Page 1 of 1
Authentication
Posted: Sun Apr 18, 2004 10:28 am
by tiresome
I am designing a guest book using php and mysql. I need to password protect the php page where I will be allowing the administrator(only!) to delete guests from the guest book. The rest of the pages like signing in and viewing do not require authentication.
How can I go about restricting the delete operation to only authorized users with a valid username and password? Thanks a bunch

Posted: Sun Apr 18, 2004 10:40 am
by tim
you could:
Go into your Cpanel or whatever and password protect pages there
you could assign the username n passwords to variables and only assign vars to those of which u wish to have access.
ie(in a extremely generic form):
Code: Select all
<?php
<form action=verify.php method=POST>
<input type=text name=username>
<input type=text name=password>
<input type=submit value=submit>
// verify.php:
is(isset($username)) {
//assign vars to your users u wish to have access:
$tim = "tim";
$tpass = "tim23";
$user1 = "name";
$u1pass = "password";
if ($username == $tim && $password == $tpass) {
echo "thanks for logging in tim!";
} else {
echo "inncorect name/pass";
}
if ($username == $user1 && $password == $u1pass) {
echo "thanks for logging in user1";
} else {
echo "inncorect name/pass";
}
?>
Or the "best" method I would choose is seeing u said MySQL, your users for your guestbook are probably stored, so I would make a extra column in the table called admin and set the default to zero (not a admin) and either manual (via phpMyAdmin or whatever) or a SQL command, change it 1 (a admin)
ie:
Code: Select all
<?php
$sql = "SELECT * FROM user_table WHERE user='$username'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$admin = $row["admin"];
if ($admin == 1) {
//is admin
} else {
//not admin
}
etc etc
?>
Was this what u was asking?
?>
authentication
Posted: Sun Apr 18, 2004 11:04 am
by tiresome
Yup, that's it. That was exactly what I was asking for.

Merci beaucoup!
I was actually using Header("WWW-Authenticate: Basic realm=\""); Header("HTTP/1.0 401 Unauthorized"); and I get this pop up dialogue box requesting for the username and password.
It seems though, that I am running PHP as a CGI instead of a module so the header doesn't function on my PHP...yet! I am looking through the manual to find out how I could rectify the problem. I guess I'll need to modify config and ini files. Anyway, I appreciate that!

Posted: Sun Apr 18, 2004 2:53 pm
by tim
your welcome.
let us (or atleast me) know how you solved your module problem (if/when you do.) Can't hurt to learn something new, thanks!