Jump to content


Simple database authentication?

  • Please log in to reply
2 replies to this topic

#1 Moron

  • Members
  • PipPipPip
  • Advanced Member
  • 368 posts

Posted 25 August 2006 - 12:47 PM

Can someone please point me in the right direction on this?

I want authentication where an employee enters their employee number and the password is their Social Security number, which of course must match the employee number in the database.

I only want this on the front end. Once they're in, they can do pretty much whatever they want.

#2 AndyB

  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 25 August 2006 - 01:03 PM

I use a combination like this:

In each content page of the site, this at the top of the script:


logincheck.php looks like this:

// logincheck.php
if ($_SESSION['loggedin']!="winner") {
} else {
	$user_id = $_SESSION['user_id'];
	$user_name = $_SESSION['user_name'];
	$user_email = $_SESSION['user_email'];

loginform.php looks like this:

<style type="text/css">
td,p {
	font-family:verdana, arial, helvetica, sans-serif;
input {
	border:1px solid #999;
.submit {
	border:1px solid #000;
<body onLoad="document.formname.username.focus();">

<form name="formname" method="post" action="login2.php">
<table style="border:1px solid #999;">
<td><input type="text" name="username"></td>
<td><input type="password" name="userpass"></td>
<td><input type="submit" name="submit" class="submit" value="Log in"></td>

And login2.php looks like this:

// login part 2
$uname = trim(strip_tags($_POST['username']));
$upass = trim(strip_tags($_POST['userpass']));

mysql_connect($db_host, $db_login, $db_pass) or die ("Can't connect!"); 
mysql_select_db($db_name) or die ("Can't open database!"); 

$query = "SELECT * FROM users WHERE binary user_name = '$uname' AND binary user_pass = '$upass'"; 
$result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);
$count = @mysql_numrows($result);
if ($count == 1) {
	$myrow = mysql_fetch_array($result);
	$_SESSION['loggedin'] = "winner";
	$_SESSION['user_id'] = $myrow['id'];
	$_SESSION['user_name'] = $myrow['user_name'];
	$_SESSION['user_email'] = $myrow['user_email'];
	$_SESSION['real_name'] = $myrow['name'];
	$_SESSION['user_pass'] = $myrow['user_pass'];

} else {

Legend has it that reading the manual never killed anyone.
My site

#3 devbanana

  • Members
  • PipPip
  • Member
  • 18 posts
  • LocationI don't know, but all I can see is this computer...

Posted 25 August 2006 - 01:30 PM

You need a way for each page to specify what kind of permissions a user requires to access that page. If it is the same for the entire application, you could have a central authentication/authorization class, which would be called for every page, to check if the user is logged in or not. I think you could use a front controller for this type of thing.

After the user is authenticated, you could have a principal object with their username and role(s). If they aren't authenticated, just assign a principal object specifying a role of anonymous. The authorization component then could check that they have sufficient privileges to access the system.

Role definitions:
define('ROLE_ANONYMOUS', 0);
define('ROLE_EMPLOYEE', 1);
define('ROLE_MANAGER', 2);

Authorization could do something like:

// Ensure user is at least an employee or manager
if ($principal->Role & (ROLE_EMPLOYEE | ROLE_MANAGER))
    // Allow access
    // Disallow access

Programming in PHP since 1882. Oh wait, computers weren't around that long, huh....
Hey, while we're here, would you mind giving me some suggestions on my PHP framework?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users