Development Tutorials
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
 



Go Back   Dev Articles Community ForumsCommunityDevelopment Tutorials

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
  #1  
Old July 7th, 2002, 07:50 PM
mytch mytch is offline
Dev Articles Novice (500 - 999 posts)
 
Join Date: Apr 2002
Location: Sydney, Australia
Posts: 588 mytch User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Post Article Discussion: PHP, MySQL and Authentication 101

PHP, MySQL and Authentication 101 If you have any questions or comments about this article then please post them here.

You can read the article here .

Reply With Quote
  #2  
Old July 8th, 2002, 12:10 PM
liquid liquid is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Posts: 1 liquid User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Lightbulb Lost password

A functionnality i see missing here is the common 'i lost my password' thing. Since the only thing stored on the db seems to be the md5 of a pass (which is a good and common idea) it is virtually impossible to get the plain text password from it, and send it back to the user. So if one's site requires many steps of registering, account customizing, .... it might be a good idea to store the plain text password in the db table for the reminder purpose AND the pass' md5, and then still to compare both the stored md5s with the form entered pass' md5, don't you think ?

Reply With Quote
  #3  
Old July 8th, 2002, 12:59 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
What I would have done is (simplified a bit) to send a new password to the users e-mail adress.. If you're looking for examples, see how vBulletin and other poular software have done it..
__________________
Best Regards,
Håvard Lindset

Reply With Quote
  #4  
Old July 8th, 2002, 04:32 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
I think I read somewhere (maybe SitePoint) that when you insert the password into teh database, you use PASSWORD('password-here') and then you can always retrieve it as plain text. Not sure if this is correct...

-Corbb
__________________
Sincerely,
Corbb O'Connor, Author at DevArticles

Reply With Quote
  #5  
Old July 8th, 2002, 04:37 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Hey All,

I have a question of my own about the article: The article said that you could extend the system by adding user levels to it. How could this be accomplished? Would you have to add a field to the users table called level and then have another table called userLevels with fields for an ID and for what pages that level could/could not access? That just seems kind of long...putting every page in a database to see if somebody could access...

Thanks,
-Corbb

Reply With Quote
  #6  
Old July 8th, 2002, 04:39 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Damnit.. this post got moved while I was writing an answer to your question... so I will have to rewrite all of the code I wrote

Give me a few minutes..

Reply With Quote
  #7  
Old July 8th, 2002, 04:53 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
You'll have to rewrite a bit..

1. Add a column to the users table.. like this: ALTER TABLE users ADD COLUMN level TINYINT(2) UNREGISTERED NOT NULL;

2.. Add a variable to the top of every page called, say, $requiredLevel .. for example like this: $requiredLevel = 3; (depending on what userlevel you want to be able to access the page)

3. Change these parts of the code in the pages you ahve authentication on, not the login page:

$result = mysql_query("SELECT count(id) FROM users WHERE password='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

to

$result = mysql_query("SELECT count(id), level FROM users WHERE password='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
$userLevel = mysql_result($result, 1);

--- then change

if (!$num) {
// If the credentials didn't match,
// redirect the user to the login screen.
header('Location: login.php');
die();
}

to

if (!$num) {
// If the credentials didn't match,
// redirect the user to the login screen.
header('Location: login.php');
die();
} elseif ($requiredLevel > $userLevel) {
// Display message that the user doesn't have a high enough level to see this page.
echo "Your level is too low.";
die();
}


Now this implementation is pretty basic and straight-forward.. it could've be done better.. I'll let you improve it in any way you want to... If I were coding a really advanced auth system I'd be comparing bitmasks and stuff like that, but that's a bit too advanced to explain on this forum..

Note: I haven't tested this, but it should work allright

Reply With Quote
  #8  
Old July 8th, 2002, 05:03 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Harvard,

What does the following code do?
Code:
$userLevel = mysql_result($result, 1);
I've seen this a lot lately...

And can you briefly explain what bitmasks are?

