Writing a Basic Authentication System in PHP - Processing the Login
(Page 4 of 6 )
The actual authentication can take place once we have the user's login ID and password. We need to encrypt or hash the password the same way it was initially done.
With the ID and password value, we can query the database for any matching records. The following SQL statement is designed to return records where the login ID and password hash match.
SELECT * FROM Users WHERE User = '$user' AND Password = '$pass'
If the query returns a record set then the login credentials are valid and the user may have access to the protected information. If the query fails to return a record then the credentials are invalid and access is denied.
The validate.php script that would accomplish all of that might resemble the following:
<?php /* get the incoming ID and password hash */ $user = $_POST["userid"]; $pass = sha1($_POST["password"]);
/* establish a connection with the database */ $server = mysql_connect("localhost", "mysql_user", "mysql_password"); if (!$server) die(mysql_error()); mysql_select_db("myDatabase");
/* SQL statement to query the database */ $query = "SELECT * FROM Users WHERE User = '$user' AND Password = '$pass'";
/* query the database */ $result = mysql_query($query);
/* Allow access if a matching record was found, else deny access. */ if (mysql_fetch_row($result)) echo "Access Granted: Welcome, $user!"; else echo "Access Denied: Invalid Credentials.";
mysql_close($server); ?>
Instead of simply echoing "Access Granted" or "Access Denied" as shown here, your script can set cookies or start sessions, redirect the user to the login form or perform whatever else is needed.
/ 18 