Skip to main content

Database Authentication

The final, and most complete of the three PHP authentication methods, is the utilization of a database to
maintain and manage the usernames and passwords used to access PHP files. This solution provides
advanced capabilities in administering authentication systems but also provides incredible flexibility and
scalability to incorporate the authentication system into the database system as a whole. The first step of
the process involves creating the user tables that will be used to house the authentication data.

Storing Authentication Data

The following table will be used to manage the storage of the login information that will be used by PHP to
manage logins:

CREATE TABLE `customers` (
`customerEmail` VARCHAR(40) NOT NULL, `lname` VARCHAR(25) NOT NULL,
`fname` VARCHAR(25) NOT NULL, `title` ENUM('Mr.', 'Mrs.', 'Miss', 'Ms.','Dr.'),
`passwd` VARCHAR(30), PRIMARY KEY (`customerEmail`)
);

The idea of using the customerEmail as the login in identifier has become standard practice in many web
applications these days. As far as an email being a primary identifier for the customer, it is perfect; It is
unique (no two people could have the exact same e-mail account), it is specific to the user and it is an
alternate means to contact the user. In this table, there could be additional columns used to support other
areas of the application; however, for the purpose of this training, this table will suffice.

The Database Authentication Script

<?php
// Create a function due to the script components having to be called 2x
function userAuth() {
header('WWW-authenticate: Basic Realm="World Database"');
header('HTTP/1.0 401 Unauthorized');
print "You must provide a valid e-mail and password!";
exit;
}
// Check to see if the login prompt has been submitted
// If not, call up the login prompt, if so, check against
// the database
if (! isset($_SERVER['PHP_AUTH_USER'])) {
userAuth();
} else {
// Connect to the MySQL Server and use the
// world database (which houses the customers table)
$linkID1 = mysql_connect('localhost','root','training')
or die("Could not connect to $dbhost database");
mysql_select_db("world",$linkID1)
or die ("Could not connect to world database");
// Create variables for login data
$serverEmail = $_SERVER['PHP_AUTH_USER'];
$serverPass = $_SERVER['PHP_AUTH_PW'];
// Create and execute the verification
$login_query = "SELECT title, lname FROM customers
WHERE customerEmail = '$serverEmail'
AND passwd = SHA('$serverPass')";
$login_results = mysql_query($login_query, $linkID1);

Labels:

Comments

Post a Comment

Popular posts from this blog

PHP INTRODUCTION

                     PHP  (recursive acronym for  PHP: Hypertext Preprocessor ) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP stands for  P HP:  H ypertext  P reprocessor PHP is a server-side scripting language, like ASP PHP scripts are executed on the server PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.) PHP is an open source software PHP is free to download and use Why PHP? PHP runs on different platforms (Windows, Linux, Unix, etc.) PHP is compatible with almost all servers used today (Apache, IIS, etc.) PHP is FREE to download from the official PHP resource:  www.php.net PHP is easy to learn and runs efficiently on the server side What can PHP do? Anything. PHP is mainly focused on server-side scripting, so you can...
6 comments
Read more

MySQL General Architecture

        MySQL operates in a networked environment using a client/server architecture. In other words, a central  program acts as a server, and various client programs connect to the server to make requests. A MySQL  installation has the following major components: MySQL Server, Client programs and MySQL non client  utilities.  MySQL Server MySQL Server, or mysqld, is the database server program. The server manages access to the actual  database (schema) on disk and in memory. MySQL Server is multi-threaded and supports many  simultaneous client connections. Clients can connect via several connection protocols. For managing  database contents, the MySQL server features a modular architecture that supports multiple storage engines  that handle different types of tables (for example, it supports both transactional and non-transactional  tables). Keep in mind the difference between a server and a host. The server is s...
1 comment
Read more

MySQL Query Browser

     MySQL Query Browser is a cross-platform GUI client program that's intuitive and easy to use. It provides a graphical interface to the MySQL server for querying and analyzing data. The MySQL Query Browser provides a Connection dialog that enables a connection to a MySQL server. This section describes how to use the Connection dialog and the Main Query Browser GUI. Using the Connection Dialog MySQL Query Browser presents a Connection dialog when it starts or when the New Instance Connection … is selected from the File menu. Connecting to a MySQL server can be accomplished either by filling in the connection dialog box fields with the parameters required to connect to a server or selecting from among any predefined connection profiles. Connection Dialog Window:                To connect to a MySQL server by specifying connection parameters directly, fill in the  appropriate fields beginning with the ...
Post a Comment
Read more