User Authentication for a PEAR CMS

(Page 1 of 4 )

Welcome to the fifth part of a twelve-part series on building a content management system in PEAR. In the last article we looked at some of the application-wide scripts, in other words, scripts that are used by all of the application. In this article we will explore some of the scripts that deal with different sections of the entire application.

User authentication

User authentication in an application such as this is necessary because it provides a way to keep track of who uses the application. It can also be understood as a security measure because you do not want just anyone to use the application and make changes. To make sure that a user is authenticated, we require a password and username. This by implication means that anyone who wants to use this content management system needs to be registered and already be in the database.

The process of authentication works as follows: the user is presented with a HTML form that collects all the required information, which in this case is the username and password. This information is then used to match against information that is held in a database. If the information is also found in the database, the user exists, so we let them to use the CMS; otherwise, the user is returned to the login page. Below is the relevant code:

<?php

ob_start();

session_start();

$err=false;

$error="";

//check if form is submitted

if(isset($_POST['key'])){

//make sure fields are not empty

if(empty($_POST['uname'])){

$err=true;

$error="Please enter a username.<br>";

}

if(empty($_POST['upass'])){

$err=true;

$error .="Please enter a password.<br>";

}

//make sure fields are string

if(is_numeric($_POST['uname'])){

$err=true;

$error .="The username you entered has a invalid format.<br>";

}

if(is_numeric($_POST['upass'])){

$err=true;

$error .="The password that you entered has an invalid format<br>.";

}

//***************************************************************

if(!$err){

include 'db.php';

include 'connx.php';

$username=mysql_real_escape_string($_POST['uname']);

$pw=mysql_real_escape_string($_POST['upass']);

$sql = "SELECT * FROM users WHERE uname='".$username."' AND upass='".$pw."'";

$res = $db->query($sql);

if (DB::isError($res)) {

die($res->getMessage());

}

//***********************************************************

if($res){

while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {

$level=$row->level;

}//end while loop

//******************************************Set up Session vars

//user exists, setup session vars

$_SESSION['author_name'] = $username;

$_SESSION['level']=$level;

header("location:main.php");

}//end res check

else{

//user does not exist

$error = "Your login details did not match";

}

}//end err check

}//end submit

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<script language="javascript" type="text/javascript">

function checkform(pform1){

if(pform1.uname.value==""){

alert("Please enter a username")

pform1.uname.focus()

return false

}

if(pform1.upass.value==""){

alert("Please enter a password")

pform1.pw.focus()

return false

}

if(pform1.pw.value=="" && pform1.uname.value==""){

alert("Please make sure that you have entered your username and password")

return false

}

return true

}

</script>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->

<link href="Templates/pear.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0" class="bord">

<tr class="header1">

<td colspan="2"><div align="center">Content Management System </div></td>

</tr>

<tr>

<td width="5%" valign="top"><!-- InstanceBeginEditable name="EditRegion4" --><!-- InstanceEndEditable --></td>

<td width="95%" valign="top"><!-- InstanceBeginEditable name="EditRegion3" -->

<form action="login.php" method="post" onSubmit="return checkform(this)">>

<table width="100%" border="0">

<tr>

<td colspan="2"><?php if($error){

echo $error;

}?></td>

</tr>

<tr>

<td width="15%"><strong>Username</strong></td>

<td width="85%"><label>

<input name="uname" type="text" size="40" value="david"/>

</label></td>

</tr>

<tr>

<td><strong>Password</strong></td>

<td><label>

<input name="upass" type="password" value="pass" size="40" />

<input type="hidden" name="key" />

</label></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><label>

<input type="submit" name="Submit" value="Login" />

</label></td>

</tr>

</table>

 

 

</form>

<!-- InstanceEndEditable --></td>

</tr>

 

<tr class="copy">

<td colspan="2">&copy;2008</td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>

Next: Code Explained >>
 

More PEAR Articles Articles
More By David Web

Comments On: User Authentication for a PEAR CMS

>>> Be the FIRST to comment on this article!