User Management Code

  Home arrow User Management Code arrow Extended password control
USER MANAGEMENT CODE

Extended password control
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2002-01-18

    Table of Contents:

     
     

    SEARCH CODEWALKERS

    This snippet allows username/password authentication to be checked against a MYSQL database. The username/password combination could be entered via a form, standard HTTP authentication or a cookie.

    By : ramkat

    <?php
    # This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause
    # Report bugs via the zend pages at www.zend.com

    # If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password!
    # Required - sometimes you want to show a page whether user is logged in or not to know which message to send.

    # Password checking via
    # 1 Form input
    # 2 HTTP input
    # 3 Cookie return
    # Cookie set at end to last 1 year
    # 1 overides 2 overrides 3

    # Variables for form:
    # f_userID User ID
    # f_pass Password
    # rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no)


    $logged_in = false;

    # Function to request http password.

    function http_pass(){
    GLOBAL $pass_stop;

    if ($pass_stop != 1){
    $unauthstring = "You did not enter a valid Username/Password combination<p>If
    you believe that this is an error, please contact the <a
    href=\"mailto:you@somewhere.co.za\">webmaster</a>\n";

    Header("WWW-Authenticate: Basic realm=\"Registered users Only\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "$unauthstring"; exit;
    } # if ($pass_stop == 1)
    } # end function http_pass

    # set some control variables

    $userID = '';
    $passwd = '';
    $userstat = '';



    # Is form variable set?
    # if so set process variables and skip http and cookies

    if ((isset($f_userID)) && (isset($f_pass))) {
    $userID = $f_userID;
    $passwd = $f_pass;
    $userstat = 1;

    } # end ((isset($f_userID) && isset($f_pass))


    # Is HTTP variable set?
    # if so set process variables and skip cookies


    if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) {
    $userID = $PHP_AUTH_USER;
    $passwd = $PHP_AUTH_PW;
    $userstat = 1;

    } # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == ''))


    # Is Cookie variable set?
    # if so set process variables

    if (isset($download) && ($userstat == '')) {
    $tt1 = explode("|",$download);
    $userID = $tt1[0];
    $passwd = $tt1[1];
    $userstat = 1;

    } # end ((isset($download) && ($userstat == ''))

    # If no username or password - ask for it! And exit

    if ($userstat == '')
    {http_pass(); }



    # Now we should have a username/password combination
    # is it valid??

    # Connect to DB
    $db = mysql_connect("localhost", "root", "");

    if ( mysql_select_db("userDB",$db) ) {
    # Connect Ok
    ;
    } else {

    echo "Failed to connect to database<p>";exit;};

    # get data from DB
    $query = "SELECT * FROM users WHERE uname = '$userID'";

    $result = mysql_query($query);

    if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED<p> result= $result<br> sql = $query <p>";};

    if ($memberrow = mysql_fetch_array($result)) {

    $dbpasswd = $memberrow["passwd"];
    $userpasswd = md5($passwd);

    if (!$userid) { $userid= $memberrow["uname"]; } ;

    if ($dbpasswd != $userpasswd) {http_pass();} #End
    if ($dbpasswd == $userpasswd) {$logged_in=true;}


    } # End if (!$userid) { $userid= $memberrow["uname"]; }

    else

    {
    http_pass;} #Ende else memberrow


    # Now we know who this guy is!

    # Set cookie for future
    # If not set - did he give permission?
    # If set, rewrite with new expiry date

    $cookie_value = $userID.'|'.$passwd;

    if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days
    $download= $cookie_value;
    }
    ?>

    #Use this form snippet to provide the user with a login screen.

    <?php
    include('Code_Above');
    # Login insert
    ?>

    <form action="<?php echo $PHP_SELF; ?>" method="POST">
    <table border=0 cellpadding=3 cellspacing=3>
    <tr><td>Username:</td><td><input size="20" name="f_userID"></td></tr>
    <tr><td>Password:</td><td><input size="20" name="f_passwd"></td></tr>
    <tr><td colspan=2><input type="submit" value="login"></td></tr>
    </table>
    </form>
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

    blog comments powered by Disqus

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication

    Developer Shed Affiliates

     



    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap