29 525x ch23 1/24/03 2:56 PM Page 472 24 Building User Authentication and Personalization IN THIS PROJECT ,WE ’LL GET USERS to register at our Web site.When they’ve done that, we’ll be able to keep track of what they’re interested in and show them appropriate con- tent.This is called user personalization. This particular project will enable users to build a set of bookmarks on the Web and suggest other links they might find interesting based on their past behavior. More gener- ally, user personalization can be used in almost any Web-based application to show users the content they want in the format in which they want it. In this project, and the others to follow, we’ll start by looking at a set of requirements similar to those you might get from a client.We’ll develop those requirements into a set of solution components, build a design to connect those components together, and then implement each of the components. In this project, we will implement the following functionality: n Logging in and authenticating users n Managing passwords n Recording user preferences n Personalizing content n Recommending content based on existing knowledge about a user The Problem We want to build a prototype for an online bookmarking system, to be called PHPBookmark, similar (but more limited in functionality) to that available at Backflip: http://backflip.com 30 525x ch24 1/24/03 3:36 PM Page 473 474 Chapter 24 Building User Authentication and Personalization Our system should enable users to log in and store their personal bookmarks and to get recommendations for other sites that they might like to visit based on their personal preferences. These solution requirements fall into three main buckets. First, we need to be able to identify individual users.We should also have some way of authenticating them. Second, we need to be able to store bookmarks for an individual user. Users should be able to add and delete bookmarks. Third, we need to be able to recommend to a user sites that might appeal to her, based on what we know about her already. Solution Components Now that we know the system requirements, we can begin designing the solution and its components. Let’s look at possible solutions to each of the three main requirements we listed previously. User Identification and Personalization There are several alternatives for user authentication, as we have seen elsewhere in this book. Because we want to tie a user to some personalization information, we will store the users’ login and password in a MySQL database and authenticate against that. If we are going to let users log in with a username and password, we will need the following components: n Users should be able to register a username and password.We will need some restrictions on the length and format of the username and password.We should store passwords in an encrypted format for security reasons. n Users should be able to log in with the details they supplied in the registration process. n Users should be able to log out when they have finished using a site.This is not particularly important if people use the site from their home PC, but is very important for security if they use the site from a shared PC. n The site needs to be able to check whether a user is logged in or not, and access data for a logged-in user. n Users should be able to change their password as an aid to security. n Users will occasionally forget their passwords.They should be able to reset their password without needing personal assistance from us. A common way of doing this is to send the password to the user in an email address he has nominated at registration.This means we need to store his email address at registration. Because we store the passwords in an encrypted form and cannot decrypt the original pass- word,we will actually need to generate a new password, set it, and mail it to the user. 30 525x ch24 1/24/03 3:36 PM Page 474 475 Solution Overview We will write functions for all these pieces of functionality. Most of them will be reusable, or reusable with minor modifications, in other projects. Storing Bookmarks To store a user’s bookmarks, we will need to set up some space in our MySQL database. We will need the following functionality: n Users should be able to retrieve and view their bookmarks. n Users should be able to add new bookmarks.We should check that these are valid URLs. n Users should be able to delete bookmarks. Again, we can write functions for each of these pieces of functionality. Recommending Bookmarks We could take a number of different approaches to recommending bookmarks to a user. We could recommend the most popular or the most popular within a topic. For this project, we are going to implement a “like minds” suggestion system that looks for users who have a bookmark the same as our logged-in user, and suggests their other book- marks to our user.To avoid recommending any personal bookmarks, we will only rec- ommend bookmarks stored by more than one other user. We can again write a function to implement this functionality. Solution Overview After some doodling on napkins, we came up with the system flowchart shown in Figure 24.1. Login page Registration Forgot Password? View BMs Logout Change password RecommendDelete BMAdd BM Figure 24.1 This diagram shows the possible paths through the PHPBookmark system. 30 525x ch24 1/24/03 3:36 PM Page 475 476 Chapter 24 Building User Authentication and Personalization We’ll build a module for each box on this diagram—some will need one script and oth- ers, two.We’ll also set up function libraries for n User authentication n Bookmark storage and retrieval n Data validation n Database connections n Output to the browser.We’ll confine all the HTML production to this function library, ensuring that visual presentation is consistent throughout the site. (This is the function API approach to separating logic and content.) We’ll also need to build a back-end database for the system. We’ll go through the solution in some detail, but all of the code for this application can be found on the CD-ROM in the chapter24 directory. A summary of included files is shown in Table 24.1. Table 24.1 Files in the PHPBookmark Application Filename Description bookmarks.sql SQL statements to create the PHPBookmark database login.php Front page with login form for system register_form.php Form for users to register in the system register_new.php Script to process new registrations forgot_form.php Form for users to fill out if they’ve forgotten their passwords forgot_passwd.php Script to reset forgotten passwords member.php A user’s main page, with a view of all his current bookmarks add_bm_form.php Form for adding new bookmarks add_bms.php Script to actually add new bookmarks to the database delete_bms.php Script to delete selected bookmarks from the user’s list recommend.php Script to suggest recommendations to a user, based on users with similar interests change_passwd_form.php Form for members to fill out if they want to change their passwords change_passwd.php Script to change the user’s password in the database logout.php Script to log a user out of the application bookmark_fns.php A collection of includes for the application data_valid_fns.php Functions to validate user-input data db_fns.php Functions to connect to the database user_auth_fns.php Functions for user authentication url_fns.php Functions for adding and deleting bookmarks and for making recommendations output_fns.php Functions that format output as HTML bookmark.gif Logo for PHPBookmark 30 525x ch24 1/24/03 3:36 PM Page 476 . application bookmark_fns .php A collection of includes for the application data_valid_fns .php Functions to validate user-input data db_fns .php Functions to connect to the database user_auth_fns .php Functions. authentication url_fns .php Functions for adding and deleting bookmarks and for making recommendations output_fns .php Functions that format output as HTML bookmark.gif Logo for PHPBookmark 30 525x. have a bookmark the same as our logged-in user, and suggests their other book- marks to our user.To avoid recommending any personal bookmarks, we will only rec- ommend bookmarks stored by more than