Jump to content


Photo

Simple database authentication?


  • Please log in to reply
2 replies to this topic

#1 Moron

Moron
  • Members
  • PipPipPip
  • Advanced Member
  • 368 posts

Posted 25 August 2006 - 12:47 PM

Can someone please point me in the right direction on this?

I want authentication where an employee enters their employee number and the password is their Social Security number, which of course must match the employee number in the database.

I only want this on the front end. Once they're in, they can do pretty much whatever they want.



#2 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 25 August 2006 - 01:03 PM

I use a combination like this:

In each content page of the site, this at the top of the script:

<?php
session_start();
include("logincheck.php");

logincheck.php looks like this:

<?php
// logincheck.php
if ($_SESSION['loggedin']!="winner") {
   include("loginform.php");
   die();
} else {
	$user_id = $_SESSION['user_id'];
	$user_name = $_SESSION['user_name'];
	$user_email = $_SESSION['user_email'];
}
?>

loginform.php looks like this:

<html>
<head>
<title>Login</title>
<style type="text/css">
td,p {
	font-family:verdana, arial, helvetica, sans-serif;
	color:#000;
	background-color:#fff;
	font-size:12px;
}
input {
	border:1px solid #999;
	background-color:#f4f4f4;
}
.submit {
	border:1px solid #000;
	background-color:#f90;
</style>
</head>
<body onLoad="document.formname.username.focus();">

<form name="formname" method="post" action="login2.php">
<table style="border:1px solid #999;">
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="userpass"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" class="submit" value="Log in"></td>
</tr>
</table>
</form>
</body>
</html>

And login2.php looks like this:

<?php
session_start();
// login part 2
include("includes/db-conn.php");
$uname = trim(strip_tags($_POST['username']));
$upass = trim(strip_tags($_POST['userpass']));

mysql_connect($db_host, $db_login, $db_pass) or die ("Can't connect!"); 
mysql_select_db($db_name) or die ("Can't open database!"); 

$query = "SELECT * FROM users WHERE binary user_name = '$uname' AND binary user_pass = '$upass'"; 
$result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);
$count = @mysql_numrows($result);
if ($count == 1) {
	$myrow = mysql_fetch_array($result);
	$_SESSION['loggedin'] = "winner";
	$_SESSION['user_id'] = $myrow['id'];
	$_SESSION['user_name'] = $myrow['user_name'];
	$_SESSION['user_email'] = $myrow['user_email'];
	$_SESSION['real_name'] = $myrow['name'];
	$_SESSION['user_pass'] = $myrow['user_pass'];

	header("Location:index.php");
	die();
} else {
	header("Location:loginform.php");
	die();
}
?>

Legend has it that reading the manual never killed anyone.
My site

#3 devbanana

devbanana
  • Members
  • PipPip
  • Member
  • 18 posts
  • LocationI don't know, but all I can see is this computer...

Posted 25 August 2006 - 01:30 PM

You need a way for each page to specify what kind of permissions a user requires to access that page. If it is the same for the entire application, you could have a central authentication/authorization class, which would be called for every page, to check if the user is logged in or not. I think you could use a front controller for this type of thing.

After the user is authenticated, you could have a principal object with their username and role(s). If they aren't authenticated, just assign a principal object specifying a role of anonymous. The authorization component then could check that they have sufficient privileges to access the system.

Role definitions:
define('ROLE_ANONYMOUS', 0);
define('ROLE_EMPLOYEE', 1);
define('ROLE_MANAGER', 2);

Authorization could do something like:

// Ensure user is at least an employee or manager
if ($principal->Role & (ROLE_EMPLOYEE | ROLE_MANAGER))
{
    // Allow access
}
else
{
    // Disallow access
}

Programming in PHP since 1882. Oh wait, computers weren't around that long, huh....
Hey, while we're here, would you mind giving me some suggestions on my PHP framework?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users