Fandelem
03-26-2001, 01:09 PM
i'm just wondering if anyone has ever userd php and mysql database for user authentication.. if so.. perhaps explain how? ;o)
Click to See Complete Forum and Search --> : mysql and php authentication
dzweier
03-26-2001, 08:50 PM
What you are talking about can be accomplished easily with a few tables in a MySQL database. Then when you have a use log in just use PHP to get his user_id and look it up in the database and verify the password.
johnwebb
03-26-2001, 10:29 PM
Maybe this will help ...
http://www.zend.com/zend/tut/authentication.php
http://www.zend.com/zend/tut/authentication.php
Fandelem
03-26-2001, 11:55 PM
i've done something similar to that link provided (thanks, btw) -- but here's the problem i'm running into:
once the user authenticates with my mysql database (which i have working) -- i have no real way of "carrying over" his/her id_number for all user specific options..
all my databases are referenced by id_number's that correspond to an account table.. so the only way right now that i can get this working is when the user logins in (via login.php) it redirects them to /users/index.php?account=$account_id and then i globalize the $http_get_vars['account_id'] and that's the only way i've thought up so far..
if anyone uses anything similar to what i'm doing.. i'd love to hear how they do it ;o)
oh, also.. i'm running into a problem with the <select multiple> tag.. has anyone managed to get this working with php?
basically, i have a <select multiple> box that i want the user to be able to select more than one choice -- but i have no clue how to grab multiple values. the php.net manual example was helpful, but it was not thorough nor answered my question..
here is my code:
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=generic METHOD=post onSubmit=\"return passCheck()\">
<h1><font color=ffffff>Select Users to View/Edit Details</h1> (not working at the moment)<hr>
<SELECT NAME=\"user_details[]\" rows=\"10\" multiple size=$users>
";
$sql = "SELECT id, username from {$DB_CONF["table_account"]} ";
$sql_result = mysql_query($sql) or die ("Couldn't execute query. (sendmsg_user_user()) ".mysql_error());
while ($row = mysql_fetch_array($sql_result)) {
if ( $row['id'] != 1 ) {
echo "
<OPTION VALUE=\"{$row['id']}\">{$row['username']}</OPTION>
";
}
}
and calling it by:
echo "(user_details) {$HTTP_POST_VARS['user_details']}[]";
this will make a list, but when a user selects anything it will just print "(user_details) Array" and when i remove the []'s from everything it will only print the *last* selected box..
any linkage would be great ;o)
~kyle
edit: found out how to do the select boxes ;o)
the select part was right, with the []'s.. but to grab the input, code is:
$count = count($user_details);
for ($i = 0; $i < $count; $i++ ) {
echo "(userdetails) $user_details[$i]";
}
[ 26 March 2001: Message edited by: Fandelem ]
once the user authenticates with my mysql database (which i have working) -- i have no real way of "carrying over" his/her id_number for all user specific options..
all my databases are referenced by id_number's that correspond to an account table.. so the only way right now that i can get this working is when the user logins in (via login.php) it redirects them to /users/index.php?account=$account_id and then i globalize the $http_get_vars['account_id'] and that's the only way i've thought up so far..
if anyone uses anything similar to what i'm doing.. i'd love to hear how they do it ;o)
oh, also.. i'm running into a problem with the <select multiple> tag.. has anyone managed to get this working with php?
basically, i have a <select multiple> box that i want the user to be able to select more than one choice -- but i have no clue how to grab multiple values. the php.net manual example was helpful, but it was not thorough nor answered my question..
here is my code:
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=generic METHOD=post onSubmit=\"return passCheck()\">
<h1><font color=ffffff>Select Users to View/Edit Details</h1> (not working at the moment)<hr>
<SELECT NAME=\"user_details[]\" rows=\"10\" multiple size=$users>
";
$sql = "SELECT id, username from {$DB_CONF["table_account"]} ";
$sql_result = mysql_query($sql) or die ("Couldn't execute query. (sendmsg_user_user()) ".mysql_error());
while ($row = mysql_fetch_array($sql_result)) {
if ( $row['id'] != 1 ) {
echo "
<OPTION VALUE=\"{$row['id']}\">{$row['username']}</OPTION>
";
}
}
and calling it by:
echo "(user_details) {$HTTP_POST_VARS['user_details']}[]";
this will make a list, but when a user selects anything it will just print "(user_details) Array" and when i remove the []'s from everything it will only print the *last* selected box..
