PEAR Articles

  Home arrow PEAR Articles arrow User Authentication for a PEAR CMS
PEAR ARTICLES

User Authentication for a PEAR CMS
By: David Web
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-10-15

    Table of Contents:
  • User Authentication for a PEAR CMS
  • Code Explained
  • String or Numeric
  • Granting Access to the CMS

  •  
     

    SEARCH CODEWALKERS

    User Authentication for a PEAR CMS


    (Page 1 of 4 )

    Welcome to the fifth part of a twelve-part series on building a content management system in PEAR. In the last article we looked at some of the application-wide scripts, in other words, scripts that are used by all of the application. In this article we will explore some of the scripts that deal with different sections of the entire application.

    User authentication

    User authentication in an application such as this is necessary because it provides a way to keep track of who uses the application. It can also be understood as a security measure because you do not want just anyone to use the application and make changes. To make sure that a user is authenticated, we require a password and username. This by implication means that anyone who wants to use this content management system needs to be registered and already be in the database.

    The process of authentication works as follows: the user is presented with a HTML form that collects all the required information, which in this case is the username and password. This information is then used to match against information that is held in a database. If the information is also found in the database, the user exists, so we let them to use the CMS; otherwise, the user is returned to the login page. Below is the relevant code:

    <?php

    ob_start();

    session_start();

    $err=false;

    $error="";

    //check if form is submitted

    if(isset($_POST['key'])){


    //make sure fields are not empty

    if(empty($_POST['uname'])){

    $err=true;

    $error="Please enter a username.<br>";

    }

    if(empty($_POST['upass'])){

    $err=true;

    $error .="Please enter a password.<br>";


    }

    //make sure fields are string

    if(is_numeric($_POST['uname'])){

    $err=true;

    $error .="The username you entered has a invalid format.<br>";


    }

    if(is_numeric($_POST['upass'])){

    $err=true;

    $error .="The password that you entered has an invalid format<br>.";


    }

    //***************************************************************

    if(!$err){

    include 'db.php';

    include 'connx.php';


    $username=mysql_real_escape_string($_POST['uname']);

    $pw=mysql_real_escape_string($_POST['upass']);


    $sql = "SELECT * FROM users WHERE uname='".$username."' AND upass='".$pw."'";

    $res = $db->query($sql);


    if (DB::isError($res)) {

    die($res->getMessage());

    }


    //***********************************************************


    if($res){

    while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {

    $level=$row->level;

    }//end while loop

    //******************************************Set up Session vars

    //user exists, setup session vars

    $_SESSION['author_name'] = $username;

    $_SESSION['level']=$level;

    header("location:main.php");

    }//end res check

    else{

    //user does not exist

    $error = "Your login details did not match";

    }



    }//end err check




    }//end submit

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/main.dwt.php" codeOutsideHTMLIsLocked="false" -->

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    <!-- InstanceBeginEditable name="doctitle" -->

    <title>Untitled Document</title>

    <script language="javascript" type="text/javascript">

    function checkform(pform1){

    if(pform1.uname.value==""){

    alert("Please enter a username")

    pform1.uname.focus()

    return false

    }


    if(pform1.upass.value==""){

    alert("Please enter a password")

    pform1.pw.focus()

    return false

    }


    if(pform1.pw.value=="" && pform1.uname.value==""){

    alert("Please make sure that you have entered your username and password")

    return false

    }

    return true

    }

    </script>

    <!-- InstanceEndEditable -->

    <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->

    <link href="Templates/pear.css" rel="stylesheet" type="text/css" />

    </head>


    <body>

    <table width="100%" border="0" class="bord">

    <tr class="header1">

    <td colspan="2"><div align="center">Content Management System </div></td>

    </tr>

    <tr>

    <td width="5%" valign="top"><!-- InstanceBeginEditable name="EditRegion4" --><!-- InstanceEndEditable --></td>

    <td width="95%" valign="top"><!-- InstanceBeginEditable name="EditRegion3" -->

    <form action="login.php" method="post" onSubmit="return checkform(this)">>

    <table width="100%" border="0">

    <tr>

    <td colspan="2"><?php if($error){

    echo $error;

    }?></td>

    </tr>

    <tr>

    <td width="15%"><strong>Username</strong></td>

    <td width="85%"><label>

    <input name="uname" type="text" size="40" value="david"/>

    </label></td>

    </tr>

    <tr>

    <td><strong>Password</strong></td>

    <td><label>

    <input name="upass" type="password" value="pass" size="40" />

    <input type="hidden" name="key" />

    </label></td>

    </tr>

    <tr>

    <td>&nbsp;</td>

    <td><label>

    <input type="submit" name="Submit" value="Login" />

    </label></td>

    </tr>

    </table>

     

     

    </form>

    <!-- InstanceEndEditable --></td>

    </tr>

     

    <tr class="copy">

    <td colspan="2">&copy;2008</td>

    </tr>

    </table>

    </body>

    <!-- InstanceEnd --></html>

    More PEAR Articles Articles
    More By David Web

    blog comments powered by Disqus

    PEAR ARTICLES ARTICLES

    - Installing PEAR
    - PEAR: an Introduction
    - Managing robots.txt using PHP: Generating Dy...
    - Deleting Authors from a PEAR Content Managem...
    - PEAR CMS: Index and Delete Scripts
    - Listing Articles for a PEAR Content Manageme...
    - Building an Authors Page for a PEAR CMS
    - Building the View Details Page in a PEAR CMS
    - Creating the Main Pages of a PEAR CMS
    - Completing the Login Script for a PEAR CMS
    - User Authentication for a PEAR CMS
    - A PEAR CMS: Examining the Code
    - Building a Content Management System with PE...
    - Installing a PEAR Package
    - My PEAR: The Beginning

    Developer Shed Affiliates

     



    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap