This snippet allows username/password authentication to be checked against a MYSQL database. The username/password combination could be entered via a form, standard HTTP authentication or a cookie.
By : ramkat
<?php
# This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause
# Report bugs via the zend pages at www.zend.com
# If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password!
# Required - sometimes you want to show a page whether user is logged in or not to know which message to send.
# Password checking via
# 1 Form input
# 2 HTTP input
# 3 Cookie return
# Cookie set at end to last 1 year
# 1 overides 2 overrides 3
# Variables for form:
# f_userID User ID
# f_pass Password
# rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no)
$logged_in = false;
# Function to request http password.
function http_pass(){
GLOBAL $pass_stop;
if ($pass_stop != 1){
$unauthstring = "You did not enter a valid Username/Password combination<p>If
you believe that this is an error, please contact the <a
href=\"mailto:you@somewhere.co.za\">webmaster</a>\n";
Header("WWW-Authenticate: Basic realm=\"Registered users Only\"");
Header("HTTP/1.0 401 Unauthorized");
echo "$unauthstring"; exit;
} # if ($pass_stop == 1)
} # end function http_pass
# set some control variables
$userID = '';
$passwd = '';
$userstat = '';
# Is form variable set?
# if so set process variables and skip http and cookies
if ((isset($f_userID)) && (isset($f_pass))) {
$userID = $f_userID;
$passwd = $f_pass;
$userstat = 1;
} # end ((isset($f_userID) && isset($f_pass))
# Is HTTP variable set?
# if so set process variables and skip cookies
if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) {
$userID = $PHP_AUTH_USER;
$passwd = $PHP_AUTH_PW;
$userstat = 1;
} # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == ''))
# Is Cookie variable set?
# if so set process variables
if (isset($download) && ($userstat == '')) {
$tt1 = explode("|",$download);
$userID = $tt1[0];
$passwd = $tt1[1];
$userstat = 1;
} # end ((isset($download) && ($userstat == ''))
# If no username or password - ask for it! And exit
if ($userstat == '')
{http_pass(); }
# Now we should have a username/password combination
# is it valid??
# Connect to DB
$db = mysql_connect("localhost", "root", "");
if ( mysql_select_db("userDB",$db) ) {
# Connect Ok
;
} else {
echo "Failed to connect to database<p>";exit;};
# get data from DB
$query = "SELECT * FROM users WHERE uname = '$userID'";
$result = mysql_query($query);
if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";};
if ($memberrow = mysql_fetch_array($result)) {
$dbpasswd = $memberrow["passwd"];
$userpasswd = md5($passwd);
if (!$userid) { $userid= $memberrow["uname"]; } ;
if ($dbpasswd != $userpasswd) {http_pass();} #End
if ($dbpasswd == $userpasswd) {$logged_in=true;}
} # End if (!$userid) { $userid= $memberrow["uname"]; }
else
{
http_pass;} #Ende else memberrow
# Now we know who this guy is!
# Set cookie for future
# If not set - did he give permission?
# If set, rewrite with new expiry date
$cookie_value = $userID.'|'.$passwd;
if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days
$download= $cookie_value;
}
?>
#Use this form snippet to provide the user with a login screen.
<?php
include('Code_Above');
# Login insert
?>
<form action="<?php echo $PHP_SELF; ?>" method="POST">
<table border=0 cellpadding=3 cellspacing=3>
<tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr>
<tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr>
<tr><td colspan=2><input type="submit" value="login"></td></tr>
</table>
</form>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
Learn field-tested SOA principles, methodology, technology and implementation from the global SOA market leader - in a new e-book by an IBM SOA expert. Written by IBM Certified SOA Solution Designer Bobby Woolf, "Exploring IBM SOA Technology & Practice" is the ultimate insider's guide to SOA - a PDF e-book packed cover to cover with IBM's specific advice on how to make your SOA implementation a success.
FREE! Go There Now!
|
|
|
|
Download the Rational Application Developer (RAD) v7.5 open beta code and start developing applications for the JEE5 standard which features EJB3.0, JPA, JSF 1.2, JSP 2.1 and Servlet 2.5 standards. When you use this beta you will see how you can increase developer productivity for already existing applications with improved support for refactoring, as well as adding new features to existing applications. In addition, the beta provides tooling for JD Edwards, Oracle, SAP, Siebel and PeopleSoft to improve the developer productivity with these enterprise systems.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of WebSphere Business Modeler Advanced V6.1.1, IBM’s premier business process modeling and analysis tool for business users that offers process modeling, simulation, and analysis capabilities. IBM WebSphere Business Modeler helps you visualize, understand, and document business processes for continuous improvement.
FREE! Go There Now!
|
|
|
|
Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started.
FREE! Go There Now!
|
|
|
|
XML has become a common way of storing business data as flat files and many data server vendors including IBM have provided ways to store this data within relational database systems. Increasingly collections of XML files are accessed like databases using an xQuery and other XML standard mechanisms. Businesses find the need to combine the traditional tabular structured data with XML formatted data. In this webcast, you’ll learn about IBM’s WebSphere Federation Server technology, which provides users with the ability to integrate these two data formats.
FREE! Go There Now!
|
|
|
|
Rational Modeling Extension for Microsoft .NET enhances usability for code generation supporting a more intelligent refactoring. The latest enhancements enable organizations with Java and .NET systems and software development maintain architectural integrity across heterogeneous platforms.
FREE! Go There Now!
|
|
|
|
Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components.
FREE! Go There Now!
|
|
|
|
Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
FREE! Go There Now!
|
|
|
|
The unprecedented scope of a service-oriented architecture (SOA) initiative brings to the forefront a number of management and governance issues that were sidestepped in the past. The key to a successful SOA implementation is managing and governing activities throughout the entire SOA delivery lifecycle by ensuring that services conform to the needs of all of the business’s stakeholders. Learn how service lifecycle management allows the business to ensure that the process by which services are defined, created, tested, deployed, optimized and retired is manageable, repeatable and auditable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
