Wish I could point you to a good tutorial, but instead I'll try and give
you the gist of it, based on my experience.
A great way to do what you want to do is to combine MySQL user lookups
with .htaccess security. This prevents anyone from accessing the pages
you don't want them to, and cuts down on coding time in that you don't
need to create login scripts. You just need some simple code in a header
that verifies $HTTP_SERVER_VARS['PHP_AUTH_USER'] and
$HTTP_SERVER_VARS['PHP_AUTH_PASS'] against the entries in the database,
and shoots back an error if they weren't found.
The other thing you'll need is a program that automatically generates a
.htpasswd file from the entries in your database.. that's as simple as:
<?php
$db = mysql_connect('localhost','user','pass');
mysql_select_db('users');
$sql = "SELECT username,password FROM users ORDER BY username";
$result = mysql_query($sql);
$fp = fopen('/path/to/folder/below/document/root/.htpasswd','w');
while ($data =mysql_fetch_array($result)) {
fputs($fp, $data['username'].':'.crypt($data['password'])."\n");
}
fclose($fp);
mysql_free_result($result);
mysql_close($db);
?>
And, of course, you need to put in the folders you want to protect, the
.htaccess file:
AuthType Basic
AuthName "Protected Directory"
AuthUserFile /path/to/folder/below/document/root/.htpasswd
AuthGroupFile /dev/null
Require valid-user
This is untested code, and should work fine, but it may have something
silly like a syntax or parameters error or something I overlooked.
Hope this helps.
Mike Eheler
Software Developer - Web Division
SearchBC.com
René Fournier wrote:
>I'm looking for a good (simple) tutorial on user authentication. I want to
>create a login system that's secure, but I don't need all the features that
>PHPBuilder's "A Complete, Secure User Login System" scripts provide. (I
>don't need the the user to be able to register or confirm his account,
>change his email or password, etc.) Basically, I can/will set the usernames
>and passwords myself via MySQL. All I want the login system to do is
>securely check against the db and then create a session.
>
>That's the other problem. I'm a little confused about this cookie
>creation/session stuff. Am I correct in assuming that the way it works is
>that I should wrap every bit of PHP code around a isUserAuthenticated()
>function?
>
>I suppose what I need is a general tutorial on authentication, assuming the
>user of cookies, PHP4 and MySql. Any ideas?? (Thanks.)
>
>...Rene
>
>---
>Rene Fournier
>[EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
