<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
// checking if the user's login name and password are in DB
// get rid of extra spaces in user name
$user = trim($user);
$find_user = "SELECT * FROM wp_users WHERE user_login = '$user'
AND user_pass = MD5('$password');";
if (! ($result = @mysql_query($find_user, $connection))) {
showerror();
}
if (mysql_num_rows($result) < 1) return false;
else return true;
}
function print_login_form() {
$form_string = "
<form id=\"theform\" method=\"post\"
action=\"db_passwords.php\">
<table border=\"0\">
<tr>
<td>Enter your user name:</td>
<td>
<input type = \"text\" name = \"user\" />
</td>
</tr>
<tr>
<td>Enter your password:</td>
<td>
<input type = \"password\" name = \"password\" />
</td>
</tr>
<tr>
<td>
<input type=\"submit\" name = \"submit\" value=\"submit\" />
</td>
</tr>
</table>
</form>
";
print $form_string;
}
function showerror()
{
die("Error ". mysql_errno(). " : " .mysql_error());
}
// ---------------- end of functions -----------------
// getting the form data
$user = $_POST['user'];
$password = $_POST['password'];
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
PHP functions
Author: Elena Machkasova
Last modified: 4/30/08
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// open DB conncetion
// connect to the server
if (! ($connection = @mysql_connect("localhost","1101spring08read","1101readonly")))
die ("connection to the database failed");
// select a database
if (!@mysql_select_db("1101spring08", $connection)) showerror();
if (isset($user) && isvalid($user, $password, $connection)) {
print "Welcome, $user!<br/>\n";
} else {
print_login_form();
}
// close DB connection
@mysql_close($connection);
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/1101_spring08/passwords/db_passwords.php
<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
// checking if the user's login name and password are in DB
// get rid of extra spaces in user name
$user = trim($user);
$find_user = "SELECT * FROM wp_users WHERE user_login = '$user'
AND user_pass = MD5('$password');";
if (! ($result = @mysql_query($find_user, $connection))) {
showerror();
}
if (mysql_num_rows($result) < 1) return false;
else return true;
}
function showerror()
{
die("Error ". mysql_errno(). " : " .mysql_error());
}
function send_headers() {
header("WWW-authenticate: Basic realm=\"1101 Blog\"");
header("HTTP/1.1 401 Unauthorized");
}
// ---------------- end of functions -----------------
// get the user's name, password (if any)
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$message = "You are not authorized to access this page";
if (!isset($user)) {
// need to authenticate
send_headers();
} else {
// open connection to check the password
if (! ($connection = @mysql_connect("localhost","1101spring08read","1101readonly"))) {
die ("connection to the database failed");
}
// select a database
if (!@mysql_select_db("1101spring08", $connection)) showerror();
if (isvalid($user, $password, $connection)) {
// if the user, password are in the database
$message = "Welcome, $user!<br/>\n";
} else {
// invalid password
send_headers();
}
// close DB connection
@mysql_close($connection);
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
Checking if the user's login name and password are in the database
Author: Elena Machkasova elenam@morris.umn.edu
Last modified: 4/30/08
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// will display the message if the user is successfully logged in or if
// clicked "Cancel"
print $message;
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/1101_spring08/passwords/server_passwords.php