This project was designed as a base template to secure information behind a login page of a website.

Config options are held in config.php.

• Web Root
  • Where a user is taken before logging in.
• Post Login
  • Where a user taken upon a successful login attempt.
• Session Duration
  • How long it takes for a user to be asked to log in again.

This library uses two tables. Sessions, and users. The SQL file is available above.

On your index.php, you would create a log in form. The action, however you choose to execute it, is as follows.

$user = new user; 
$user->login($username,$password);

The login function checks the database for the username and password. If all is well, it then runs the "begin_database_session" function, which redirects them to the post login page in your config.php.

For every page you would like to be secure, include the following code.

$session = new session;
$session->update_session();

When this code is executed, it checks the following. - Has it been longer than the defined session time? - Is there a valid user agent string? - Is the session unique ID the same as the servers? If any of these are false, it runs the "destroy session" function and asks the user to login again.