Subject | RE: [firebird-php] Re: Username and password authentication |
---|---|
Author | Nigel Weeks |
Post date | 2006-10-31T22:05:16Z |
OK, this might be rough, but here goes:
Create a table like so:
------------------------------------------------
CREATE TABLE tbl_user (
int_userid INTEGER NOT NULL,
str_username VARCHAR(32) NOT NULL,
str_password VARCHAR(32) NOT NULL,
str_fullname VARCHAR(64),
int_authlevel INTEGER,
PRIMARY KEY(int_userid),
UNIQUE(str_username)
);
CREATE GENERATOR GEN_TBL_USER_USERID;
------------------------------------------------
Then, here's a simple authentication script
-------- index.php -------
<?php
session_start();
// This function gets values from the SuperGlobals, and makes sure they're
safe to use for DB queries
function getGlobString($var) {
// Extracting a string variable from the superglobals
// Initialise the empty variable
unset($result);
// Test the Session first
if(isset($_SESSION[$var])){
if(is_string($_SESSION[$var])){
$result = $_SESSION[$var];
}
} elseif(isset($_POST[$var])){
if(is_string($_POST[$var])){
$result = $_POST[$var];
}
} elseif(isset($_GET[$var])){
if(is_string($_GET[$var])){
$result = $_GET[$var];
}
} // End of hierarchical SuperGlobal check
if(!isset($result)){
// Handle error quietly - hide from UI
error_log("getGlobNum: No valid string values in SuperGlobals for
variable '".$var."'");
} else {
// Do the final return, escaping single quotes with double quotes for
Firebird use
return str_replace("'","''",$result);
} // End of unset return handler
} // End of getGlobString function
// And now, for the main script
// Pull variables from the SuperGlobals
$username = getGlobString("username");
$password = getGlobString("password");
$action = getGlobString("action");
if($_SESSION[uid] == ""){
// The session variable is empty, which means we're not logged in
if($username != "" && $password != "" && $action == "Login"){
// Ok, we're got username and password supplied. Let's get the login
$sql = "select * from tbl_user where str_username = '".$username."' and
str_password = '".$password."'";
$rec = ibase_query($sql) or die("Sorry, bad query");
if(!$obj = ibase_fetch_object($rec)){
echo "No account information found for that username/password
combination<br>";
} else {
echo "Valid account. Setting session variable<br>";
$_SESSION[uid] = $obj->INT_USERID;
} // End of valid recordset returned
} // End of username and password supplied for login
} // End of empty session variable
// Here, we test the session variable again, in case the login was
unsuccessful
if($_SESSION[uid] == ""){
echo "<form method=post action=index.php>Please login.<br>
Username<br><input type=text name='username' value='".$username."'><br>
Password<br><input type=text name='password'><br>
<input type=submit name='action' value='Login'></form>";
} else {
// Display the rest of your application here, or display a link to continue
} // End of empty session variable check
?>
--------- End of index.php ----------
Hope this helps!!
Nige
I guess I am not making myself clear. The following is what I am
looking for.
1) Just the code, simple code where I can change it to my needs.
2) A code where a user/pass table is created.
3) A session is created.
4) Check the table to see if the user is authorized or not to log
in. Depending on which user log in I will generate one type of
report. For example, if user1 logs in a salary report will be
generated, is user2 logs in an address report will be generated and
so on.
Once the user is done session will be ended.
Hope this help and once again thank you for your responses.