Thanks,
Corbb

Reply With Quote
  #9  
Old July 8th, 2002, 05:39 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Quote:
Originally posted by WebGuy
Harvard,

What does the following code do?
Code:
$userLevel = mysql_result($result, 1);
I've seen this a lot lately...

And can you briefly explain what bitmasks are?

Thanks,
Corbb


mysql_result($result, 1) grabs the column with the offset 1 from the result-set $result ..

instead of using the column offset, you could use mysql_result($result, "level"); sorry about that, should've used it from the start...

for the bitmask, I'll see if I can find something about it on the web

Reply With Quote
  #10  
Old July 8th, 2002, 05:51 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Thanks Harvard...but what do you mean by offset? If it's the first column of eight, and I want column #2, would I put a 2 there? Or a 6?

Thanks,
Corbb

Reply With Quote
  #11  
Old July 8th, 2002, 05:57 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Quote:
Originally posted by WebGuy
Thanks Harvard...but what do you mean by offset? If it's the first column of eight, and I want column #2, would I put a 2 there? Or a 6?

Thanks,
Corbb


let's say you have this query:
SELECT id, title, name, email FROM someTable;

the offsets would be:
0 = id
1 = title
2 = name
3 = email

The reason I used offsets and mysql_result in the article was that I only had one value to select, that only would occur once.. + the count() is nameless unless you type "count(*) as someName" .. which creates an "alias" for the count.. eh, I'm starting rambling now, sorry 'bout that.. :P

Reply With Quote
  #12  
Old July 8th, 2002, 06:44 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
So if I had:
PHP Code:
<?php

$sql 
mysql_query("SELECT ID, Content FROM Articles WHERE ID='$id'");
$result = ($sql2);

?>
That would then select the Content part?

Thanks,
Corbb

Reply With Quote
  #13  
Old July 8th, 2002, 06:53 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Quote:
Originally posted by WebGuy
So if I had:
PHP Code:
<?php

$sql 
mysql_query("SELECT ID, Content FROM Articles WHERE ID='$id'");
$result = ($sql2);

?>
That would then select the Content part?

Thanks,
Corbb


it would select a non-existing field.. 1 would return content..
I advise you to use the fields name instead though.. better readability

Reply With Quote
  #14  
Old July 8th, 2002, 06:58 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Harvard,

Okay...Thank you very much.

So in my code just replace the 2 with "content"?

Thanks,
Corbb

Reply With Quote
  #15  
Old July 11th, 2002, 11:07 AM
EL Loco EL Loco is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: NL
Posts: 5 EL Loco User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Question

I'm using you script right now, thanks for that, but i'm getting the sam error over and over again
Quote:
Parse error: parse error in c:\program files\apache group\apache\htdocs\rpg\page2.php on line 13

but I can't find what I'm doing wrong, this is the source:
PHP Code:
<?php
error_reporting
(E_ALL);
session_start();

if(!
$_session['user'] || !$_seesion['pass']) {

header('Location: login.php');

}else{
     
$db mysql_connect('localhost''roald') or die ("Couldn't connect to database");
     
mysql_select_db('rpg') or die("coudn't select the databse");
     
$result mysql_query("select(user_id) FROM rpg_users WHERE password='$_session[pass]'
// line 13    
 AND username='
$_session[user]'" or die("couldn't Query the user-database.");
     
$num mysql_result($result0);
if (!
$num)
{
    
header('location: login.php');
    die();
}
}

echo 
"Acces granted";
?>

can somebody please tell me what i did wrong?
I'm staring at it for 1 hour

Reply With Quote
  #16  
Old July 11th, 2002, 11:40 AM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Hi EL Loco,

remember that variables are case sensitive.. try switching $_session with $_SESSION.

I also found this typo: ($_seesion['pass'])

Quote:
if(!$_session['user'] || !$_seesion['pass']) {


that shouldn't really give a parse error though

Reply With Quote
  #17  
Old July 11th, 2002, 11:53 AM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
If you setup your database using the code in the article (at the beginning), you have to change a few things in the form authentication part:

If you get an error that says, "Cannot query the user-database." try changing:

username to userName, userpassword to userPass, and userid to userId. As Håvard said, they're all case sensitive.

