localhost", "root", "gold", "shopping") or die("Please, check your server connection.");
$query = "SELECT email_address, password, complete_name FROM customers WHERE email_address like '" . $_POST['emailaddress'] . "' " .
"AND password like (PASSWORD('" . $_POST['password'] . "'))"; $result = mysqli_query($connect, $query) or die(mysql_error()); if (mysqli_num_rows($result) == 1) {
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { extract($row);
echo "Welcome " . $complete_name . " to our Shopping Mall <br>"; }
} else { ?>
Invalid Email address and/or Password<br> Not registered?
<a href="validatesignup.php">Click here</a> to register.<br><br><br> Want to Try again<br>
<a href="signin.php">Click here</a> to try login again.<br> <?php
} ?> </body> </html>
As expected, a connection to MySQL server is established and the shopping database is selected. A SQL statement is written to search in the customers table. The SQL statement checks if there is any row in the customers table whose e-mail address and password matches the e-mail address and passwords in the $_POST array. Recall that the e-mail address and password entered in the form displayed through the signin.php script are assigned to the $_POST array and navigation to the validateuser.php.
If a customer exists in the customers table that matches the supplied e-mail address and password, a welcome message is displayed to the user (see Figure 2-11—bottom).
Figure 2-11. Message that appears upon entering an incorrect e-mail address or password (top) and the welcome message displayed upon entering a correct e-mail address and password (bottom)
If no row exists in the customers table (that matches the visitor’s e-mail address and password), it is assumed that either the visitor is not yet registered or they entered an invalid e-mail address or password. Consequently, two links are displayed to the visitor to choose from—one to create a new account (validatesignup.php) and another to try to sign in again (signin.php) (see Figure 2-11—top).
Summary
In this chapter, you learned how to write and run your first PHP script. You also saw how information is passed from one script to another. You learned to get information from the user by creating a sign-up form. To store information about the new customer, you learned about the methods that are required in establishing connections between PHP and a MySQL server.
You learned about creating and executing scripts for storing user information in the customers table. Finally, you learned about the methods required to access information from the database and used that knowledge to authenticate a user (by creating a sign-in script).
In the next chapter, you will learn how to access the products table and display a list of products in it. Also, you will learn to display images of the products. You will learn to implement a search box in the e-commerce site to enable visitors to search the desired products quickly, to remember what visitors like, and finally, you will learn about session handling too.