Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

28. Authentication in PHP

Lesson 25 of 29 in the free PHP Programming notes on Siksha Sarovar, written by Rohit Jangra.

Authentication in PHP

Authentication is the process of verifying the identity of a user before allowing access to protected resources.

Exam Definition: Authentication ensures that only authorized users can access a system.

Why Authentication is Needed?

  • Secure applications
  • Prevent unauthorized access
  • Protect user data
  • Control permissions

---

HTTP Authentication

HTTP authentication is a browser-based authentication mechanism.

Types of HTTP Authentication

1. Basic Authentication

  • Username & password sent with request
  • Not encrypted (unless HTTPS used)

Example: HTTP Basic Authentication

if(!isset($_SERVER['PHP_AUTH_USER'])){
   header('WWW-Authenticate: Basic realm="Secure Area"');
   header('HTTP/1.0 401 Unauthorized');
   exit;
}else{
   echo "Welcome ".$_SERVER['PHP_AUTH_USER'];
}

Features

  • Simple
  • No database required
  • Less secure
Exam Point: HTTP authentication uses browser pop-up login.

---

PHP Authentication

PHP authentication is custom authentication using forms, sessions, and database.

Steps in PHP Authentication

  1. Login form
  2. Validate credentials
  3. Start session
  4. Restrict pages
  5. Logout

Login Validation Example

session_start();

if($user == "admin" && $pass == "123"){
   $_SESSION['user'] = $user;
}

Protecting a Page

session_start();
if(!isset($_SESSION['user'])){
   header("Location: login.php");
}

Logout

session_start();
session_destroy();
Exam Line: Sessions are used to maintain login state.

---

Authentication Methodologies

Authentication methodologies define how authentication is implemented.

1. Password-Based Authentication

  • Username & password
  • Most common
  • Should use hashing
password_hash($pass, PASSWORD_DEFAULT);

2. Token-Based Authentication

  • Token generated after login
  • Used in APIs (JWT)
Exam Use: REST APIs

3. Session-Based Authentication

  • Uses server-side sessions
  • Common in PHP applications

4. Cookie-Based Authentication

  • Stores login info in cookies
  • Used for “Remember Me”

5. Multi-Factor Authentication (MFA)

  • Password + OTP
  • Higher security

Authentication Methodologies Comparison

MethodSecurityUsage
Password-BasedMediumWebsites
Session-BasedHighPHP apps
Token-BasedHighAPIs
Cookie-BasedMediumRemember Me
MFAVery HighBanking apps

---

Security Best Practices (Exam-Important)

  • Use HTTPS
  • Hash passwords
  • Prevent SQL Injection
  • Use session regeneration
  • Set session timeout

Difference: HTTP vs PHP Authentication

FeatureHTTP AuthPHP Auth
UIBrowser popupCustom form
SecurityLowHigh
DatabaseNoYes
FlexibilityLowHigh