Authentication (checking passwords) in php

Authentication using php only


<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function print_login_form() {
	$form_string = "
	<form id=\"theform\" method=\"post\" 
	action=\"db_passwords.php\">
	<table border=\"0\">
	<tr>
	<td>Enter your user name:</td>
	<td>
	<input type = \"text\" name = \"user\" />
	</td>
	</tr>
	<tr>
	<td>Enter your password:</td>
	<td>
	<input type = \"password\" name = \"password\" />
	</td>
	</tr>
	<tr>
	<td>
	<input type=\"submit\" name = \"submit\" value=\"submit\" />
	</td>
	</tr>
	</table>
	</form>
	";
	print $form_string;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

// ---------------- end of functions -----------------

// getting the form data
$user = $_POST['user'];
$password = $_POST['password'];	


?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- 
PHP functions
Author: Elena Machkasova 
Last modified: 4/30/08
--> 
<html  xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// open DB conncetion
// connect to the server
if (! ($connection = @mysql_connect("localhost","1101spring08read","1101readonly")))
	die ("connection to the database failed");

// select a database
if (!@mysql_select_db("1101spring08", $connection)) showerror();

if (isset($user) && isvalid($user, $password, $connection)) {
	print "Welcome, $user!<br/>\n";
} else {
	print_login_form();	
}

// close DB connection
@mysql_close($connection);
?>
</body>
</html>

http://rynite.morris.umn.edu/~elenam/1101_spring08/passwords/db_passwords.php

Authentication using php and http headers


<?php
// -------------- define functions -----------------
function isvalid($user, $password, $connection) {
	// checking if the user's login name and password are in DB
	// get rid of extra spaces in user name
	$user = trim($user);
	$find_user = "SELECT * FROM wp_users WHERE user_login = '$user' 
	AND user_pass = MD5('$password');";
	if (! ($result = @mysql_query($find_user, $connection))) {
		showerror();
	}
	if (mysql_num_rows($result) < 1) return false;	
	else return true;
}

function showerror()
{
	die("Error ". mysql_errno(). " : " .mysql_error());	
}

function send_headers() {
	header("WWW-authenticate: Basic realm=\"1101 Blog\"");
	header("HTTP/1.1 401 Unauthorized");	
}

// ---------------- end of functions -----------------

// get the user's name, password (if any)
$user = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];

$message = "You are not authorized to access this page";
if (!isset($user)) {
	// need to authenticate
	send_headers();	
} else {
	// open connection to check the password
	if (! ($connection = @mysql_connect("localhost","1101spring08read","1101readonly"))) {
		die ("connection to the database failed");
	}

	// select a database
	if (!@mysql_select_db("1101spring08", $connection)) showerror();

	if (isvalid($user, $password, $connection)) {
		// if the user, password are in the database
		$message = "Welcome, $user!<br/>\n";	
	} else {
		// invalid password
		send_headers();	
	}
	// close DB connection
	@mysql_close($connection);
}

?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- 
Checking if the user's login name and password are in the database
Author: Elena Machkasova elenam@morris.umn.edu 
Last modified: 4/30/08
--> 
<html  xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>
Checking user's login name and password
</title>
</head>
<body>
<?php
// will display the message if the user is successfully logged in or if 
// clicked "Cancel"
print $message;
?>
</body>
</html>

http://rynite.morris.umn.edu/~elenam/1101_spring08/passwords/server_passwords.php


UMM CSci 1101

The views and opinions expressed in this page are strictly those of the page author. The contents of this page have not been reviewed or approved by the University of Minnesota.