Skip Navigation LinksHome > Categories > Code from a Category

Installation of protection to a page using MySQL and PHP



User Name: serfcompany
Name: Serf
Contact Me: www.datawebcoder.com
Home Page: www.datawebcoder.com
php,mysql,javascript,html,css. Preferable working with Zend Framework. Good know javascript. I worked with various, javascript frameworks such as(jquery, YUI3, extjs, sencha touch). [More]
Viewed Times: 1230
Add Date: 02/25/2012
This is - a tutorial that should show you the basics of your pages in a sheltered network, using http authentication. Instead of the traditional. Htaccess method (apache server), we're going to use to store data about users and their passwords in mysql. I will try to chew everything possible to that to my mind is required for a beginner to learn mysql and php.

In principle, on the basis of this program you can use any dbms (database management system). Why are interested in this method? Well, for example, if only because if you use a database, you can easily allow only a certain group (man) have certain rights to access some information. If you are using the traditional. Htaccess method of Apache, you must manually add the user and password in the password file. A priimuschestvo this method, well .... look for yourself.
The software is necessary:
* Nix platform (linux, unix, * bsd) · php 3.0.x and php 4.x · mysql (any version)


Step number one


The first thing to find out what we want to allow users who are in our database, to gain access to this page? And how are we going to do it? (Many people do not really like, but you have to get used to programming, taking a paper and write down all of the requirements that we want to get on the bend, in the long run you will save hours or maybe days, to make changes to your code (note))


1. Check whether the user is already authenticated.
2.If not, send a message to the browser, with a message and a form for access.
3.If the user clicks on the cancel button does not allow him to access and redirect him to go on ... 403: Access rejected, or show (fig j) a simple message.
4.If the user has filled in a username and password combination, check them out for mysql database, and make sure they are correct, a positive outcome to allow access.


If you do not understand everything, do not worry, it will become clear later (maybe ever)!


Step Two - Create our database


We want the database to store names (login) and password to our users. Required fields can easily be added to an existing database, but we assume for now that you do not add to the existing database and create a new one.
The following code is a description of how to do it. Guess if you have on your computer is completely Apache that it is necessary, you can proceed immediately:)



We now have a database to store its users, it assumes that the username to 25 characters and passwords up to 15 characters. (If you for some reason does not fit, set the way you see fit) username should be "primary key" and be "unique" because we do not want 2 or more people have the same username.


Please note that usernames will be sensitive to the next case, the user 'vasya' will be identified other than the user 'vasya', simply put is case sensitive. Now we add in mysql test user to use his data for the tests, when we create a php page.



It is for that that, when we want to check username and password, a person registered in our database, we will use user "httpuser" with password "mypassword". Finally, we must add a login and password of the person we want to allow access.



I deliberately did not prog in the encrypted data, in order, so if you lose your password can decrypt it, and to simplify the receipt thereof to a minimum:)) All of mysql finished now go on!


Step Three - write php code


Before we begin, I will describe in brief what the program will do. When you get to a secure page, the server sends the query and displays the page to enter username and password.
If you click cancel or do not enter the correct data, the server will send you (401 Unauthorized header, and will be denied access.) - So normally carries a string (401 unauthorized header, and deny access) will not explain in my best not to say!


That's the trick works is tested can be used where you want when you want and how you want to, change, improve, if you can reduce the code up to two lines, while maintaining the functionality of the program, be sure to send it to me!


In this section, we will quickly examine each line in order to warn beforehand passionate exchange of questions in a comment to this short article.


Line 3: This function will display a message if the "evil user" hard left to enter the data. I made this function, because we use it twice, and simply to reduce the source code.
Line 7: Since we are using that title, too, twice, I also made it feature.
Line 8: Transfer the browser header, which will make the user enter the same username and password. The variable $ title will be displayed in the login dialog.
Line 9: In the first query is displayed in the title of the abolition of re-displays the message access denied.
Line 12: $ php_auth_user loop that prints a message stating that they say the program is protected, and get out there!
Line 19-23: This is something that no one except you knows what is means for connection from the database host name, Ima database, the user name and password. (to connect with mysql)
Row 24: Request to mysql that returns the names and passwords.
Row 25: Establish a connection with mysql and put a curse if the connection will not! (this means that you have something wrong in lines 19-23, or no mysql)
Row 27: Process $ query. If the returns - 0, this means that the combination has been entered is invalid.
Row 33: Disconnect connect with mysql.


I would recommend to save php code in a file navaniem user_auth.php, user_auth.php3, or ... (Here your imagination on this topic) Let us assume that still kept the code in the file user_auth.php.
Whenever we wanted sudden top-secret program to protect our users, we simply connect the file.


Your question - I do not use mysql, how to be?


Check with your server admin, if he is good, it will help you, for it is 5 minutes of work, if the evil it does not help, then go to the forum related to the database you are using and scream for help!
Or, if you consider yourself a normal programmer, you do not need this code, and you will create a "session" encrypted with pgp in general subverted as if you are doing to protect amazon.com

Post a Comment

Name: (Optional)
Email: (Optional, you can get an email if somebody replys your comments)*
Email me if somebody respons my comment below:
Details**:
Enter Text
as Below:
(case insensitive, if hard to read, click the "get a new one" button)
 
    
* Your email address will not be shared with any third parties for any reason.
** Maximum 1000 charactors.