View previous topic :: View next topic |
Author |
Message |
jonleow -
Joined: 29 Apr 2004 Posts: 48
|
Posted: Tue Jun 22, 2004 4:49 am Post subject: user authentication |
|
|
hi guys, im back!
im trying to do user authentication now in my website. The pages that i want to restrict from unauthorised users, where should i keep it?
C:\Program Files\Abyss Web Server\htdocs\ or
C:\Program Files\Abyss Web Server\cgi-bin ?
After someone has authorised himself by entering the correct username and password, how do i direct him to the protected pages? Below is a script that i have learned from a book. Will any php guru please take a look and tell me how can i modify it to do my bidding?
<?php
//continue a process, depending on the value of the $do variable.
//if this is the first time to access this script, the $do variable
//has no value.
switch($do) {
//if the value of $do is "authenticate", continue this process
case "authenticate":
//when submitting a form, php automatically assigns values to
//variables with name matching the form fields. In this case, $username
//and $password have already been created, transparently.
//open the database connection
mysql_connect("localhost", "booker", "spinner") or die ("unable to connect to mysql");
mysql_select_db("user") or die ("unable to select database");
//formulate the query
$sql = "SELECT id FROM user WHERE username='$username' and password='$password'";
//Execute the query and put results in $result
$result = mysql_query($sql) or die ("unable to get results");
//Get number of rows in $results. Should be 0 if invalid and 1 if valid.
$num = mysql_numrows($result);
//Present results based on validity
if ($num==1) {
echo "You are a valid user";
echo "your username and password is '$username' and '$password'";
}
else if ($num==0) {
unset($do);
echo "you are not authorized! Please re-enter your info";
//The next command automatically places the contents of
//login_form.inc at this position; the HTML form fields will display.
include("login_form.inc");
}
break;
default:
//The default case, means "if no value exists for $do, or if no other case matches
//a value for $do, display the login form".
//We only send a value for $do in the action of the form, ie:login2.php?do=authenticate
include("login_form.inc");
}
?> |
|
Back to top |
|
|
MUGH8506 -
Joined: 14 Jun 2004 Posts: 72 Location: Hell
|
|
Back to top |
|
|
MUGH8506 -
Joined: 14 Jun 2004 Posts: 72 Location: Hell
|
Posted: Tue Jun 22, 2004 6:51 am Post subject: |
|
|
C:\Program Files\Abyss Web Server\htdocs\ _________________
http://www.trustabyss.com/ |
|
Back to top |
|
|
jonleow -
Joined: 29 Apr 2004 Posts: 48
|
Posted: Tue Jun 22, 2004 11:29 pm Post subject: |
|
|
ok...do you know how to make the protected pages prompt users for username and password when accessed? |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Tue Jun 22, 2004 11:40 pm Post subject: |
|
|
Abyss happens to offer access control... _________________ Bienvenidos! |
|
Back to top |
|
|
Dieu -
Joined: 22 Jun 2004 Posts: 22
|
Posted: Wed Jun 23, 2004 11:59 am Post subject: |
|
|
good |
|
Back to top |
|
|
kordian -
Joined: 06 Apr 2005 Posts: 2 Location: Poland
|
Posted: Wed Jun 22, 2005 7:04 am Post subject: |
|
|
how to usage this with form ? |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Jun 22, 2005 4:04 pm Post subject: |
|
|
If you want the password prompts then youll have to add usernames and protected directories from inside the abyss consoles.
However, I prefer the idea of a database because its so much more customizable and easier, although perhaps harder for beginners.
Why the author used a switch for 2 things I have no idea, I suppose it leaves room for implementation, but personally id have used some elseifs.
As to your question, yes, in the htdocs directory. _________________
|
|
Back to top |
|
|
|