This snippet allows username/password authentication to be checked against a MYSQL database. The username/password combination could be entered via a form, standard HTTP authentication or a cookie.

By : ramkat

<?php
# This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause
# Report bugs via the zend pages at www.zend.com

# If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password!
# Required - sometimes you want to show a page whether user is logged in or not to know which message to send.

# Password checking via
# 1 Form input
# 2 HTTP input
# 3 Cookie return
# Cookie set at end to last 1 year
# 1 overides 2 overrides 3

# Variables for form:
# f_userID User ID
# f_pass Password
# rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no)


$logged_in = false;

# Function to request http password.

function http_pass(){
GLOBAL $pass_stop;

if ($pass_stop != 1){
$unauthstring = "You did not enter a valid Username/Password combination<p>If
you believe that this is an error, please contact the <a
href=\"mailto:you@somewhere.co.za\">webmaster</a>\n";

Header("WWW-Authenticate: Basic realm=\"Registered users Only\"");
Header("HTTP/1.0 401 Unauthorized");
echo "$unauthstring"; exit;
} # if ($pass_stop == 1)
} # end function http_pass

# set some control variables

$userID = '';
$passwd = '';
$userstat = '';



# Is form variable set?
# if so set process variables and skip http and cookies

if ((isset($f_userID)) && (isset($f_pass))) {
$userID = $f_userID;
$passwd = $f_pass;
$userstat = 1;

} # end ((isset($f_userID) && isset($f_pass))


# Is HTTP variable set?
# if so set process variables and skip cookies


if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) {
$userID = $PHP_AUTH_USER;
$passwd = $PHP_AUTH_PW;
$userstat = 1;

} # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == ''))


# Is Cookie variable set?
# if so set process variables

if (isset($download) && ($userstat == '')) {
$tt1 = explode("|",$download);
$userID = $tt1[0];
$passwd = $tt1[1];
$userstat = 1;

} # end ((isset($download) && ($userstat == ''))

# If no username or password - ask for it! And exit

if ($userstat == '')
{http_pass(); }



# Now we should have a username/password combination
# is it valid??

# Connect to DB
$db = mysql_connect("localhost", "root", "");

if ( mysql_select_db("userDB",$db) ) {
# Connect Ok
;
} else {

echo "Failed to connect to database<p>";exit;};

# get data from DB
$query = "SELECT * FROM users WHERE uname = '$userID'";

$result = mysql_query($query);

if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";};

if ($memberrow = mysql_fetch_array($result)) {

$dbpasswd = $memberrow["passwd"];
$userpasswd = md5($passwd);

if (!$userid) { $userid= $memberrow["uname"]; } ;

if ($dbpasswd != $userpasswd) {http_pass();} #End
if ($dbpasswd == $userpasswd) {$logged_in=true;}


} # End if (!$userid) { $userid= $memberrow["uname"]; }

else

{
http_pass;} #Ende else memberrow


# Now we know who this guy is!

# Set cookie for future
# If not set - did he give permission?
# If set, rewrite with new expiry date

$cookie_value = $userID.'|'.$passwd;

if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days
$download= $cookie_value;
}
?>

#Use this form snippet to provide the user with a login screen.

<?php
include('Code_Above');
# Login insert
?>

<form action="<?php echo $PHP_SELF; ?>" method="POST">
<table border=0 cellpadding=3 cellspacing=3>
<tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr>
<tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr>
<tr><td colspan=2><input type="submit" value="login"></td></tr>
</table>
</form>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

blog comments powered by Disqus