Hope that helps,
Corbb

Reply With Quote
  #18  
Old July 11th, 2002, 12:19 PM
EL Loco EL Loco is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: NL
Posts: 5 EL Loco User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Thanks everybody for the reply's, but I still get that freaking error

Reply With Quote
  #19  
Old July 11th, 2002, 12:25 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
What about $_SESSION('userName'); and $_SESSION('userPass');

Something else that could be causing this is that your server doesn't have PHP 4.0.1. Try using the extended variable. (I think it's something like $HTTP_SESSION_VARS...not sure though....Lindset?)

Hope that helps,

Reply With Quote
  #20  
Old July 11th, 2002, 12:33 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
You're missing a closing bracket:

AND username='$_session[user]'") or die("couldn't Query the user-database.");
__________________
____________________________________________
Developer Shed Weekly Writer | DevArticles Forum Moderator
Build Your Own KlipFolio Klip With PHP
FrankManno.com - Under Construction
Design Interactive Group - Under Construction

Reply With Quote
  #21  
Old July 11th, 2002, 12:34 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Good eyes, Frank!!

Reply With Quote
  #22  
Old July 11th, 2002, 12:38 PM
EL Loco EL Loco is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: NL
Posts: 5 EL Loco User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Quote:
Originally posted by FrankieShakes
You're missing a closing bracket:

AND username='$_session[user]'") or die("couldn't Query the user-database.");

thank You

Reply With Quote
  #23  
Old July 11th, 2002, 12:42 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes

Reply With Quote
  #24  
Old July 11th, 2002, 12:42 PM
Lindset Lindset is offline
weirdomoderator
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Location: Alta, Norway
Posts: 370 Lindset User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Send a message via ICQ to Lindset Send a message via AIM to Lindset
Damn you, frankie! How come I didn't notice that?

Reply With Quote
  #25  
Old July 11th, 2002, 12:43 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
Quote:
Originally posted by Lindset
Damn you, frankie! How come I didn't notice that?


Hehehe... I guess the Tylenol #3 (extra extra strength) is helping me more than I thought!

Reply With Quote
  #26  
Old July 11th, 2002, 12:46 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
lol

Reply With Quote
  #27  
Old July 11th, 2002, 12:49 PM
EL Loco EL Loco is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: NL
Posts: 5 EL Loco User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Ok, that works, but if have another question (a lot if I'm honest )
How can I log out if I haven't made the logout page?
if I want to test the login with a few adjustments made he tels me

You are already logged in, with a reboot nothing happens

Reply With Quote
  #28  
Old July 11th, 2002, 12:50 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
Quote:
Originally posted by WebGuy
lol


Corbb,

When's your site launching? I'm interested in taking a look at what it offers!

Reply With Quote
  #29  
Old July 11th, 2002, 12:57 PM
WebGuy WebGuy is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2002
Posts: 54 WebGuy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Hey Frank,

It will be up (hopefully) in a couple weeks. if you sign up for the mailing list, you'll be notified when it goes live.

-Corbb

<edit>The mailing list signup is on the temporary home page.</edit>

Last edited by WebGuy : July 11th, 2002 at 01:13 PM.

Reply With Quote
  #30  
Old July 12th, 2002, 03:30 AM
EL Loco EL Loco is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: NL
Posts: 5 EL Loco User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
does anybody know how I can log out whitout a logout-page?
I haven't created that one, and I have made some adjustment to the login page, and I want to test that. But het keeps telling:
Quote:
You're logged in
so I can't test my page.

Reboot doesn't work by this problem

Reply With Quote
Reply

Viewing: Dev Articles Community ForumsCommunityDevelopment Tutorials > Article Discussion: PHP, MySQL and Authentication 101


Developer Shed Advertisers and Affiliates


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap