When I first started learning PHP, I did a bunch of "Hello World" exercises, read a couple books, and endlessly pestered the only PHP gurus who would put up with me (Jamie Ruppert and Greg Lane -- thanks, guys!). Still, there was an overwhelming amount of information to learn and it just wasn't clicking.

I decided the best way for me to learn PHP was to start building a Web site. I was well aware that my lack of experience would likely result in me trashing my Web server or getting mercilessly hacked, so prudence dictated I use myself as the guinea pig. All I needed was an idea for a site.

At the time, I just moved 1300 miles away from my immediate family, and a couple of my siblings were equally far-flung. What's more, both my parents are re-married, as are the parents of my step-sisters. The result is a dizzying family tree. The holidays were fast approaching and the whole (Brady) bunch of us were e-mailing Christmas lists back and forth in a huge disorganized mess. To top it all off, my birthday is on December 21st, so it was likely someone on my mother's side and someone on my father's side -- who we don't normally coordinate with about these sorts of things -- were going to get me the same thing for Christmas, birthday, or both.

So, the first version of TwelveTwentyfive.com was born. From the very first day, people were using it pretty heavily. I was getting feature requests left and right and I was racing to squash bugs. As soon as I got something working, I had to move onto the next thing. That being the case, there were a few things I built without ever understanding what was going on under the hood.

And that's why this article was so much fun to write. I finally had an excuse to dig into the underlying technologies that make a Web site login possible. I found all sorts of interesting material on the subject and just about everything I read triggered an audible "Oh, so THAT's how that works!"

The moral of the story is twofold:

1) If you're a feeling overwhelmed by PHP, just dive in and build something that solves a real problem.
2) You don't have to understand how something works to get good use out of it.

In this article, I show you how to build a functional login routine for a Web site built with PHP and FileMaker Pro. Along the way, I'll share some thoughts on the more abstract topic of how PHP sessions work in hopes of giving you a better understanding of Web applications, and the potential security issues involved with session management.

Glossary

First, I want to briefly define some terms I use in this article.

Guest: An anonymous user who is browsing public pages on your Web site.

Member: A user who has successfully logged into your Web site.

Credentials: A user's username and password.

Authenticate: To verify a user's identity.

Session: A mechanism for storing user-specific data on the Web server. You use sessions to preserve information across multiple Web page requests.

Cookies: A mechanism for storing data on the user's machine. Many Web sites use cookies to preserve information across multiple page requests, or even multiple visits to a site. You store cookies on the user's machine. Therefore, the user can manually edit the cookies at any time. Cookies are transmitted back and forth between a user's browser and a Web server in "headers."

Headers: Hidden data sent back and forth between a Web server and a browser that contains information about the transmission.