any linkage would be great ;o)
~kyle
edit: found out how to do the select boxes ;o)
the select part was right, with the []'s.. but to grab the input, code is:
$count = count($user_details);
for ($i = 0; $i < $count; $i++ ) {
echo "(userdetails) $user_details[$i]";
}
[ 26 March 2001: Message edited by: Fandelem ]
Sweede
03-27-2001, 01:31 PM
login form ->
MySQL login check (check both username and password) ->
if good create a unique ID ( md5($IP.$timestamp.sqr(rand(1000,2000)) ) ->
Insert unique ID into a sessions table with the user_id and an expire time (say 10 minutes) ->
set cookie named "user_login" with the unique ID string ->
each page checks for the presense of the user_login cookie (via $HTTP_COOKIE_VARS['user_login'] )
If one is found, check the session table to see if the unique ID is expired or missing.
if cookie is old/session expired, re-authenticate.
If its not expired, update the expire time in the table.
all is well.
a logout function will delete the cookie (send an empty cookie("user_login")) and remove the row from the session table.
MySQL login check (check both username and password) ->
if good create a unique ID ( md5($IP.$timestamp.sqr(rand(1000,2000)) ) ->
Insert unique ID into a sessions table with the user_id and an expire time (say 10 minutes) ->
set cookie named "user_login" with the unique ID string ->
each page checks for the presense of the user_login cookie (via $HTTP_COOKIE_VARS['user_login'] )
If one is found, check the session table to see if the unique ID is expired or missing.
if cookie is old/session expired, re-authenticate.
If its not expired, update the expire time in the table.
all is well.
a logout function will delete the cookie (send an empty cookie("user_login")) and remove the row from the session table.
Sweede
03-27-2001, 02:11 PM
here, i didnt include a logout function , but you'll get the basic idea.
i have a nearly complete set, when i get it touched up i'll post a link in the programming section.
btw, i just wrote this in about 30 minutes at school, this is not the same as what i wrote above.
external variables...
$DB_CONF[table names], $CONF[expiry], $CONF[user_cookie] plus normal db info and whatnot.
the sessions table must have 4 fields, (check for syntax)
id int(11) auto_increment,
user_id int(11),
session_id char(32),
expiry char(10),
PRIMARY(id)
function do_login($username,$password)
{
global $user_cookie,$CONF,$DB_CONF;
/***
* If you are using crypt for password encryption,
* encrypt the password here, otherwise use PASSWORD()
* when inserting a password.
*/
$sql = "SELECT * FROM $DB_CONF['usertable']
WHERE username = '$username' AND password = PASSWORD('$password')";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
if(mysql_num_rows($result) == 1) {
$unique_id = md5(getenv("REMOTE_HOST").time().$random);
$user_id = mysql_result($result,0,"user_id");
$sql = "INSERT INTO $DB_CONF['session'] VALUES
('','$user_id','$unique_id','time()')";
mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
/***
* Cookie format as follows..
* name, value, expiry, domain, path, secure
*/
setcookie("$CONF[user_cookie]","$unique_id","","$HTTP_HOST","/","");
/***
* The cookie is now set and the session is in the database.
* what need to do now is to re-direct to whatever you want.
*/
} else {
/***
* This is what happens when authentication fails, show the
* login form again here.
*/
return 0;
}
}
function is_user_logged_in()
{
global $CONF,$DB_CONF,$HTTP_COOKIE_VARS;
if ( isset($HTTP_COOKIE_VARS[$CONF[user_cookie]]) ) {
$unique_id = $HTTP_COOKIE_VARS[$CONF[user_cookie]];
$expired = time()+$CONF['expiry']
$sql = "SELECT * FROM $DB_CONF[session] WHERE
session_id = '$unique_id' AND expiry < '$expired'";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
$user_id = mysql_result($result,0,"user_id")
if ( mysql_num_rows($result) == 1 ) {
$sql = "UPDATE $DB_CONF[sessions] SET expiry='".time()."'
WHERE session_id = '$unique_id'";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
if (mysql_num_rows($result) == 0 ) {
echo "there was an error !!!";
exit;
}
return $user_id;
} else {
return 0;
}
} else {
return 0;
}
}
function get_user_info($user_id)
{
global $DB_CONF,$CONF;
$sql = "SELECT * FROM $DB_CONF['user_table'] WHERE user_id = '$user_id';
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
return mysql_fetch_array($result);
}
function print_login_form()
{
/***
* DONT ECHO HTML IN FUNCTIONS unless for debuging purposes.
*/
$html = '
.. form stuff ...
';
return $html;
}
do what you need :)
i have a nearly complete set, when i get it touched up i'll post a link in the programming section.
btw, i just wrote this in about 30 minutes at school, this is not the same as what i wrote above.
external variables...
