This snippet allows username/password authentication to be checked against a MYSQL database. The username/password combination could be entered via a form, standard HTTP authentication or a cookie.

By : ramkat

<?php
# This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause
# Report bugs via the zend pages at www.zend.com

# If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password!
# Required - sometimes you want to show a page whether user is logged in or not to know which message to send.

# Password checking via
# 1 Form input
# 2 HTTP input
# 3 Cookie return
# Cookie set at end to last 1 year
# 1 overides 2 overrides 3

# Variables for form:
# f_userID User ID
# f_pass Password
# rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no)


$logged_in = false;

# Function to request http password.

function http_pass(){
GLOBAL $pass_stop;

if ($pass_stop != 1){
$unauthstring = "You did not enter a valid Username/Password combination<p>If
you believe that this is an error, please contact the <a
href=\"mailto:you@somewhere.co.za\">webmaster</a>\n";

Header("WWW-Authenticate: Basic realm=\"Registered users Only\"");
Header("HTTP/1.0 401 Unauthorized");
echo "$unauthstring"; exit;
} # if ($pass_stop == 1)
} # end function http_pass

# set some control variables

$userID = '';
$passwd = '';
$userstat = '';



# Is form variable set?
# if so set process variables and skip http and cookies

if ((isset($f_userID)) && (isset($f_pass))) {
$userID = $f_userID;
$passwd = $f_pass;
$userstat = 1;

} # end ((isset($f_userID) && isset($f_pass))


# Is HTTP variable set?
# if so set process variables and skip cookies


if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) {
$userID = $PHP_AUTH_USER;
$passwd = $PHP_AUTH_PW;
$userstat = 1;

} # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == ''))


# Is Cookie variable set?
# if so set process variables

if (isset($download) && ($userstat == '')) {
$tt1 = explode("|",$download);
$userID = $tt1[0];
$passwd = $tt1[1];
$userstat = 1;

} # end ((isset($download) && ($userstat == ''))

# If no username or password - ask for it! And exit

if ($userstat == '')
{http_pass(); }



# Now we should have a username/password combination
# is it valid??

# Connect to DB
$db = mysql_connect("localhost", "root", "");

if ( mysql_select_db("userDB",$db) ) {
# Connect Ok
;
} else {

echo "Failed to connect to database<p>";exit;};

# get data from DB
$query = "SELECT * FROM users WHERE uname = '$userID'";

$result = mysql_query($query);

if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";};

if ($memberrow = mysql_fetch_array($result)) {

$dbpasswd = $memberrow["passwd"];
$userpasswd = md5($passwd);

if (!$userid) { $userid= $memberrow["uname"]; } ;

if ($dbpasswd != $userpasswd) {http_pass();} #End
if ($dbpasswd == $userpasswd) {$logged_in=true;}


} # End if (!$userid) { $userid= $memberrow["uname"]; }

else

{
http_pass;} #Ende else memberrow


# Now we know who this guy is!

# Set cookie for future
# If not set - did he give permission?
# If set, rewrite with new expiry date

$cookie_value = $userID.'|'.$passwd;

if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days
$download= $cookie_value;
}
?>

#Use this form snippet to provide the user with a login screen.

<?php
include('Code_Above');
# Login insert
?>

<form action="<?php echo $PHP_SELF; ?>" method="POST">
<table border=0 cellpadding=3 cellspacing=3>
<tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr>
<tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr>
<tr><td colspan=2><input type="submit" value="login"></td></tr>
</table>
</form>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Rational Talks to You: Scott Ambler on being agile in a global development environment Join this Rational Talks to You teleconference on December 6 at 1:00 pm ET to participate in an agile application development discussion and get your questions answered on using IBM Rational Method Composer in a distributed environment.Get your questions answered! FREE! Go There Now!

NEW! Webcast: Calling All Testers! Find Application Vulnerabilities Early in the Development Process Where they are Easier to Fix and Less Risky to your Business In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information. FREE! Go There Now!

Role of Integrated Requirements Management in Software Delivery As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change. FREE! Go There Now!

NEW! Test terminal-based applications with Rational Functional Tester Regression testing -- in which code is thoroughly tested to ensure that changes have not produced unexpected results -- is an important part of any development process. But many testing environments neglect the terminal-based applications that still form the backbone of many industries. In this tutorial, you'll learn how the Rational Functional Tester Extension for Terminal-Based Applications works with other Rational Functional Tester to help test terminal-based applications quickly and easily. FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

NEW! Harnessing the power of SQL and Java for high performance data access Join this webcast to see how IBM Data Studio Developer and pureQuery can take the pain out of Java data access. uApplications developed using both Java and SQL have become a common requirement. Database connectivity using Java Database Connectivity (JDBC) to create an application is a multi-step tedious process, and tooling that covers both SQL and Java has been unavailable, until now. IBM Data Studio introduces the pureQuery platform: a high-performance, Java data access platform focused on simplifying the tasks of developing, managing, and optimizing database applications and services. FREE! Go There Now!

NEW! Download DB2 9.5 for Linux, Unix, and Windows Download a free trial version of IBM DB2 9.5 for Linux, UNIX, and Windows. DB2 9 is the result of a five-year development project that transformed traditional (static) database technology into an interactive data server that merges the high performance and ease of use of DB2 with the self-describing benefits of XML. FREE! Go There Now!

NEW! Best practices for software analysis: An introduction to the IBM Rational Software Analyzer application This whitepaper presents the benefits of successfully introducing static analysis into your organization using IBM Rational Software Analyzer. Additionally, it identifies some common pitfalls that can hinder the effective use of static analysis tooling as well as presents 10 simple strategies designed to help you quickly realize the value of static analysis using Rational Software Analyzer. FREE! Go There Now!

NEW! IBM Rational Systems Development e-Kit As systems increase in complexity, communication between systems and software teams becomes more and more difficult. Now, there’s a way to improve product quality and communication.<br />Read the “Model Driven Systems Development” white paper to see how. Also included in this kit are more educational white papers, customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems.<br /> FREE! Go There Now!

NEW! Driving Business Success with Rational Process Library Join this webcast, to learn how the Rational Process Library can help with compliance issues, drive process improvement, and assist in service-oriented architecture (SOA) or Agile development. We will take a peek into the Rational Process Library with content around software and systems engineering (including RUP), operations and systems management, program and portfolio management, and asset and SOA governance. FREE! Go There Now!

All FREE IBM® developerWorks Tools!