Home arrow MySQL arrow Page 3 - PHP, MySQL and Authentication 101
MYSQL

PHP, MySQL and Authentication 101


Authentication is required by any online admin system. In this article, Havard introduces us to two types of PHP/MySQL authentication: dialogs and forms.

Author Info:
By: Havard Lindset
Rating: 4 stars4 stars4 stars4 stars4 stars / 92
July 07, 2002
TABLE OF CONTENTS:
  1. · PHP, MySQL and Authentication 101
  2. · Authentication 101
  3. · HTTP Authentication (contd.)
  4. · Form Authentication
  5. · Conclusion

print this article
SEARCH DEVARTICLES

PHP, MySQL and Authentication 101 - HTTP Authentication (contd.)
(Page 3 of 5 )

Let's take a closer look at the different parts of this example.

function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h2>Authentication Failure</h2>";
echo "The username and password provided did not work. Please reload this page and try again.";
exit;
}


This function is called when either $PHP_AUTH_USER or $PHP_AUTH_PW isn't set, and when the MySQL query didn't return anything. The first header calls the browser's authentication window, while the second header tells the browser what type of error has occurred. Everything between the last header and "exit;" will be displayed to the user in case the authentication failed, or cancel was pressed in the authentication window.

The realm name must remain the same on all of your pages. If it doesn't, the browser will require authentication for all unvisited realms.

if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users from inserting bogus data.
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);

// Check username and password agains the database.
$result = mysql_query("SELECT count(id) FROM users WHERE password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {
// If there were no matching users, show the login
displayLogin();
}
}


In this code we check if $PHP_AUTH_USER or $PHP_AUTH_PW hasn't been set. If they haven't been set, then we call the displayLogin() function. If both the username and password have been set, we authenticate them against our database. By the way, we're now using the bult-in md5 function in PHP to create a md5 checksum, instead of using the MySQL function.

If the user wasn't found in the database, we call the displayLogin() function.

We use the addslashes() function to escape the variables that are used in the MySQL query. By doing this, we prevent the user from entering bogus data, which in the worst case could cause havoc on your database.

All code below the if construct will only be displayed to authenticated users.

Place the code above in a .php file, and include it in every page you want authentication on. This way you only have to edit one file in case you need to make some changes to the authentication code.

What about logging out?
If you'd like to make a logout function, you can use some PHP code like this:

if ($_REQUEST['logout'] == true) {
// To logout a user, you can just use the displayLogin() function and resend the authentication headers.
displayLogin();
}


By calling the displayLogin() function when the user is already logged in, we cause the browser to display the authentication window, and clear any previous successful authentication. This works on most browsers. To log out with the code above you can add ?logout=true to the URL.

The only problem I can see with this type of authentication is that it's not available in the CGI version of PHP. Although most servers run PHP as a module, some don't, and that would mean trouble for your authentication script. Continue reading to learn another approach.
blog comments powered by Disqus
MYSQL ARTICLES

- MySQL and BLOBs
- Two Lessons in ASP and MySQL
- Lord Of The Strings Part 2
- Lord Of The Strings Part 1
- Importing Data into MySQL with Navicat
- Building a Sustainable Web Site
- Creating An Online Photo Album with PHP and ...
- Creating An Online Photo Album with PHP and ...
- PhpED 3.2 More Features Than You Can Poke ...
- Creating An Online Photo Album with PHP and ...
- Creating An Online Photo Album with PHP and ...
- Security and Sessions in PHP
- Setup Your Personal Reminder System Using PHP
- Create a IP-Country Database Using PERL and ...
- Developing a Dynamic Document Search in PHP ...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials