Introduction to authentication and explaining the difference between authentication and authorization as this is something that many people confuse.
HTTP Status codes also help you show if a user is unauthenticated or unauthorized. These come from using 401 Unauthorized and 403 Forbidden HTTP Status codes, however, they are a little misleading. 401 Unauthorized actually means the user is not authenticated while 403 Forbidden means the user is not authorized to perform the action they are trying to do.
Understanding 403 Forbidden
Course: HTTP Basics
[SOUND] Hi I'm Alena. 0:00 When you start building sites that rely on user participation, you need a way to keep 0:06 your data safe and secure whether that participation includes purchasing 0:11 products or providing products to sell, leaving comments or providing stories. 0:15 You need to manage who has access to what. 0:21 This management is handled through authentication and authorization. 0:23 The difference between authentication and 0:28 authorization can be a little confusing when starting out. 0:30 Authentication is the process of identifying who you are. 0:34 There are many ways to authenticate yourself and not only on the web. 0:38 Since this course is about user authentication with PHP, 0:42 the most common authentication is username and password. 0:45 But you're around authentication all the time. 0:49 If you want to travel on an airplane, you'll be required to identify 0:52 who you are in the form of a passport or other accepted identification. 0:56 This is a different, non web form of authentication. 1:00 Authorization is the process of verifying that you have 1:05 access to what you're trying to do. 1:08 When authorizing a user with PHP, this can mean allowing an authenticated user 1:10 access to an administration dashboard. 1:16 Let's look at this in a little different way. 1:19 You are the tenant of an apartment building with nine other people. 1:22 In order to authenticate yourself to show that you're allowed in the building, 1:26 you're given a key card. 1:30 This key card identifies who you are and allows you into the main building. 1:32 This is the authentication part of the system. 1:37 Now that you have authenticated yourself and 1:40 are in the building, you are presented with ten doors. 1:42 Your key card only allows you into a single door, your apartment. 1:46 This is the authorization part. 1:50 You are authorized to enter only one of the ten doors. 1:53 Hopefully now, 1:57 you're able to see the difference between authentication and authorization. 1:58 With this knowledge, let's continue on to an overview of the application that 2:02 we'll be writing for both authentication and authorization of our users. 2:06
You need to sign up for Treehouse in order to download course files.Sign up