|
|
|
|
Like this code?
Show the author your appreciation.
|
|
| |
Any good website needs authentions/username requirements for personalisation. In order to make the process simpler, here's an intigration of the authentication system with all the neccessary instructions.
For code, requirements and instructions check the file...
auth.inc
|
<?
//How this script works:
// Username and password are checked for authenticity.
// If success:
// Generate a MD5 string from TIME()
// Store that string in the database for that user
// Set that username, password, and string as a cookie on user's machine
// If failure:
// Log username and IP address to a file
//During subsequent page loads:
// Retrieve data stored in cookie
// Match all three fields stored in cookie with database info.
// If success:
// Page load may continue
// Otherwise user is presented with login form
//New user query: "insert into acl (username, password) VALUES ('theusername', encrypt('thepassword','theusername'));"
//Change password query: "update acl set password=encrypt('mypass','theusername') where username='theusername';"
// Database settings .. these must work!!
$db_hostname = 'localhost'; //Server where MySQL is running.
$db_user = 'john'; //Username to connect with.
$db_pass = 'yourpass'; //Password to connect with.
define( "DATABASE", "your_database" ); //Database name where table 'acl' is located.
//Logging defines. Comment out the following two lines for no logging.
define( "BASE_DIR", "/usr/local/myappdir" ); //Your site's base directory (outside of docroot)
define( "AUTH_LOG", BASE_DIR . "/logs/auth_log" ); //Filename/subdirectory of logfile. Make sure the file
// exists and is writeable by the owner of your webserver
// process. Usually 'nobody'.
//define( "IMAGE", "images/ourimage.jpg" ); //Image for the title page. Comment out the line for none.
define( "TITLE", "Please Login" ); //Title for the login page.
define( "EXPIRE", 14400 ); //Seconds until the cookie expires.
$bg_color = '#FFFFFF';
$text_color = '#000000';
$link_color = '#BC80C3';
$vlink_color = '#BC80C3';
$alink_color = '#9d9d9d';
function DisplayLoginForm ($err_string) {
require('htmldoc.inc');
global $THIS_URL;
global $bg_color;
global $text_color;
global $link_color;
global $vlink_color;
global $alink_color;
$html = new htmldoc();
$html->printheader( $bg_color, $text_color, $link_color, $vlink_color, $alink_color, TITLE );
?>
<CENTER>
<? if (defined("IMAGE")) { ?>
<IMG SRC="<? echo $root_url . IMAGE?>" BORDER="0">
<? } ?>
<BR><BR>
<FONT SIZE=+1 COLOR="#FF0000"><? echo $err_string ?></FONT>
<FORM NAME=login ACTION=<? echo $THIS_URL ?> METHOD=post>
<TABLE BORDER=0>
<TR>
<TD><B>Username:</B></TD>
<TD><INPUT NAME="username" TYPE="text" SIZE="10"></TD>
</TR>
<TR>
<TD><B>Password:</B></TD>
<TD><INPUT NAME="password" TYPE="password" SIZE="10"></TD>
</TR>
</TABLE>
<BR>
<INPUT TYPE="submit" VALUE="Log in">
</FORM>
<?
