|
|
|
|
Like this code?
Show the author your appreciation.
|
|
| |
Any good website needs authentions/username requirements for personalisation. In order to make the process simpler, here's an intigration of the authentication system with all the neccessary instructions.
For code, requirements and instructions check the file...
auth.inc
|
<?
//How this script works:
// Username and password are checked for authenticity.
// If success:
// Generate a MD5 string from TIME()
// Store that string in the database for that user
// Set that username, password, and string as a cookie on user's machine
// If failure:
// Log username and IP address to a file
//During subsequent page loads:
// Retrieve data stored in cookie
// Match all three fields stored in cookie with database info.
// If success:
// Page load may continue
// Otherwise user is presented with login form
//New user query: "insert into acl (username, password) VALUES ('theusername', encrypt('thepassword','theusername'));"
//Change password query: "update acl set password=encrypt('mypass','theusername') where username='theusername';"
// Database settings .. these must work!!
$db_hostname = 'localhost'; //Server where MySQL is running.
$db_user = 'john'; //Username to connect with.
$db_pass = 'yourpass'; //Password to connect with.
define( "DATABASE", "your_database" ); //Database name where table 'acl' is located.
//Logging defines. Comment out the following two lines for no logging.
define( "BASE_DIR", "/usr/local/myappdir" ); //Your site's base directory (outside of docroot)
define( "AUTH_LOG", BASE_DIR . "/logs/auth_log" ); //Filename/subdirectory of logfile. Make sure the file
// exists and is writeable by the owner of your webserver
// process. Usually 'nobody'.
//define( "IMAGE", "images/ourimage.jpg" ); //Image for the title page. Comment out the line for none.
define( "TITLE", "Please Login" ); //Title for the login page.
define( "EXPIRE", 14400 ); //Seconds until the cookie expires.
$bg_color = '#FFFFFF';
$text_color = '#000000';
$link_color = '#BC80C3';
$vlink_color = '#BC80C3';
$alink_color = '#9d9d9d';
function DisplayLoginForm ($err_string) {
require('htmldoc.inc');
global $THIS_URL;
global $bg_color;
global $text_color;
global $link_color;
global $vlink_color;
global $alink_color;
$html = new htmldoc();
$html->printheader( $bg_color, $text_color, $link_color, $vlink_color, $alink_color, TITLE );
?>
<CENTER>
<? if (defined("IMAGE")) { ?>
<IMG SRC="<? echo $root_url . IMAGE?>" BORDER="0">
<? } ?>
<BR><BR>
<FONT SIZE=+1 COLOR="#FF0000"><? echo $err_string ?></FONT>
<FORM NAME=login ACTION=<? echo $THIS_URL ?> METHOD=post>
<TABLE BORDER=0>
<TR>
<TD><B>Username:</B></TD>
<TD><INPUT NAME="username" TYPE="text" SIZE="10"></TD>
</TR>
<TR>
<TD><B>Password:</B></TD>
<TD><INPUT NAME="password" TYPE="password" SIZE="10"></TD>
</TR>
</TABLE>
<BR>
<INPUT TYPE="submit" VALUE="Log in">
</FORM>
<?
$html->printfooter();
exit;
}
function GenerateSecret ( $username, $encrypted_password ) {
$md5str = MD5( TIME() );
$cookie_val = "$username-$encrypted_password-$md5str";
setcookie( "php_mini_auth", $cookie_val, time()+EXPIRE);
$arg = "update acl set string='$md5str' where username='$username'";
$row = mysql_db_query( DATABASE, $arg );
}
function AuthenticateUser ( $username, $password ) {
global $ip;
global $host;
global $referer;
$arg = "select password, 1 as auth from acl where username='$username' and password=encrypt('$password','$username')";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
if ($row[auth]) {
if (defined( "AUTH_LOG" ))
error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authenticated\n", 3, AUTH_LOG);
GenerateSecret( $username, $row[password] );
}
else {
if (defined( "AUTH_LOG" ))
error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authentication failure\n", 3, AUTH_LOG);
DisplayLoginForm( "Please log in .." );
}
}
function AuthenticateCookie ( $cookie, $username, $password ) {
$cookie_var = split("-", $cookie);
$ck_username = $cookie_var[0];
$ck_password = $cookie_var[1];
$secret = $cookie_var[2];
$arg = "select 1 as auth from acl where username='$ck_username' and password='$ck_password' and string='$secret'";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
if (!($row[auth]))
AuthenticateUser ( $username, $password );
else return $ck_username;
}
mysql_connect($db_hostname,$db_user,$db_pass) or
die("Unable to connect to the SQL server...");
$THIS_URL=getenv("SCRIPT_NAME");
$ip = getenv("REMOTE_ADDR");
$host = getenv("REMOTE_HOST");
$referer = getenv("REMOTE_REFERER");
if ($php_mini_auth)
$username = AuthenticateCookie( $php_mini_auth, $username, $password );
else
if ($username)
AuthenticateUser( $username, $password );
else
DisplayLoginForm( "Please log in ..." );
$result = mysql_db_query( DATABASE,"SELECT * from acl WHERE username='$username'");
$row=mysql_fetch_row($result);
?> | |
htmldoc.inc
| <?
class htmldoc
{
//Class constructor.
function htmldoc()
{
return;
}
function printheader ( $bg_color, $text_color, $link_color, $vlink_color, $alink_color, $title )
{
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML><HEAD><TITLE><?php echo $title; ?></TITLE>
</HEAD>
<BODY bgcolor="<?php echo $bg_color; ?>"
text="<?php echo $text_color; ?>"
link="<?php echo $link_color; ?>"
vlink="<?php echo $vlink_color; ?>"
alink="<?php echo $alink_color; ?>">
<?