Anna
Create a table like so:
------------------------------------------------
CREATE TABLE tbl_user (
int_userid INTEGER NOT NULL,
str_username VARCHAR(32) NOT NULL,
str_password VARCHAR(32) NOT NULL,
str_fullname VARCHAR(64),
int_authlevel INTEGER,
PRIMARY KEY(int_userid),
UNIQUE(str_username)
);
CREATE GENERATOR GEN_TBL_USER_USERID;
------------------------------------------------
Then, here's a simple authentication script
-------- index.php -------
<?php
session_start();
// This function gets values from the SuperGlobals, and makes sure they're
safe to use for DB queries
function getGlobString($var) {
// Extracting a string variable from the superglobals
// Initialise the empty variable
unset($result);
// Test the Session first
if(isset($_SESSION[$var])){
if(is_string($_SESSION[$var])){
$result = $_SESSION[$var];
}
} elseif(isset($_POST[$var])){
if(is_string($_POST[$var])){
$result = $_POST[$var];
}
} elseif(isset($_GET[$var])){
if(is_string($_GET[$var])){
$result = $_GET[$var];
}
} // End of hierarchical SuperGlobal check
if(!isset($result)){
// Handle error quietly - hide from UI
error_log("getGlobNum: No valid string values in SuperGlobals for
variable '".$var."'");
} else {
// Do the final return, escaping single quotes with double quotes for
Firebird use
return str_replace("'","''",$result);
} // End of unset return handler
} // End of getGlobString function
// And now, for the main script
// Pull variables from the SuperGlobals
$username = getGlobString("username");
$password = getGlobString("password");
$action = getGlobString("action");
if($_SESSION[uid] == ""){
// The session variable is empty, which means we're not logged in
if($username != "" && $password != "" && $action == "Login"){
// Ok, we're got username and password supplied. Let's get the login
$sql = "select * from tbl_user where str_username = '".$username."' and
str_password = '".$password."'";
$rec = ibase_query($sql) or die("Sorry, bad query");
if(!$obj = ibase_fetch_object($rec)){
echo "No account information found for that username/password
combination<br>";
} else {
echo "Valid account. Setting session variable<br>";
$_SESSION[uid] = $obj->INT_USERID;
} // End of valid recordset returned
} // End of username and password supplied for login
} // End of empty session variable
// Here, we test the session variable again, in case the login was
unsuccessful
if($_SESSION[uid] == ""){
echo "<form method=post action=index.php>Please login.<br>
Username<br><input type=text name='username' value='".$username."'><br>
Password<br><input type=text name='password'><br>
<input type=submit name='action' value='Login'></form>";
} else {
// Display the rest of your application here, or display a link to continue
} // End of empty session variable check
?>
--------- End of index.php ----------
Hope this helps!!
Nige
I guess I am not making myself clear. The following is what I am
looking for.
1) Just the code, simple code where I can change it to my needs.
2) A code where a user/pass table is created.
3) A session is created.
4) Check the table to see if the user is authorized or not to log
in. Depending on which user log in I will generate one type of
report. For example, if user1 logs in a salary report will be
generated, is user2 logs in an address report will be generated and
so on.
Once the user is done session will be ended.
Hope this help and once again thank you for your responses.
Anna
--- In firebird-php@yahoogroups.com, "Rick Debay" <rdebay@...> wrote:
>
> Accessing that link returned:
>
> Database error: pconnect(peony.yessoftware.com, yssite_des,
$DBPassword)
> failed.
> MySQL Error: 0 ()
> Session halted.
>
> :-)
>
> -----Original Message-----
> From: firebird-php@yahoogroups.com [mailto:firebird-
php@yahoogroups.com]
> On Behalf Of David at PFI
> Sent: Tuesday, October 31, 2006 9:43 AM
> To: firebird-php@yahoogroups.com
> Subject: [firebird-php] Re: Username and password authentication
>
> You may want to take a look at Codecharge
> http://www.yessoftware.com/products/product_detail.php?product_id=1
> <http://www.yessoftware.com/products/product_detail.php?
product_id=1>
>
> It is like a front end builder for dummies. In less that 5
minutes you
> can build a login page with authentication. If you need help
connecting
> it to Firebird, just let me know and I can give a few pointers.
>
> I had to resort to using Codecharge after my developer found
another
> job, since I was unable to hand code enough to get the project
> completed.
>
> If you use the trial, the app you build will still function after
the
> trial has expired.
>
> good luck.
>
> --- In firebird-php@yahoogroups.com, "anna_ppalm" <anna_ppalm@>
> wrote:
> >
> > Hello
> >
> > Can anyone give me some code for a username/pass PHP-firebird
table
> and
> > html??
> >
> > I will have just a few users with will login from different
computer.
> I
> > would have to validate their IP address, username and pass. Once
all
> of
> > it is done, each of them would be able to access the DB which in
turn
> > would generate a different report for each user.
> >
> > In advance I thank you for your help.
> >
> > Anna
> >
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
> Yahoo! Groups Links
>