$html->printfooter();
exit;
}
function GenerateSecret ( $username, $encrypted_password ) {
$md5str = MD5( TIME() );
$cookie_val = "$username-$encrypted_password-$md5str";
setcookie( "php_mini_auth", $cookie_val, time()+EXPIRE);
$arg = "update acl set string='$md5str' where username='$username'";
$row = mysql_db_query( DATABASE, $arg );
}
function AuthenticateUser ( $username, $password ) {
global $ip;
global $host;
global $referer;
$arg = "select password, 1 as auth from acl where username='$username' and password=encrypt('$password','$username')";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
if ($row[auth]) {
if (defined( "AUTH_LOG" ))
error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authenticated\n", 3, AUTH_LOG);
GenerateSecret( $username, $row[password] );
}
else {
if (defined( "AUTH_LOG" ))
error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authentication failure\n", 3, AUTH_LOG);
DisplayLoginForm( "Please log in .." );
}
}
function AuthenticateCookie ( $cookie, $username, $password ) {
$cookie_var = split("-", $cookie);
$ck_username = $cookie_var[0];
$ck_password = $cookie_var[1];
$secret = $cookie_var[2];
$arg = "select 1 as auth from acl where username='$ck_username' and password='$ck_password' and string='$secret'";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
if (!($row[auth]))
AuthenticateUser ( $username, $password );
else return $ck_username;
}
mysql_connect($db_hostname,$db_user,$db_pass) or
die("Unable to connect to the SQL server...");
$THIS_URL=getenv("SCRIPT_NAME");
$ip = getenv("REMOTE_ADDR");
$host = getenv("REMOTE_HOST");
$referer = getenv("REMOTE_REFERER");
if ($php_mini_auth)
$username = AuthenticateCookie( $php_mini_auth, $username, $password );
else
if ($username)
AuthenticateUser( $username, $password );
else
DisplayLoginForm( "Please log in ..." );
$result = mysql_db_query( DATABASE,"SELECT * from acl WHERE username='$username'");
$row=mysql_fetch_row($result);
?> | |
htmldoc.inc
| <?
class htmldoc
{
//Class constructor.
function htmldoc()
{
return;
}
function printheader ( $bg_color, $text_color, $link_color, $vlink_color, $alink_color, $title )
{
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML><HEAD><TITLE><?php echo $title; ?></TITLE>
</HEAD>
<BODY bgcolor="<?php echo $bg_color; ?>"
text="<?php echo $text_color; ?>"
link="<?php echo $link_color; ?>"
vlink="<?php echo $vlink_color; ?>"
alink="<?php echo $alink_color; ?>">
<?
}
function starttimer ( $root_url )
{
?>
<META http-equiv="Refresh" content="1800;URL=<?php echo $root_url; ?>/logout.php3;TARGET=_top">
<?
}
function printfooter ()
{
?>
</BODY></HTML>
<?
}
}
?> | |
INSTALL
| *************************************************
* PHP Mini Auth *
*************************************************
**License:
This software is freely distributable under the GNU public license, a
copy of which you should have received with this software (in a file
called COPYING).
**General Information:
PHP Mini Auth is designed to be a "quick and easy" alternative to
something like PHPLIB. PHPLIB was too large for my needs, so I wrote this
instead. There is, however, no script to add/edit users (yet, anyway), so
you'll have to do this through the MySQL client for now.
It uses the MySQL 'encrypt()' function to encrypt and match passwords.
It uses the user's username as a salt. Once a match is confirmed, an MD5
checksum is generated and all three identifiers are set in a cookie on the
user's machine. Expiration time on the cookie is configurable.
This is a beatable authentication system. But it wouldn't be easy.
You'd basically have to either have access to the database or to the computer
with the cookie on it to be able to forge an authentication.
I run this on a multi-user system, but I run it on an SSL webserver.
If you're really worried about security, USE SSL!
**Required Software:
1. PHP 3.0.8 or greater, with a 3.22.x or newer version of MySQL.
PHP needs to be compiled with the --with-mysql option for
database connectivity to work. See the PHP documentation for more
information.
(see http://www.mysql.com and http://www.php.net)
1. Apache with PHP compiled in as a module.
(see http://www.apache.org and http://www.php.net for more info)
**Installation Instructions:
1. Copy auth.inc and htmldoc.inc to a directory *outside* of your html
document tree.
2. If you have a MySQL database already created that you wish to have
the ACL (access list) table created in, start the mysql client and
connect to the database.
Otherwise, you must create a database. See the MySQL documentation
for information on doing this.
