user athectication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bobby
Forum Commoner
Posts: 27
Joined: Sat Oct 04, 2003 4:00 pm
Location: usa
Contact:

user athectication

Post by bobby »

Hi guys,

Just a quicky, I am trying to do a bit of user authentication,
I have database called software. Inside software i have a table called users.

I have managed to cobble together some php code that prompts me for username and password. It's supposed to check the username and password i answer is in the table users and then let me in. However ti doesn't seem to do this. I have two pages

Code: Select all

<?php 


	// File Name: auth04.php
	// Check to see if $PHP_AUTH_USER already contains info

	if (!isset($PHP_AUTH_USER)) &#123;

		// If empty, send header causing dialog box to appear

		header('WWW-Authenticate: Basic realm="My Private Stuff"');
		header('HTTP/1.0 401 Unauthorized');
		exit;

	&#125; else if (isset($PHP_AUTH_USER)) &#123;

		// If non-empty, check the database for matches
		// connect to MySQL

		mysql_connect('localhost', 'phpuser', 'phpuser03')or die ("Database connection error");

			mysql_select_db('software')

			or die ("Unable to select database.");

		// Formulate the query

		$sql = "SELECT *
                FROM users 
                WHERE username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'";



		// Execute the query and put results in $result

		$result = mysql_query($sql);

		// Get number of rows in $result. 0 if invalid, 1 if valid.

		$num = mysql_numrows($result);

		if ($num != "0") &#123;
			echo "<P>You're authorized!</p>";	
			exit;

		&#125; else &#123;	

			header('WWW-Authenticate: Basic realm="My Private Stuff"');
			header('HTTP/1.0 401 Unauthorized');
			echo 'Authorization Required.';
			exit;

		&#125;

	&#125; 



?>



This is the second page

Code: Select all

<?php

mysql_connect('localhost', 'phpuser', 'phpuser03')or die ("Database connection error");

mysql_select_db('software')

or die ("Unable to select database.");


$sql = "SELECT *
		FROM users 
        	WHERE username='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'";

	// Execute the query and put results in $result

	$result = mysql_query($sql);

	// Get number of rows in $result. 0 if invalid, 1 if valid.

	$num = mysql_numrows($result);


?>

Any help would be great
bobby
Forum Commoner
Posts: 27
Joined: Sat Oct 04, 2003 4:00 pm
Location: usa
Contact:

Post by bobby »

If it helps, this is the tutorial I adapted eg with own connection paramaters

http://hotwired.lycos.com/webmonkey/00 ... ogramming
Paddy
Forum Contributor
Posts: 244
Joined: Wed Jun 11, 2003 8:16 pm
Location: Hobart, Tas, Aussie
Contact:

Post by Paddy »

Do you have any errors? Are your global variables turned on?
bobby
Forum Commoner
Posts: 27
Joined: Sat Oct 04, 2003 4:00 pm
Location: usa
Contact:

Post by bobby »

Hi,

My global variables are turned off. I hear they would be a security risk if they were turned on. Will thsi code work work global variables turend off
Paddy
Forum Contributor
Posts: 244
Joined: Wed Jun 11, 2003 8:16 pm
Location: Hobart, Tas, Aussie
Contact:

Post by Paddy »

Well from what I can see $PHP_AUTH_USER will never be assigned a value so it will always not authorise. That is why I asked, thought it may have been assigned elsewhere. You are right to leave globals off.
bobby
Forum Commoner
Posts: 27
Joined: Sat Oct 04, 2003 4:00 pm
Location: usa
Contact:

Post by bobby »

Hi guys,

Thanks for replying

why wont $PHP_AUTH_USER be assigned a value and would someone be kind enough to tell me how to fix it or show me where to go to learn how to fix it.....

sorry to be a pain

thanks

bobby
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

start with reading Concerning Passing Variables in PHP 4.2+
Now take a look at the predefined super global arrays esp. http://de.php.net/manual/en/reserved.va ... les.server
The parameters you're look for are now elements of $_SERVER
'PHP_AUTH_USER'

When running under Apache as module doing HTTP authentication this variable is set to the username provided by the user.
'PHP_AUTH_PW'

When running under Apache as module doing HTTP authentication this variable is set to the password provided by the user.
bobby
Forum Commoner
Posts: 27
Joined: Sat Oct 04, 2003 4:00 pm
Location: usa
Contact:

Post by bobby »

Hi

Thanks for the reply, I have read the articles you mentioned, I kinda of understand. But this has made me think of something else.

In your quote you say

HTTP authentication this variable is set to the username provided by the user.
'PHP_AUTH_PW'

Does this mean that the password or username can only be set when trying to log in ?


The way I have been using this code has been to have a users table and have a couple of usernames and passwords in there. Then i try to log in using the password and username that is already in my mysql database.
Post Reply