#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Chicago, IL USA
    Posts
    48
    Rep Power
    18
    I'm trying to authenticate mySQL database users through a php web login script. Once their authenticated I'd like to redirect them to a specific URL contained in one of the tables in the users mySQL database. I have the authentication script pretty much setup, but i'm so lame I can't query the database for the url in alliance with the username in the database. Could someone please help? Here's what my script looks like so far (some of its ripped)..

    <?
    mysql_connect("localhost", "root", "moksha9")
    or die ("Unable to connect to server.");

    mysql_select_db("secretDB")
    or die ("Unable to select database.");

    $sql = "SELECT id
    FROM users
    WHERE username='$username' and password='$password'";

    $result = mysql_query($sql)
    or die ("Unable to get results.");

    $num = mysql_numrows($result)
    or die ("You're not authorized to be here. If you feel you have
    recieved this
    message in error, please contact the <a
    href="mailto:brendon@sinphony.com">webmaster</a>");

    if ($num == 1) {


    $results = mysql_query("SELECT id FROM users WHERE statpage='$page'")
    or die ("Unable to get results.");

    header("Location: $page");

    }


    ?>

    ...this is the backend to a front end form.
  2. #2
  3. .Net Developer
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2000
    Location
    London
    Posts
    987
    Rep Power
    15

    $results = mysql_query("SELECT id FROM users WHERE statpage='$page'")
    or die ("Unable to get results.");

    header("Location: $page");

    what this above query will do?..from where this '$page' variable value is coming...

    -----
    any way i'm giving you an example how you can do this very easily.. you don't require that second query i suppose..

    <?
    $con=mysql_connect("localhost", "root", "moksha9")
    or die ("Unable to connect to server.");
    //connectivity to database..

    mysql_select_db("secretDB",$con)
    //select your database..

    $sql = "SELECT * FROM users WHERE username='$username' and password='$password'";

    $result = mysql_query($sql,$con)
    //issue your query..

    $rows=mysql_fetch_array($result);
    //get the values ..
    if (mysql_num_rows($result) == 1) {
    //valid user..

    $page=$row["usersaccesspagefieldname"];
    //get his page...
    header("Location: $page");
    }else{
    //login failed..
    echo "Error!! Login Failed..Hit back and try againn";
    exit;
    }
    ?>

    try this ..edit as per your requirment..




    ------------------
    SR -
    webshiju.com

    "The fear of the LORD is the beginning of knowledge..."



    [This message has been edited by Shiju Rajan (edited July 15, 2000).]
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Aalborg, Denmark
    Posts
    9
    Rep Power
    0
    Correct me if I am wrong, but this seems to be a pretty poor password protection mechanism. If somebody is able to get the URL of the "secret page" (by looking in the browser history, e.g.) he can access all your secrets directly bypassing the username/password validation.
  6. #4
  7. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    If it were me, I'd use something like this to secure the page:
    <?php
    //setup the http 401 for admin password//
    if (!isset($PHP_AUTH_USER)) {
    header('WWW-Authenticate: Basic realm="PHP AutoLinks v1.0 Admin"');
    header('HTTP/1.0 401 Unauthorized');
    echo "Authorization Required";
    exit;
    }
    else if (($PHP_AUTH_USER == $admin_user) && ($PHP_AUTH_PW == $admin_password)) {
    //you would want to modify the above line
    //to pull the users password information
    //from your database.. and I would certainly
    //encrypt the password(s) in your database
    //using mysqls' PASSWORD('$password')
    //function.
    ?>
    YOUR WEB PAGE HTML GOES HERE
    <?php
    }
    else if ($cancel == "CANCEL") {
    //authorization required
    echo "HTTP/1.0 401 - Authorization Requiredn";
    }
    else {
    header('WWW-Authenticate: Basic realm="PHP Driven AuthRequired"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization Required.';
    exit;
    }
    ?>

    Naturally, you would need to modify the line were the password is checked Also, if your
    users page is stored in either the same database or another, you can simply query the
    database for their page, based on their "id"
    .. something like:
    $sql = "SELECT page FROM users WHERE id='$id';

    $result = mysql_query($sql);
    $myrow = mysql_fetch_array($result);
    $page = $myrow["page"];
    etc...

    now $page contains the name of the page, and the header will actually contain a value.

    OOOPS, I just noticed a mistake here, the
    Basic realm="blah" this should match both at
    the top and bottom of the code.

    Also, it would be a good idea to check out Meloni's article on Encryption/Authentication on Web Monkey's site, it will really exaplain the page security thing a bit better.

    Note also, that you <html> </html> tags should start where I've marked "YOUR WEB PAGE HTML GOES HERE".. if you don't you'll get a nice little error.

    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.

    [This message has been edited by Robert_J_Sherman (edited July 15, 2000).]
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    60
    Rep Power
    15
    Do you need PHP4 for the authentication to work? I have used authentication using the .htaccess file and it worked, but I can't get it to work with PHP (which I need). Thanks!
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    300
    Rep Power
    15
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by terium:
    Do you need PHP4 for the authentication to work? I have used authentication using the .htaccess file and it worked, but I can't get it to work with PHP (which I need). Thanks![/quote]

    You need to compile PHP as an Apache module in order to use PHP-based authentication. If you are using a Windows version of PHP, you cannot do this at all, since it can only run as a CGI app. If you are using UNIX of any sort, you can re-compile PHP and Apache.

  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    Chicago, IL USA
    Posts
    48
    Rep Power
    18
    GOD BLESS UNIX!!! SCREW WINDOWS!!!

Similar Threads

  1. bill gates brain in a glass jar
    By astrix in forum Dev Shed Lounge
    Replies: 4
    Last Post: February 10th, 2007, 04:20 AM
  2. Replies: 16
    Last Post: December 4th, 2003, 05:51 PM
  3. Bill Gates explains referential integrity
    By rycamor in forum Database Management
    Replies: 3
    Last Post: June 24th, 2003, 04:50 AM
  4. Bill Gates is at it again!.............
    By StealthElephant in forum Linux Help
    Replies: 14
    Last Post: September 5th, 2002, 12:42 AM
  5. Bill Gates Brain In A Jar
    By astrix in forum HTML Programming
    Replies: 2
    Last Post: September 14th, 2000, 06:09 PM

IMN logo majestic logo threadwatch logo seochat tools logo