$DB_CONF[table names], $CONF[expiry], $CONF[user_cookie] plus normal db info and whatnot.
the sessions table must have 4 fields, (check for syntax)
id int(11) auto_increment,
user_id int(11),
session_id char(32),
expiry char(10),
PRIMARY(id)
function do_login($username,$password)
{
global $user_cookie,$CONF,$DB_CONF;
/***
* If you are using crypt for password encryption,
* encrypt the password here, otherwise use PASSWORD()
* when inserting a password.
*/
$sql = "SELECT * FROM $DB_CONF['usertable']
WHERE username = '$username' AND password = PASSWORD('$password')";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
if(mysql_num_rows($result) == 1) {
$unique_id = md5(getenv("REMOTE_HOST").time().$random);
$user_id = mysql_result($result,0,"user_id");
$sql = "INSERT INTO $DB_CONF['session'] VALUES
('','$user_id','$unique_id','time()')";
mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
/***
* Cookie format as follows..
* name, value, expiry, domain, path, secure
*/
setcookie("$CONF[user_cookie]","$unique_id","","$HTTP_HOST","/","");
/***
* The cookie is now set and the session is in the database.
* what need to do now is to re-direct to whatever you want.
*/
} else {
/***
* This is what happens when authentication fails, show the
* login form again here.
*/
return 0;
}
}
function is_user_logged_in()
{
global $CONF,$DB_CONF,$HTTP_COOKIE_VARS;
if ( isset($HTTP_COOKIE_VARS[$CONF[user_cookie]]) ) {
$unique_id = $HTTP_COOKIE_VARS[$CONF[user_cookie]];
$expired = time()+$CONF['expiry']
$sql = "SELECT * FROM $DB_CONF[session] WHERE
session_id = '$unique_id' AND expiry < '$expired'";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
$user_id = mysql_result($result,0,"user_id")
if ( mysql_num_rows($result) == 1 ) {
$sql = "UPDATE $DB_CONF[sessions] SET expiry='".time()."'
WHERE session_id = '$unique_id'";
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
if (mysql_num_rows($result) == 0 ) {
echo "there was an error !!!";
exit;
}
return $user_id;
} else {
return 0;
}
} else {
return 0;
}
}
function get_user_info($user_id)
{
global $DB_CONF,$CONF;
$sql = "SELECT * FROM $DB_CONF['user_table'] WHERE user_id = '$user_id';
$result = mysql_query($sql) or die("There was an error on line ".__LINE__.
" of file ".__FILE__."<br>".$sql.
"<br>".mysql_error() );
return mysql_fetch_array($result);
}
function print_login_form()
{
/***
* DONT ECHO HTML IN FUNCTIONS unless for debuging purposes.
*/
$html = '
.. form stuff ...
';
return $html;
}
do what you need :)
Fandelem
03-27-2001, 02:30 PM
thanks sweede!! i'll take a look at this when i go to work later tonight (i love evening shifts.. so slow&relaxing.. ;o)
anyways.. now i have a bigger problem on my hands that perhaps you've come across before:
$PHP_SELF variable. the book i have doesn't explain it at all-- it just gives examples.. so i'm kind of using it 'in the dark' ...anyways..
i *have* made sure the pages display properly in both (closing all </table tags was the main problem.. i'm very thankful you harassed me early on to do that or it would have been a much bigger debugging problem!) - however here is my problem:
code snippet:
function generic_html() {
echo "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
}
in IE *and* netscape this displays (from view source):
<FORM ACTION="" NAME="generic" METHOD="post" onSubmit="return passCheck()">
however, outside functions i call $PHP_SELF and it works. what's the trick?
(example of working $PHP_SELF in same script)
##########################
#
# this takes the input from the deletion form and deletes the product
#
#########################
else if ( ($productmode == "delete_product") && ($process == "yes") ) { // alright, let's delete a product
$item_id = stripslashes($HTTP_POST_VARS['item_id']);
$category = stripslashes($HTTP_POST_VARS['category']);
$item = stripslashes($HTTP_POST_VARS['item']);
$quality = stripslashes($HTTP_POST_VARS['quality']);
$base_cost = stripslashes($HTTP_POST_VARS['base_cost']);
$sql = "DELETE FROM {$DB_CONF['table_master_products']} WHERE
item_id = \"$item_id\" and category = \"$category\"";
$sql_result = mysql_query($sql) or die ("Couldn't execute query. (category()) ".mysql_error());
if ($sql_result) {
echo "
The following has been deleted:
<p>
(item) $item from (category) $category
<br><p align=center><a href=\"$PHP_SELF\">Return to Menu</a></P>
";
}
} // end delete_product
i assume it's something like http_post_vars but i can't figure it out.
once again, thank you so much for your help!
