29 525x ch23 1/24/03 2:56 PM Page 472
24
Building User Authentication and
Personalization
IN THIS PROJECT
,WE
’LL GET USERS to register at our Web site.When they’ve done that,
we’ll be able to keep track of what they’re interested in and show them appropriate con-
tent.This is called user personalization.
This particular project will enable users to build a set of bookmarks on the Web and
suggest other links they might find interesting based on their past behavior. More gener-
ally, user personalization can be used in almost any Web-based application to show users
the content they want in the format in which they want it.
In this project, and the others to follow, we’ll start by looking at a set of requirements
similar to those you might get from a client.We’ll develop those requirements into a set
of solution components, build a design to connect those components together, and then
implement each of the components.
In this project, we will implement the following functionality:
n
Logging in and authenticating users
n
Managing passwords
n
Recording user preferences
n
Personalizing content
n
Recommending content based on existing knowledge about a user
The Problem
We want to build a prototype for an online bookmarking system, to be called
PHPBookmark, similar (but more limited in functionality) to that available at Backflip:

30 525x ch24 1/24/03 3:36 PM Page 473
474
Chapter 24 Building User Authentication and Personalization
Our system should enable users to log in and store their personal bookmarks and to get
recommendations for other sites that they might like to visit based on their personal
preferences.
These solution requirements fall into three main buckets.
First, we need to be able to identify individual users.We should also have some way
of authenticating them.
Second, we need to be able to store bookmarks for an individual user. Users should
be able to add and delete bookmarks.
Third, we need to be able to recommend to a user sites that might appeal to her,
based on what we know about her already.
Solution Components
Now that we know the system requirements, we can begin designing the solution and its
components. Let’s look at possible solutions to each of the three main requirements we
listed previously.
User Identification and Personalization
There are several alternatives for user authentication, as we have seen elsewhere in this
book. Because we want to tie a user to some personalization information, we will store
the users’ login and password in a MySQL database and authenticate against that.
If we are going to let users log in with a username and password, we will need the
following components:
n
Users should be able to register a username and password.We will need some
restrictions on the length and format of the username and password.We should
store passwords in an encrypted format for security reasons.
n
Users should be able to log in with the details they supplied in the registration

process.
n
Users should be able to log out when they have finished using a site.This is not
particularly important if people use the site from their home PC, but is very
important for security if they use the site from a shared PC.
n
The site needs to be able to check whether a user is logged in or not, and access
data for a logged-in user.
n
Users should be able to change their password as an aid to security.
n
Users will occasionally forget their passwords.They should be able to reset their
password without needing personal assistance from us. A common way of doing
this is to send the password to the user in an email address he has nominated at
registration.This means we need to store his email address at registration. Because
we store the passwords in an encrypted form and cannot decrypt the original pass-
word,we will actually need to generate a new password, set it, and mail it to the
user.
30 525x ch24 1/24/03 3:36 PM Page 474
475
Solution Overview
We will write functions for all these pieces of functionality. Most of them will be
reusable, or reusable with minor modifications, in other projects.
Storing Bookmarks
To store a user’s bookmarks, we will need to set up some space in our MySQL database.
We will need the following functionality:
n
Users should be able to retrieve and view their bookmarks.
n
Users should be able to add new bookmarks.We should check that these are valid

URLs.
n
Users should be able to delete bookmarks.
Again, we can write functions for each of these pieces of functionality.
Recommending Bookmarks
We could take a number of different approaches to recommending bookmarks to a user.
We could recommend the most popular or the most popular within a topic. For this
project, we are going to implement a “like minds” suggestion system that looks for users
who have a bookmark the same as our logged-in user, and suggests their other book-
marks to our user.To avoid recommending any personal bookmarks, we will only rec-
ommend bookmarks stored by more than one other user.
We can again write a function to implement this functionality.
Solution Overview
After some doodling on napkins, we came up with the system flowchart shown in
Figure 24.1.
Login page
Registration
Forgot
Password?
View BMs
Logout
Change
password
RecommendDelete BMAdd BM
Figure 24.1 This diagram shows the possible
paths through the PHPBookmark system.
30 525x ch24 1/24/03 3:36 PM Page 475
476
Chapter 24 Building User Authentication and Personalization
We’ll build a module for each box on this diagram—some will need one script and oth-

ers, two.We’ll also set up function libraries for
n
User authentication
n
Bookmark storage and retrieval
n
Data validation
n
Database connections
n
Output to the browser.We’ll confine all the HTML production to this function
library, ensuring that visual presentation is consistent throughout the site. (This is
the function API approach to separating logic and content.)
We’ll also need to build a back-end database for the system.
We’ll go through the solution in some detail, but all of the code for this application
can be found on the CD-ROM in the chapter24 directory. A summary of included files
is shown in Table 24.1.
Table 24.1 Files in the PHPBookmark Application
Filename Description
bookmarks.sql SQL statements to create the PHPBookmark database
login.php Front page with login form for system
register_form.php Form for users to register in the system
register_new.php Script to process new registrations
forgot_form.php Form for users to fill out if they’ve forgotten their passwords
forgot_passwd.php Script to reset forgotten passwords
member.php A user’s main page, with a view of all his current bookmarks
add_bm_form.php Form for adding new bookmarks
add_bms.php Script to actually add new bookmarks to the database
delete_bms.php Script to delete selected bookmarks from the user’s list
recommend.php Script to suggest recommendations to a user, based on users

with similar interests
change_passwd_form.php Form for members to fill out if they want to change their
passwords
change_passwd.php Script to change the user’s password in the database
logout.php Script to log a user out of the application
bookmark_fns.php A collection of includes for the application
data_valid_fns.php Functions to validate user-input data
db_fns.php Functions to connect to the database
user_auth_fns.php Functions for user authentication
url_fns.php Functions for adding and deleting bookmarks and for making
recommendations
output_fns.php Functions that format output as HTML
bookmark.gif Logo for PHPBookmark
30 525x ch24 1/24/03 3:36 PM Page 476