Website login script

A website login script is used to identify a user based on the username and password they provide. Actually, this identification restricts the access of other users to some particular pages. A simple example to explain the need for a login script is your email server. No one but you can access your email account with your unique username and password.

Basically, a login script can be of two types. (1). Single user login script and (2). Multi-user login script. A single sign-on script is one where only one user can log in and access some particular pages. An example of such a script is a bulletin board admin control panel, etc. In the multi-user login script, multiple users share the same login page to identify themselves with different usernames and passwords.

How to design a login script for a website?

The design of a website’s login script depends entirely on how much security you require to restrict unwanted users from viewing the restricted pages. Consider the case of a blog site. There is a security restriction. Malicious users cannot post any comments on your behalf. But the level of security is certainly much, much higher when a website deals with the credit card number of its customers.

A simple login script consists of the following parts.

1. A login page that has at least two text fields, username and password.
2. Some JavaScript code to restrict malicious users from sending malicious data to the server.
3. A database-driven login verification page. This verification page actually accepts the form data submitted by the user (username and password); check if there is any user in your database with this combination of name and password.

After a successful login, there should be some method to remember the user during their visiting session. Otherwise, the user has to repeatedly check himself when he tries to move from one page to another. Some common and accepted methods to identify the user if they are already logged in are,

1. Assigning a session variable based on the user’s name.
2. Assignment of a cookie on the user’s computer.
3. Keep a record of the user’s IP and login time in the database under the user account.

When a user requests a restricted page, the verification page first checks whether the user is already logged in or not. If it is not verified, you will be redirected to the login page. When the user clicks on the logout link or leaves that site, the login information may be deleted.