User authentication using PHP

Authentication using PHP only

<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function print_login_form() {
	$handler = "authenticate/check_password.php";
	$form_string = "
	<form name=\"theform\" method=\"POST\" 
	action=\"http://rynite.morris.umn.edu/~elenam/php_examples/$handler\">
	<table border=\"0\">
	<tr>
	<td>Enter your user name:</td>
	<td>
	<input type = \"text\" name = \"user\">
	</td>
	</tr>
	<tr>
	<td>Enter your password:</td>
	<td>
	<input type = \"password\" name = \"password\">
	</td>
	</tr>
	<tr>
	<td>
	<input type=\"submit\" name = \"submit\" value=\"submit\">
	</td>
	</tr>
	</table>
	</form><br/>
	";
	print $form_string;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

// ---------------- end of functions -----------------

// getting the form data
$user = $_POST['user'];
$password = $_POST['password'];	


?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- 
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu 
Last modified: 4/27/06 
--> 
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// open DB conncetion
// connect to the server
if (! ($connection = @mysql_connect("localhost","1101readonly","readonly")))
	die ("connection to the dtabase failed");

// select a database
if (!@mysql_select_db("1101spr06", $connection)) showerror();

if (isset($user) && isvalid($user, $password, $connection)) {
	print "Welcome, $user!<br/>\n";
} else {
	print_login_form();	
}

// close DB connection
@mysql_close($connection);
?>
</body>
</html>

Authentication using PHP and HTTP headers

<!-- 
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu 
Last modified: 4/27/06 
--> 
<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

function send_headers() {
	header("WWW-authenticate: Basic realm=\"My Blog\"");
	header("HTTP/1.1 401 Unauthorized");	
}

// ---------------- end of functions -----------------

// get the user's name, password (if any)
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];

$message = "You are not authorized to access this page";
if (!isset($user)) {
	// need to authenticate
	send_headers();	
} else {
	// open connection to check the password
	if (! ($connection = @mysql_connect("localhost","1101readonly","readonly"))) {
		die ("connection to the dtabase failed");
	}

	// select a database
	if (!@mysql_select_db("1101spr06", $connection)) showerror();

	if (isvalid($user, $password, $connection)) {
		// the user, passowrd are in the database
		$message = "Welcome, $user!<br/>\n";	
	} else {
		// invalid password
		send_headers();	
	}
	// close DB connection
	@mysql_close($connection);
}

?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// will diaply the message if the user is successfully logged in or if 
// clicked "Cancel"
print $message;
?>
</body>
</html>