~kyle
anyways.. now i have a bigger problem on my hands that perhaps you've come across before:
$PHP_SELF variable. the book i have doesn't explain it at all-- it just gives examples.. so i'm kind of using it 'in the dark' ...anyways..
i *have* made sure the pages display properly in both (closing all </table tags was the main problem.. i'm very thankful you harassed me early on to do that or it would have been a much bigger debugging problem!) - however here is my problem:
code snippet:
function generic_html() {
echo "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
}
in IE *and* netscape this displays (from view source):
<FORM ACTION="" NAME="generic" METHOD="post" onSubmit="return passCheck()">
however, outside functions i call $PHP_SELF and it works. what's the trick?
(example of working $PHP_SELF in same script)
##########################
#
# this takes the input from the deletion form and deletes the product
#
#########################
else if ( ($productmode == "delete_product") && ($process == "yes") ) { // alright, let's delete a product
$item_id = stripslashes($HTTP_POST_VARS['item_id']);
$category = stripslashes($HTTP_POST_VARS['category']);
$item = stripslashes($HTTP_POST_VARS['item']);
$quality = stripslashes($HTTP_POST_VARS['quality']);
$base_cost = stripslashes($HTTP_POST_VARS['base_cost']);
$sql = "DELETE FROM {$DB_CONF['table_master_products']} WHERE
item_id = \"$item_id\" and category = \"$category\"";
$sql_result = mysql_query($sql) or die ("Couldn't execute query. (category()) ".mysql_error());
if ($sql_result) {
echo "
The following has been deleted:
<p>
(item) $item from (category) $category
<br><p align=center><a href=\"$PHP_SELF\">Return to Menu</a></P>
";
}
} // end delete_product
i assume it's something like http_post_vars but i can't figure it out.
once again, thank you so much for your help!
~kyle
Fandelem
03-27-2001, 07:14 PM
well, taking from your other examples, here was my workaround (tell me if i shouldn't be doing it like this ;o)
function generic_html($PHP_SELF) {
$html = "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
return $html;
}
and i access it by:
echo generic_html($PHP_SELF);
..and i had a quick question about your functions.. i understand do_login, but is_user_logged_in shouldn't go in my login.php form, it should go in index.php -- right? and when should i use get_user_info?
well i appreciate it greatly for taking any time at all to answer my questions.. once again i'm left with only being able to say my deepest thank-you's ;o)
have a great day--
~kyle
edit: i don't think i mentioned this earlier but i have a login.php then index.php -- how does it work.. with passing the $CONF[user_cookie] between scripts and stuff?
[ 27 March 2001: Message edited by: Fandelem ]
function generic_html($PHP_SELF) {
$html = "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
return $html;
}
and i access it by:
echo generic_html($PHP_SELF);
..and i had a quick question about your functions.. i understand do_login, but is_user_logged_in shouldn't go in my login.php form, it should go in index.php -- right? and when should i use get_user_info?
well i appreciate it greatly for taking any time at all to answer my questions.. once again i'm left with only being able to say my deepest thank-you's ;o)
have a great day--
~kyle
edit: i don't think i mentioned this earlier but i have a login.php then index.php -- how does it work.. with passing the $CONF[user_cookie] between scripts and stuff?
[ 27 March 2001: Message edited by: Fandelem ]
Sweede
03-28-2001, 01:22 AM
function generic_html()
{
global $PHP_SELF
echo "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
}
notice the Global $PHP_SELF !
[ 28 March 2001: Message edited by: Sweede ]
{
global $PHP_SELF
echo "
<html>
<head>
<SCRIPT LANGUAGE=\"javascript\">
<!-- hide
function passCheck(){
return true;}
// unhide -->
</SCRIPT>
</head>
<body>
<body bgcolor=\"#000000\" text=\"#ffffff\" link=\"#769257\" vlink=\"#769257\" alink=\"#769257\">
<table border=0 cellpadding=2 cellspacing=0><tr><td bgcolor=000000>
<table border=1 bordercolor=169257 cellpadding=8 cellspacing=0>
<FORM ACTION=\"$PHP_SELF\" NAME=\"generic\" METHOD=\"post\" onSubmit=\"return passCheck()\">
";
}
notice the Global $PHP_SELF !
[ 28 March 2001: Message edited by: Sweede ]
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.