For pages that require authentication, it is best to use apache server authentication. Use session to save user identity between different pages, such as if ($name=="" && $pass=="")
However, the interface of apache server verification is not friendly enough. Moreover, not all situations
can be verified using the apache server, such as php in cgi mode and php under iis.
login.php
{
?>
}
else
{
if($name!="uuu" || $pass!="ppp")
{
echo "login fail!";
}
else
{
session_register("user");
session_register("passwd");
$user=$name;
$passwd =$pass;
echo "OK!
next page";
}
}
?>
next.php
session_start();
echo "username:$user";
?>
However, users can use http://domain.name.com/next.php?user=uuu
to bypass authentication.
So, the actual next.php must be like this:
session_start();
if (!session_is_registered("user"))
{
echo "login fail";
}
else
{
echo "username:$user";
}
?>
Use session_is_registered() to detect session variables.
In this way, reliable authentication of identity has been basically achieved using session.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
