Re: [PHP] best user authentication method?

Miles Thompson Wed, 17 Jan 2001 16:56:28 -0800

Opps -
Forgot -- dbname.inc just contains the name of the database.<? $auction = 
"auction" ?>
In production it also contains the name of the user and the password.
Miles

At 08:44 PM 01/17/2001 -0400, Miles Thompson wrote:
>IIS I'm not familiar with, and Apache has a native scheme involving .htaccess.
>
>If you want a portable authentication method, I'd recommend authenticating 
>against a list of users/passwords contained in a database. Using MySQL, 
>PostgreSQL or Interbase would keep your database platform neutral, and low 
>cost.
>
>Here's code picked up from a Rasmus Lerdorf article which authenticates 
>against a MySQL database, there are variations on this everywhere. I put 
>this in a file called auth.inc, and then the top of every page which 
>requires authentication simply includes "auth.inc".
>
>------------cut------------
><?       require( "dbname.inc" );
>     function authenticate() {
>         Header("WWW-authenticate: basic realm=\"Auction Maintenance\"");
>         Header("HTTP/1.0 401 Unauthorized");
>         $title="Invalid Login";
>         include( 'header.inc' ); ?>
>         In order to proceed you will need a valid username/password.
>         <?include ("footer.inc");
>         exit;
>     }
>
>     if(!isset($PHP_AUTH_USER)) {
>         authenticate();
>     } else {
>         mysql_pconnect("localhost","root")
>             or die("Unable to connect to SQL server");
>         mysql_select_db( "$auction" ) or die("Unable to select database");
>         $login_id=strtolower($PHP_AUTH_USER);
>         $query = mysql_query("select * from admin where 
> cAdminId='$login_id'".
>                              " and cPassword='$PHP_AUTH_PW'");
>         if(!mysql_num_rows($query))
>            {
>            authenticate();
>            }
>         else
>            {
>            include( 'header.inc' );
>            }
>     }
>?>
>---------------------- cut ---------------------------
>
>Hope this is useful. If you use PostgreSQL the calls will be different, 
>and it may be best to use ODBC, then you will truly have portability.
>
>Regards - Miles Thompson
>
>
>
>At 11:27 PM 01/16/2001 -0500, Romulo Roberto Pereira wrote:
>>hello!
>>
>>What is the best user authentication methd for linux (apache)? and for 
>>windows (IIS)?
>
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] best user authentication method?

Reply via email to