Once you have the mysql client open and connected to the database
you want to use, issue the following command:
CREATE TABLE acl (
id int(16) DEFAULT '0' NOT NULL auto_increment,
username varchar(16) DEFAULT '' NOT NULL,
password varchar(16) DEFAULT '' NOT NULL,
staffname varchar(32) DEFAULT '' NOT NULL,
string varchar(100),
PRIMARY KEY (id)
);
Next, you must add a user. The command for this is:
INSERT INTO acl ( username, password ) VALUES ( 'the_username', encrypt('the_password','the_username') );
alternatively, if you want to use the 'staffname' field, or some other field that you add on your own:
INSERT INTO acl ( username, password, staffname ) VALUES ( 'the_username', encrypt('the_password','the_username'), 'John Soandso' );
3. Here's where you need to make a decision. You have two ways of making
this script "work" with your website.
"Every single page on this server or virtual host is private and
must be password protected!!"
If this is your case, add a line inside your <VirtualHost> directive
like this, and then restart Apache:
php3_auto_prepend_file /path/to/auth.inc
This is very useful. It will automatically prepend the auth script
to every php document requested through this virtual host. Everything
is protected. This is the way I *reccomend* doing it.
"But I only need some pages to be private!"
Ok.. then you have to put the following line inside of every php
document you want protected.
<? require('/path/to/auth.inc'); ?>
4. Next, edit the auth.inc file and change the variables near the top of
the script. Then do:
chmod 755 auth.inc htmldoc.inc
And you should be ready to rip!
Good luck! | |
|
|
| PHP4 AND MySQL Authentication
Categories : PHP, MySQL, Authentication, Databases | | | Full membership authentication system.
Categories : Authentication, MySQL, PHP, Databases | | | complete, simple, working example of a login screen/system using php functions, cookies, and a mysql database for begginers.
Categories : Authentication, Complete Programs, PHP, MySQL, Databases | | | Authorize Me! An authentication script.
Categories : MySQL, Databases, Authentication, PHP | | | bookmarker - PHP, PHPLIB, MySQL WWW based bookmark manager
Categories : MySQL, PHP, MySQL, Complete Programs, Databases | | | This program allows you to upload an ODBC ressource - i.e. an MS-Access database to a MySQL server.
Categories : Databases, MySQL, Complete Programs, PHP, Databases | | | Implementing a "Members ONLY" area
Categories : PHP, MySQL, Databases, Authentication | | | Identify and log search engine access (spiders, robots, etc.) to a page.
Categories : HTTP, Environment Variables, PHP, MySQL, Databases | | | A simple script to count and report hits and the last
modification time of an HTML page. Requires MySQL support
(other DBs should work too, except possibly mSQL).
Categories : HTTP, MySQL, PHP, Databases | | | create a grid out of <INPUT TYPE=TEXT> then saving to a database. Uses
a 'multi-dimension array', but not really as the array is just one big array
with the index of "[$i][$j]". Have a look at the code and you'll see what I
mean.
Categories : PHP, MySQL, Arrays, Databases | | | Password reminder
Categories : PHP, PHP Classes, Databases, MySQL, Mail | | | Password protection for Phorum 3.1.x with userlevels and log.
Categories : PHP, MySQL, Authentication, Security | | | mediaCat-GTK v2.0.0 - an mp3/cd/dvd cataloging utility written in php-gtk which interfaces with mysql and ms access (or db supported by PHP's Unified ODBC Functions)
Categories : PHP, MySQL, MS Access, Utilities, Databases | | | Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0
Categories : PHP, Sessions, Databases, MySQL | | | Pull Down Surfing - Surf on Change
Categories : Java Script, MySQL, HTML and PHP, PHP, Databases | |
| | | | mark wilson wrote :1875
This is a very interesting solution. I've installed and
configured it on my site, but i just seems to reload the
login page. I've tested my variables and all seem to
function when used manually (i.e. conecting, selecting
from db). Should there be a separate file to load _after_
authentication? My log file is also empty although it is
findable and writable by the webserver user.
How can i work through this to debug it?
Thanks
| |
|
|
