IIS I'm not familiar with, and Apache has a native scheme involving .htaccess.
If you want a portable authentication method, I'd recommend authenticating
against a list of users/passwords contained in a database. Using MySQL,
PostgreSQL or Interbase would keep your database platform neutral, and low
cost.
Here's code picked up from a Rasmus Lerdorf article which authenticates
against a MySQL database, there are variations on this everywhere. I put
this in a file called auth.inc, and then the top of every page which
requires authentication simply includes "auth.inc".
------------cut------------
<? require( "dbname.inc" );
function authenticate() {
Header("WWW-authenticate: basic realm=\"Auction Maintenance\"");
Header("HTTP/1.0 401 Unauthorized");
$title="Invalid Login";
include( 'header.inc' ); ?>
In order to proceed you will need a valid username/password.
<?include ("footer.inc");
exit;
}
if(!isset($PHP_AUTH_USER)) {
authenticate();
} else {
mysql_pconnect("localhost","root")
or die("Unable to connect to SQL server");
mysql_select_db( "$auction" ) or die("Unable to select database");
$login_id=strtolower($PHP_AUTH_USER);
$query = mysql_query("select * from admin where
cAdminId='$login_id'".
" and cPassword='$PHP_AUTH_PW'");
if(!mysql_num_rows($query))
{
authenticate();
}
else
{
include( 'header.inc' );
}
}
?>
---------------------- cut ---------------------------
Hope this is useful. If you use PostgreSQL the calls will be different, and
it may be best to use ODBC, then you will truly have portability.
Regards - Miles Thompson
At 11:27 PM 01/16/2001 -0500, Romulo Roberto Pereira wrote:
>hello!
>
>What is the best user authentication methd for linux (apache)? and for
>windows (IIS)?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
