Home arrow MySQL arrow Page 2 - PHP, MySQL and Authentication 101
MYSQL

PHP, MySQL and Authentication 101


Authentication is required by any online admin system. In this article, Havard introduces us to two types of PHP/MySQL authentication: dialogs and forms.

Author Info:
By: Havard Lindset
Rating: 4 stars4 stars4 stars4 stars4 stars / 92
July 07, 2002
TABLE OF CONTENTS:
  1. · PHP, MySQL and Authentication 101
  2. · Authentication 101
  3. · HTTP Authentication (contd.)
  4. · Form Authentication
  5. · Conclusion

print this article
SEARCH DEVARTICLES

PHP, MySQL and Authentication 101 - Authentication 101
(Page 2 of 5 )

We will be making use of a MySQL database to store the usernames and passwords of our authenticated users. Firstly we will have to set up the database and it's respective tables. Run this set of commands through the MySQL console application:

CREATE DATABASE mydatabase;
USE mydatabase;

CREATE TABLE users {
userId SMALLINT(3) UNSIGNED NOT NULL AUTO_INCREMENT,
userName VARCHAR(30) NOT NULL,
userPass VARCHAR(32) NOT NULL,
PRIMARY KEY (userId),
UNIQUE KEY username (username)
}


The code above creates a database containing a table named users. We made the userName column a unique key to prevent having two users with the same username. Let's insert a user into the database, so we have something to authenticate against:

INSERT INTO users (userName, userPass) VALUES ('testUser', MD5('testPass'));

You may want to change the values for the username and password. The MD5() function is a built-in MySQL function, which calculates a 128 bit checksum for the provided string. The returned string is 32 characters long, hence we used VARCHAR(32) for the userPass column. We will be using this table through the whole article.

Now that we've created the database, table and a user, we can continue. 

You should have PHP version 4.1.0 or above. If you have an earlier version you'll have to rewrite some of the code. This is because I'm using super global arrays such as $_SESSION and $_SERVER, which were introduced in PHP version 4.1.0.

HTTP Authentication
If PHP is installed as an Apache module, thene you can use PHP's HTTP Authentication hook to pop up a username/password authentication window in the browser. This is done by sending some special parameters in the header() function. When the user has filled in both the username and password fields, the values can be accessed within a PHP script using the variables $PHP_AUTH_USER and $PHP_AUTH_PW.

Remember that this type of authentication only works when PHP is installed as an apache-module, which means that if you are using the CGI version, you can skim through this part of the article as we'll be discussing authentication through forms on the next page.

Let's take a look at some sample code:

<?PHP

function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h2>Authentication Failure</h2>";
echo "The username and password provided did not work. Please reload this page and try again.";
exit;
}

$db = mysql_connect('localhost','dbuser','dbpass') or die("Couldn't connect to the database.");
mysql_select_db('dbname') or die("Couldn't select the database");

if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users from inserting bogus data.
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);

// Check username and password agains the database.
$result = mysql_query("SELECT count(id) FROM users WHERE password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {
// If there were no matching users, show the login
displayLogin();
}
}

// All code/html below will only be displayed to authenticated users.

echo "Congratulations! You're now authenticated.";

?>


The code above produces a dialog authentication window, which looks like this:

The authentication dialog
blog comments powered by Disqus
MYSQL ARTICLES

- MySQL and BLOBs
- Two Lessons in ASP and MySQL
- Lord Of The Strings Part 2
- Lord Of The Strings Part 1
- Importing Data into MySQL with Navicat
- Building a Sustainable Web Site
- Creating An Online Photo Album with PHP and ...
- Creating An Online Photo Album with PHP and ...
- PhpED 3.2 More Features Than You Can Poke ...
- Creating An Online Photo Album with PHP and ...
- Creating An Online Photo Album with PHP and ...
- Security and Sessions in PHP
- Setup Your Personal Reminder System Using PHP
- Create a IP-Country Database Using PERL and ...
- Developing a Dynamic Document Search in PHP ...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials