User authentication using PHP
Authentication using PHP only
<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
// checking if the user's login name and password are in DB
// get rid of extra spaces in user name
$user = trim($user);
$find_user = "SELECT * FROM wp_users WHERE user_login = '$user'
AND user_pass = MD5('$password');";
if (! ($result = @mysql_query($find_user, $connection))) {
showerror();
}
if (mysql_num_rows($result) < 1) return false;
else return true;
}
function print_login_form() {
$handler = "authenticate/check_password.php";
$form_string = "
<form name=\"theform\" method=\"POST\"
action=\"http://rynite.morris.umn.edu/~elenam/php_examples/$handler\">
<table border=\"0\">
<tr>
<td>Enter your user name:</td>
<td>
<input type = \"text\" name = \"user\">
</td>
</tr>
<tr>
<td>Enter your password:</td>
<td>
<input type = \"password\" name = \"password\">
</td>
</tr>
<tr>
<td>
<input type=\"submit\" name = \"submit\" value=\"submit\">
</td>
</tr>
</table>
</form><br/>
";
print $form_string;
}
function showerror()
{
die("Error ". mysql_errno(). " : " .mysql_error());
}
// ---------------- end of functions -----------------
// getting the form data
$user = $_POST['user'];
$password = $_POST['password'];
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu
Last modified: 4/27/06
-->
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// open DB conncetion
// connect to the server
if (! ($connection = @mysql_connect("localhost","1101readonly","readonly")))
die ("connection to the dtabase failed");
// select a database
if (!@mysql_select_db("1101spr06", $connection)) showerror();
if (isset($user) && isvalid($user, $password, $connection)) {
print "Welcome, $user!<br/>\n";
} else {
print_login_form();
}
// close DB connection
@mysql_close($connection);
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/php_examples/authenticate/check_password.php
Authentication using PHP and HTTP headers
<!--
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu
Last modified: 4/27/06
-->
<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
// checking if the user's login name and password are in DB
// get rid of extra spaces in user name
$user = trim($user);
$find_user = "SELECT * FROM wp_users WHERE user_login = '$user'
AND user_pass = MD5('$password');";
if (! ($result = @mysql_query($find_user, $connection))) {
showerror();
}
if (mysql_num_rows($result) < 1) return false;
else return true;
}
function showerror()
{
die("Error ". mysql_errno(). " : " .mysql_error());
}
function send_headers() {
header("WWW-authenticate: Basic realm=\"My Blog\"");
header("HTTP/1.1 401 Unauthorized");
}
// ---------------- end of functions -----------------
// get the user's name, password (if any)
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$message = "You are not authorized to access this page";
if (!isset($user)) {
// need to authenticate
send_headers();
} else {
// open connection to check the password
if (! ($connection = @mysql_connect("localhost","1101readonly","readonly"))) {
die ("connection to the dtabase failed");
}
// select a database
if (!@mysql_select_db("1101spr06", $connection)) showerror();
if (isvalid($user, $password, $connection)) {
// the user, passowrd are in the database
$message = "Welcome, $user!<br/>\n";
} else {
// invalid password
send_headers();
}
// close DB connection
@mysql_close($connection);
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// will diaply the message if the user is successfully logged in or if
// clicked "Cancel"
print $message;
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/php_examples/authenticate/check_password2.php
UMM CSci 1101