Stuff I'm using here, could be better, but it's a start:
---
For MySQL (or other SQL database):
cat create_access_tbl.sql
/* --- FBI Access Control Database Format --
* This is the proposed format for the access control database.
* Use mysql to recreate the database if needed.
*
* MySQL-Dump
* Database: access_control
* Table structure for table 'access_control'
* This assumes that there's an existing MySQL database.
* Use:
* $ mysql -u admin -pthePassword the_database create_access.tbl.sql
*/
CREATE TABLE access_control (
primary_key MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT,
user VARCHAR(50) NOT NULL,
password VARCHAR(30) NOT NULL,
userlevel TINYINT(3),
email varchar(50) NOT NULL,
PRIMARY KEY (primary_key),
KEY (user)
);
---
class AccessControl {
function Verify($name, $passwd){
if ($DB = mysql_connect(localhost, the_login,
the_password)){
if($DEBUG){
echo Connection to Database OK...br\n;
}
}
else {
echo Database Connection Errorbr;
echo Failed to Connect to Databasebr;
return null;
}
mysql_select_db(access_control) or die(Database
connection failed [fbi] . mysql_er
ror());
if($DEBUG){
echo Database access_control selected...br\n;
}
$result = mysql_query(SELECT * FROM access_control
WHERE user = '$name' AND password = '$passwd')
or die (Query failed: . mysql_error());
if($row = mysql_fetch_array($result)){
/* the right person is in the database, return the
email address as
we
will need it later */
return $row[email];
}
else{
return null; /* nope */
}
}
}
---
Use:
$acl = new AccessControl();
$email = $acl-Verify($name, $password);
if($email == null){
// let the end user know about it, or something else
}
else {
// let the end user continue
}
---
Then pass in the $name and $password from a previous screen in forms of an
input field, either through a login screen, or then if there's a chain of
screens, continue passing this along with a hidden field. This means anyone
trying to get to the further screens will be blocked as the right login and
passwd is not passed around. Yes I know, I could have used sessions, but I
think this was more approprate in case cookies are disabled, and otherwise
just felt it was more appropriate to carry the state around.
Anyway, sure there are holes and such, but hope this helps, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
