Skip to main content

Database Authentication

The final, and most complete of the three PHP authentication methods, is the utilization of a database to
maintain and manage the usernames and passwords used to access PHP files. This solution provides
advanced capabilities in administering authentication systems but also provides incredible flexibility and
scalability to incorporate the authentication system into the database system as a whole. The first step of
the process involves creating the user tables that will be used to house the authentication data.

Storing Authentication Data

The following table will be used to manage the storage of the login information that will be used by PHP to
manage logins:

CREATE TABLE `customers` (
`customerEmail` VARCHAR(40) NOT NULL, `lname` VARCHAR(25) NOT NULL,
`fname` VARCHAR(25) NOT NULL, `title` ENUM('Mr.', 'Mrs.', 'Miss', 'Ms.','Dr.'),
`passwd` VARCHAR(30), PRIMARY KEY (`customerEmail`)
);

The idea of using the customerEmail as the login in identifier has become standard practice in many web
applications these days. As far as an email being a primary identifier for the customer, it is perfect; It is
unique (no two people could have the exact same e-mail account), it is specific to the user and it is an
alternate means to contact the user. In this table, there could be additional columns used to support other
areas of the application; however, for the purpose of this training, this table will suffice.

The Database Authentication Script

<?php
// Create a function due to the script components having to be called 2x
function userAuth() {
header('WWW-authenticate: Basic Realm="World Database"');
header('HTTP/1.0 401 Unauthorized');
print "You must provide a valid e-mail and password!";
exit;
}
// Check to see if the login prompt has been submitted
// If not, call up the login prompt, if so, check against
// the database
if (! isset($_SERVER['PHP_AUTH_USER'])) {
userAuth();
} else {
// Connect to the MySQL Server and use the
// world database (which houses the customers table)
$linkID1 = mysql_connect('localhost','root','training')
or die("Could not connect to $dbhost database");
mysql_select_db("world",$linkID1)
or die ("Could not connect to world database");
// Create variables for login data
$serverEmail = $_SERVER['PHP_AUTH_USER'];
$serverPass = $_SERVER['PHP_AUTH_PW'];
// Create and execute the verification
$login_query = "SELECT title, lname FROM customers
WHERE customerEmail = '$serverEmail'
AND passwd = SHA('$serverPass')";
$login_results = mysql_query($login_query, $linkID1);

Comments

Popular posts from this blog

PHP INTRODUCTION

                     PHP  (recursive acronym for  PHP: Hypertext Preprocessor ) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP stands for  P HP:  H ypertext  P reprocessor PHP is a server-side scripting language, like ASP PHP scripts are executed on the server PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.) PHP is an open source software PHP is free to download and use Why PHP? PHP runs on different platforms (Windows, Linux, Unix, etc.) PHP is compatible with almost all servers used today (Apache, IIS, etc.) PHP is FREE to download from the official PHP resource:  www.php.net PHP is easy to learn and runs efficiently on the server side What can PHP do? Anything. PHP is mainly focused on server-side scripting, so you can...

Data Encryption

Data encryption is the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. The intended recipient can then decode (or decrypt) the information. PHP offers multiple means to make this happen. However, none of these solutions are very effective without the applications running on secure servers and connections. The following are a list of the more common encryption functions in PHP: • md5() - MD5 is a third-party hash algorithm that PHP can use to create a digital fingerprint of a piece of data. It is next to impossible to (efficiently) recover the original text when a piece of data has been encrypted with the md5 hash algorithm. It is also vastly unlikely that any different text string will create an identical hash - a 'hash collision'. These properties make hashes ideally suited for storing an application's passwords because although an attacker may compromise a part of the system...

Delimiting PHP Code

                           PHP was originally designed to be used in conjunction with a web server, and in the case of the LAMP architecture, the Apache Web Server.  PHP applications are designed embedding PHP scripts within a web page along with its HTML.  Unlike standard HTML pages which are sent directly from the web server to the end user, PHP files are first interpreted by the PHP application which then converts the PHP script into another form for display.  This process eliminates the end user from being able to see the original PHP script that was embedded in the HTML and provides  true interaction in HTML files.  This process is similar to proprietary applications such as ASP and Coldfusion; however, PHP is Open Source and cross- platform. PHP Tags             PHP scripts are distinguished from the HTML scripts by using delimiting characters ...