i use this script with apache/php/mysql
<?
mysql_connect("$server", "$user", "$pass");
mysql_select_db("$database");
$auth = false;
if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW)) {
$sql = "SELECT Password FROM users WHERE UserID = '$PHP_AUTH_USER'";
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {
$password = $row[Password];
}
$salt = substr( $password , 0 , 2 );
$enc_pw = crypt( $PHP_AUTH_PW, $salt );
if ($password == "$enc_pw") {
$auth = true;
}
}
if (!$auth) {
header( 'WWW-Authenticate: Basic realm="Login to phpHelpDesk"' );
header( 'HTTP/1.0 401 Unauthorized' );
print 'Authorization Required.';
exit;
}
?>
then you can always reach the userid with $PHP_AUTH_USER
/Mattias Aka BoNzO
http://bonzo.sineleven.nu
-- Original Message --
From: Cato Larsen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Send: 01:47 AM
Subject: [PHP-DB] Member authentication with PHP and MySQL
Hi!
I'm trying to authenticate members by using php and MySQL.
This is what I've come to so far:
<?php
$auth = false; // Assume user is not authenticated
if (isset( $email ) && isset($password)) {
// Connect to MySQL
mysql_connect( 'localhost', 'Xephiroth', 'lordoftherings' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'members' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM memberinfo WHERE
email = '$email' AND
password = '$password'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="Members only"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required to enter the member area';
exit;
} else {
echo '
-SITE CONTENT-
'; } ?>
How do I make the authentication to go to site:
members.php?charnick=$charnick
Where $charnick is brung from the DB line who was authenticated?
So that Peter won't end up at John 's membersite?
Thanks for your time and expertese!
Best regards Cato
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]