Authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tiresome
Forum Newbie
Posts: 16
Joined: Sun Apr 18, 2004 9:45 am

Authentication

Post by tiresome »

I am designing a guest book using php and mysql. I need to password protect the php page where I will be allowing the administrator(only!) to delete guests from the guest book. The rest of the pages like signing in and viewing do not require authentication.

How can I go about restricting the delete operation to only authorized users with a valid username and password? Thanks a bunch :P
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

you could:

Go into your Cpanel or whatever and password protect pages there

you could assign the username n passwords to variables and only assign vars to those of which u wish to have access.

ie(in a extremely generic form):

Code: Select all

<?php
<form action=verify.php method=POST>
<input type=text name=username>
<input type=text name=password>
<input type=submit value=submit>

// verify.php:

is(isset($username)) {

//assign vars to your users u wish to have access:
$tim = "tim";
$tpass = "tim23";
$user1 = "name";
$u1pass = "password";

if ($username == $tim && $password == $tpass) {
echo "thanks for logging in tim!";
} else {
echo "inncorect name/pass";
}
if ($username == $user1 && $password == $u1pass) {
echo "thanks for logging in user1";
} else {
echo "inncorect name/pass";
}
?>
Or the "best" method I would choose is seeing u said MySQL, your users for your guestbook are probably stored, so I would make a extra column in the table called admin and set the default to zero (not a admin) and either manual (via phpMyAdmin or whatever) or a SQL command, change it 1 (a admin)

ie:

Code: Select all

<?php
$sql =  "SELECT * FROM user_table WHERE user='$username'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);

$admin = $row["admin"];
if ($admin == 1) {
//is admin
} else {
//not admin
}

etc etc
?>
Was this what u was asking?
?>
tiresome
Forum Newbie
Posts: 16
Joined: Sun Apr 18, 2004 9:45 am

authentication

Post by tiresome »

Yup, that's it. That was exactly what I was asking for. :D Merci beaucoup!

I was actually using Header("WWW-Authenticate: Basic realm=\""); Header("HTTP/1.0 401 Unauthorized"); and I get this pop up dialogue box requesting for the username and password.

It seems though, that I am running PHP as a CGI instead of a module so the header doesn't function on my PHP...yet! I am looking through the manual to find out how I could rectify the problem. I guess I'll need to modify config and ini files. Anyway, I appreciate that! :)
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

your welcome.

let us (or atleast me) know how you solved your module problem (if/when you do.) Can't hurt to learn something new, thanks!
Post Reply