Moron Posted August 25, 2006 Share Posted August 25, 2006 Can someone please point me in the right direction on this?I want authentication where an employee enters their employee number and the password is their Social Security number, which of course must match the employee number in the database.I only want this on the front end. Once they're in, they can do pretty much whatever they want. Link to comment https://forums.phpfreaks.com/topic/18638-simple-database-authentication/ Share on other sites More sharing options...
AndyB Posted August 25, 2006 Share Posted August 25, 2006 I use a combination like this:In each content page of the site, this at the top of the script:[code]<?phpsession_start();include("logincheck.php");[/code]logincheck.php looks like this:[code]<?php// logincheck.phpif ($_SESSION['loggedin']!="winner") { include("loginform.php"); die();} else { $user_id = $_SESSION['user_id']; $user_name = $_SESSION['user_name']; $user_email = $_SESSION['user_email'];}?>[/code]loginform.php looks like this:[code]<html><head><title>Login</title><style type="text/css">td,p { font-family:verdana, arial, helvetica, sans-serif; color:#000; background-color:#fff; font-size:12px;}input { border:1px solid #999; background-color:#f4f4f4;}.submit { border:1px solid #000; background-color:#f90;</style></head><body onLoad="document.formname.username.focus();"><form name="formname" method="post" action="login2.php"><table style="border:1px solid #999;"><tr><td>Username</td><td><input type="text" name="username"></td></tr><tr><td>Password</td><td><input type="password" name="userpass"></td></tr><tr><td> </td><td><input type="submit" name="submit" class="submit" value="Log in"></td></tr></table></form></body></html>[/code]And login2.php looks like this:[code]<?phpsession_start();// login part 2include("includes/db-conn.php");$uname = trim(strip_tags($_POST['username']));$upass = trim(strip_tags($_POST['userpass']));mysql_connect($db_host, $db_login, $db_pass) or die ("Can't connect!"); mysql_select_db($db_name) or die ("Can't open database!"); $query = "SELECT * FROM users WHERE binary user_name = '$uname' AND binary user_pass = '$upass'"; $result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);$count = @mysql_numrows($result);if ($count == 1) { $myrow = mysql_fetch_array($result); $_SESSION['loggedin'] = "winner"; $_SESSION['user_id'] = $myrow['id']; $_SESSION['user_name'] = $myrow['user_name']; $_SESSION['user_email'] = $myrow['user_email']; $_SESSION['real_name'] = $myrow['name']; $_SESSION['user_pass'] = $myrow['user_pass']; header("Location:index.php"); die();} else { header("Location:loginform.php"); die();}?>[/code] Link to comment https://forums.phpfreaks.com/topic/18638-simple-database-authentication/#findComment-80314 Share on other sites More sharing options...
devbanana Posted August 25, 2006 Share Posted August 25, 2006 You need a way for each page to specify what kind of permissions a user requires to access that page. If it is the same for the entire application, you could have a central authentication/authorization class, which would be called for every page, to check if the user is logged in or not. I think you could use a front controller for this type of thing.After the user is authenticated, you could have a principal object with their username and role(s). If they aren't authenticated, just assign a principal object specifying a role of anonymous. The authorization component then could check that they have sufficient privileges to access the system.Role definitions:[code=php:0]define('ROLE_ANONYMOUS', 0);define('ROLE_EMPLOYEE', 1);define('ROLE_MANAGER', 2);[/code]Authorization could do something like:[code=php:0]// Ensure user is at least an employee or managerif ($principal->Role & (ROLE_EMPLOYEE | ROLE_MANAGER)){ // Allow access}else{ // Disallow access}[/code] Link to comment https://forums.phpfreaks.com/topic/18638-simple-database-authentication/#findComment-80325 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.