User authentication using PHP

Authentication using PHP only


<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function print_login_form() {
	$handler = "authenticate/check_password.php";
	$form_string = "
	<form name=\"theform\" method=\"POST\" 
	action=\"http://rynite.morris.umn.edu/~elenam/php_examples/$handler\">
	<table border=\"0\">
	<tr>
	<td>Enter your user name:</td>
	<td>
	<input type = \"text\" name = \"user\">
	</td>
	</tr>
	<tr>
	<td>Enter your password:</td>
	<td>
	<input type = \"password\" name = \"password\">
	</td>
	</tr>
	<tr>
	<td>
	<input type=\"submit\" name = \"submit\" value=\"submit\">
	</td>
	</tr>
	</table>
	</form><br/>
	";
	print $form_string;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

// ---------------- end of functions -----------------

// getting the form data
$user = $_POST['user'];
$password = $_POST['password'];	


?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- 
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu 
Last modified: 4/27/06 
--> 
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// open DB conncetion
// connect to the server
if (! ($connection = @mysql_connect("localhost","1101readonly","readonly")))
	die ("connection to the dtabase failed");

// select a database
if (!@mysql_select_db("1101spr06", $connection)) showerror();

if (isset($user) && isvalid($user, $password, $connection)) {
	print "Welcome, $user!<br/>\n";
} else {
	print_login_form();	
}

// close DB connection
@mysql_close($connection);
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/php_examples/authenticate/check_password.php

Authentication using PHP and HTTP headers


<!-- 
Checking if the user's login name and apssword are in the database
Author: Elena Machkasova elenam@morris.umn.edu 
Last modified: 4/27/06 
--> 
<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

function send_headers() {
	header("WWW-authenticate: Basic realm=\"My Blog\"");
	header("HTTP/1.1 401 Unauthorized");	
}

// ---------------- end of functions -----------------

// get the user's name, password (if any)
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];

$message = "You are not authorized to access this page";
if (!isset($user)) {
	// need to authenticate
	send_headers();	
} else {
	// open connection to check the password
	if (! ($connection = @mysql_connect("localhost","1101readonly","readonly"))) {
		die ("connection to the dtabase failed");
	}

	// select a database
	if (!@mysql_select_db("1101spr06", $connection)) showerror();

	if (isvalid($user, $password, $connection)) {
		// the user, passowrd are in the database
		$message = "Welcome, $user!<br/>\n";	
	} else {
		// invalid password
		send_headers();	
	}
	// close DB connection
	@mysql_close($connection);
}

?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// will diaply the message if the user is successfully logged in or if 
// clicked "Cancel"
print $message;
?>
</body>
</html>
http://rynite.morris.umn.edu/~elenam/php_examples/authenticate/check_password2.php
UMM CSci 1101

The views and opinions expressed in this page are strictly those of the page author. The contents of this page have not been reviewed or approved by the University of Minnesota.