Microsoft broke IE 6.0 SP1 on XP in January, requiring this patch to be able to log into our MySQL-authenticated website: http://www.microsoft.com/downloads/details.aspx?FamilyId=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en
Microsoft won't put out this patch into the regular XP updates (I guess because many websites use an alternate method and it doesn't impact as many people). You have to download it manually. Of course, this is generating many complaints and we even lost a few customers; people believe we're requring them to install software just to log in, when we're really just requiring they fix something Microsoft broke. So I really need an alternate MySQL-authenticated method. Surely they exist? I have a login page on an SSL-enabled Apache server that (I don't admin). Here's my code (you can download a complete copy from http://devidal.tv/~chris/mysql_auth.tar.bz2, including the SQL to create the members table). login.php: ========== <html> <head> <?php if ($_GET["login_failed"]) { ?> <script language="JavaScript"> <!-- alert ("Incorrect email address or password!"); // --> </script> <?php } ?> </head> <body> <form method="post" action="edit_agent.php"> <input type="text" name="email"> <input type="password" name="password"> <input type="submit" value="Log in"> </form> </body> ======= edit_agent.php: =============== <?php require_once ("open_db.php"); require_once ("check_login.php"); echo "You won't be able to see this unless you have a valid login."; require_once ("close_db.php"); ?> ============================== check_login.php: ================ <?php require_once ("valid_email.php"); $email = $_POST["email"]; if (!valid_email ($email)) { require_once ("close_db.php"); header ("Location: login.php?login_failed=true"); exit; } // Only alphanumeric $password = preg_replace ("/[^\w]/", "", $_POST["password"]); $query = " SELECT ID FROM members WHERE Email = '$email' AND Password = PASSWORD('$password') AND Active = '1' "; $result = @mysql_query ($query); // Only if we have matching records if ([EMAIL PROTECTED] ($result) >= 1) { require_once ("close_db.php"); header ("Location: login.php?login_failed=true"); exit; } ?> ===== valid_email.php: ================ <?php function valid_email($email) { if (ereg ("^([^[:space:]]+)@(.+)\.(.+)$", $email)) { return TRUE; } else { return FALSE; } } ?> ===== open_db.php is just mysql_connect and mysql_select_db, while close_db.php is just mysql_free_result and mysql_close. I've included them in the tarball above as well as the SQL you will need if you want to try this for yourself. Again, this code worked well until Microsoft broke IE. It still works if you apply the patch that Microsoft isn't rolling out to everyone. I'd considered using Apache's .htaccess files, but I haven't tried connecting that to MySQL for authentication. And I don't have admin access on the box to install anything on the server. Ideas?? /dev/idal "GNU/Linux is free freedom." -- Me -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
