Moron Posted August 25, 2006 Share Posted August 25, 2006 Can someone please point me in the right direction on this?I want authentication where an employee enters their employee number and the password is their Social Security number, which of course must match the employee number in the database.I only want this on the front end. Once they're in, they can do pretty much whatever they want. Quote Link to comment Share on other sites More sharing options...
AndyB Posted August 25, 2006 Share Posted August 25, 2006 I use a combination like this:In each content page of the site, this at the top of the script:[code]<?phpsession_start();include("logincheck.php");[/code]logincheck.php looks like this:[code]<?php// logincheck.phpif ($_SESSION['loggedin']!="winner") { include("loginform.php"); die();} else { $user_id = $_SESSION['user_id']; $user_name = $_SESSION['user_name']; $user_email = $_SESSION['user_email'];}?>[/code]loginform.php looks like this:[code]<html><head><title>Login</title><style type="text/css">td,p { font-family:verdana, arial, helvetica, sans-serif; color:#000; background-color:#fff; font-size:12px;}input { border:1px solid #999; background-color:#f4f4f4;}.submit { border:1px solid #000; background-color:#f90;</style></head><body onLoad="document.formname.username.focus();"><form name="formname" method="post" action="login2.php"><table style="border:1px solid #999;"><tr><td>Username</td><td><input type="text" name="username"></td></tr><tr><td>Password</td><td><input type="password" name="userpass"></td></tr><tr><td> </td><td><input type="submit" name="submit" class="submit" value="Log in"></td></tr></table></form></body></html>[/code]And login2.php looks like this:[code]<?phpsession_start();// login part 2include("includes/db-conn.php");$uname = trim(strip_tags($_POST['username']));$upass = trim(strip_tags($_POST['userpass']));mysql_connect($db_host, $db_login, $db_pass) or die ("Can't connect!"); mysql_select_db($db_name) or die ("Can't open database!"); $query = "SELECT * FROM users WHERE binary user_name = '$uname' AND binary user_pass = '$upass'"; $result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);$count = @mysql_numrows($result);if ($count == 1) { $myrow = mysql_fetch_array($result); $_SESSION['loggedin'] = "winner"; $_SESSION['user_id'] = $myrow['id']; $_SESSION['user_name'] = $myrow['user_name']; $_SESSION['user_email'] = $myrow['user_email']; $_SESSION['real_name'] = $myrow['name']; $_SESSION['user_pass'] = $myrow['user_pass']; header("Location:index.php"); die();} else { header("Location:loginform.php"); die();}?>[/code] Quote Link to comment Share on other sites More sharing options...
devbanana Posted August 25, 2006 Share Posted August 25, 2006 You need a way for each page to specify what kind of permissions a user requires to access that page. If it is the same for the entire application, you could have a central authentication/authorization class, which would be called for every page, to check if the user is logged in or not. I think you could use a front controller for this type of thing.After the user is authenticated, you could have a principal object with their username and role(s). If they aren't authenticated, just assign a principal object specifying a role of anonymous. The authorization component then could check that they have sufficient privileges to access the system.Role definitions:[code=php:0]define('ROLE_ANONYMOUS', 0);define('ROLE_EMPLOYEE', 1);define('ROLE_MANAGER', 2);[/code]Authorization could do something like:[code=php:0]// Ensure user is at least an employee or managerif ($principal->Role & (ROLE_EMPLOYEE | ROLE_MANAGER)){ // Allow access}else{ // Disallow access}[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.