Jump to content

Simple database authentication?


Moron

Recommended Posts

Can someone please point me in the right direction on this?

I want authentication where an employee enters their employee number and the password is their Social Security number, which of course must match the employee number in the database.

I only want this on the front end. Once they're in, they can do pretty much whatever they want.

Link to comment
Share on other sites

I use a combination like this:

In each content page of the site, this at the top of the script:

[code]<?php
session_start();
include("logincheck.php");[/code]

logincheck.php looks like this:

[code]<?php
// logincheck.php
if ($_SESSION['loggedin']!="winner") {
  include("loginform.php");
  die();
} else {
$user_id = $_SESSION['user_id'];
$user_name = $_SESSION['user_name'];
$user_email = $_SESSION['user_email'];
}
?>[/code]

loginform.php looks like this:

[code]<html>
<head>
<title>Login</title>
<style type="text/css">
td,p {
font-family:verdana, arial, helvetica, sans-serif;
color:#000;
background-color:#fff;
font-size:12px;
}
input {
border:1px solid #999;
background-color:#f4f4f4;
}
.submit {
border:1px solid #000;
background-color:#f90;
</style>
</head>
<body onLoad="document.formname.username.focus();">

<form name="formname" method="post" action="login2.php">
<table style="border:1px solid #999;">
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="userpass"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" class="submit" value="Log in"></td>
</tr>
</table>
</form>
</body>
</html>[/code]

And login2.php looks like this:

[code]<?php
session_start();
// login part 2
include("includes/db-conn.php");
$uname = trim(strip_tags($_POST['username']));
$upass = trim(strip_tags($_POST['userpass']));

mysql_connect($db_host, $db_login, $db_pass) or die ("Can't connect!");
mysql_select_db($db_name) or die ("Can't open database!");

$query = "SELECT * FROM users WHERE binary user_name = '$uname' AND binary user_pass = '$upass'";
$result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);
$count = @mysql_numrows($result);
if ($count == 1) {
$myrow = mysql_fetch_array($result);
$_SESSION['loggedin'] = "winner";
$_SESSION['user_id'] = $myrow['id'];
$_SESSION['user_name'] = $myrow['user_name'];
$_SESSION['user_email'] = $myrow['user_email'];
$_SESSION['real_name'] = $myrow['name'];
$_SESSION['user_pass'] = $myrow['user_pass'];

header("Location:index.php");
die();
} else {
header("Location:loginform.php");
die();
}
?>[/code]
Link to comment
Share on other sites

You need a way for each page to specify what kind of permissions a user requires to access that page. If it is the same for the entire application, you could have a central authentication/authorization class, which would be called for every page, to check if the user is logged in or not. I think you could use a front controller for this type of thing.

After the user is authenticated, you could have a principal object with their username and role(s). If they aren't authenticated, just assign a principal object specifying a role of anonymous. The authorization component then could check that they have sufficient privileges to access the system.

Role definitions:
[code=php:0]define('ROLE_ANONYMOUS', 0);
define('ROLE_EMPLOYEE', 1);
define('ROLE_MANAGER', 2);[/code]

Authorization could do something like:

[code=php:0]// Ensure user is at least an employee or manager
if ($principal->Role & (ROLE_EMPLOYEE | ROLE_MANAGER))
{
    // Allow access
}
else
{
    // Disallow access
}[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.