}
function starttimer ( $root_url )
{
?>
<META http-equiv="Refresh" content="1800;URL=<?php echo $root_url; ?>/logout.php3;TARGET=_top">
<?
}
function printfooter ()
{
?>
</BODY></HTML>
<?
}
}
?> | |
INSTALL
| *************************************************
* PHP Mini Auth *
*************************************************
**License:
This software is freely distributable under the GNU public license, a
copy of which you should have received with this software (in a file
called COPYING).
**General Information:
PHP Mini Auth is designed to be a "quick and easy" alternative to
something like PHPLIB. PHPLIB was too large for my needs, so I wrote this
instead. There is, however, no script to add/edit users (yet, anyway), so
you'll have to do this through the MySQL client for now.
It uses the MySQL 'encrypt()' function to encrypt and match passwords.
It uses the user's username as a salt. Once a match is confirmed, an MD5
checksum is generated and all three identifiers are set in a cookie on the
user's machine. Expiration time on the cookie is configurable.
This is a beatable authentication system. But it wouldn't be easy.
You'd basically have to either have access to the database or to the computer
with the cookie on it to be able to forge an authentication.
I run this on a multi-user system, but I run it on an SSL webserver.
If you're really worried about security, USE SSL!
**Required Software:
1. PHP 3.0.8 or greater, with a 3.22.x or newer version of MySQL.
PHP needs to be compiled with the --with-mysql option for
database connectivity to work. See the PHP documentation for more
information.
(see http://www.mysql.com and http://www.php.net)
1. Apache with PHP compiled in as a module.
(see http://www.apache.org and http://www.php.net for more info)
**Installation Instructions:
1. Copy auth.inc and htmldoc.inc to a directory *outside* of your html
document tree.
2. If you have a MySQL database already created that you wish to have
the ACL (access list) table created in, start the mysql client and
connect to the database.
Otherwise, you must create a database. See the MySQL documentation
for information on doing this.
Once you have the mysql client open and connected to the database
you want to use, issue the following command:
CREATE TABLE acl (
id int(16) DEFAULT '0' NOT NULL auto_increment,
username varchar(16) DEFAULT '' NOT NULL,
password varchar(16) DEFAULT '' NOT NULL,
staffname varchar(32) DEFAULT '' NOT NULL,
string varchar(100),
PRIMARY KEY (id)
);
Next, you must add a user. The command for this is:
INSERT INTO acl ( username, password ) VALUES ( 'the_username', encrypt('the_password','the_username') );
alternatively, if you want to use the 'staffname' field, or some other field that you add on your own:
INSERT INTO acl ( username, password, staffname ) VALUES ( 'the_username', encrypt('the_password','the_username'), 'John Soandso' );
3. Here's where you need to make a decision. You have two ways of making
this script "work" with your website.
"Every single page on this server or virtual host is private and
must be password protected!!"
If this is your case, add a line inside your <VirtualHost> directive
like this, and then restart Apache:
php3_auto_prepend_file /path/to/auth.inc
This is very useful. It will automatically prepend the auth script
to every php document requested through this virtual host. Everything
is protected. This is the way I *reccomend* doing it.
"But I only need some pages to be private!"
Ok.. then you have to put the following line inside of every php
document you want protected.
<? require('/path/to/auth.inc'); ?>
4. Next, edit the auth.inc file and change the variables near the top of
the script. Then do:
chmod 755 auth.inc htmldoc.inc
And you should be ready to rip!
Good luck! | |
|
|
| Full membership authentication system.
Categories : Authentication, MySQL, PHP, Databases | | | bookmarker - PHP, PHPLIB, MySQL WWW based bookmark manager
Categories : MySQL, PHP, MySQL, Complete Programs, Databases | | | PHP4 AND MySQL Authentication
Categories : PHP, MySQL, Authentication, Databases | | | Authorize Me! An authentication script.
Categories : MySQL, Databases, Authentication, PHP | | | Implementing a "Members ONLY" area
Categories : PHP, MySQL, Databases, Authentication | | | This program allows you to upload an ODBC ressource - i.e. an MS-Access database to a MySQL server.
Categories : Databases, MySQL, Complete Programs, PHP, Databases | | | complete, simple, working example of a login screen/system using php functions, cookies, and a mysql database for begginers.
Categories : Authentication, Complete Programs, PHP, MySQL, Databases | | | I`d like to use the mysql_fetch_row function along with a "randomizer"
function that would give me a random result from a mySQL table.
Categories : General SQL, MySQL, PHP, Databases | | | Simple database class
Categories : PHP, PHP Classes, MySQL, Databases | | | This is a PHP/mySQL based Photo Album I wrote because I had too much
time on my hands and even more photographs online.
Categories : PHP, MySQL, Databases, HTML and PHP | | | Finds the median in an array of numbers - Can be used with a MySql database column read into an array
Categories : PHP, Arrays, Databases, MySQL | | | AJAX Data Grid System using php and mysql. A complete login system with the ability to display data in a grid using ajax. Add , update and delete the records without reloading the page.
Categories : PHP, AJAX, Databases, MySQL, Java Script | | | This program will take data from a user via a web based form, validate it, show it
to the user for re-validation, and finally insert it into the database. Plenty of
sanity checking on the fields in the form.
Categories : MySQL, HTML and PHP, PHP, Complete Programs, Databases | | | Message of the Day - Random Message (Needs MySQL!)
Categories : Databases, HTML and PHP, PHP, MySQL | | | Simple usersOnline class - keep track of how many users are online on your site
Categories : PHP, PHP Classes, Databases, MySQL | |
| | | | mark wilson wrote :1875
This is a very interesting solution. I've installed and
configured it on my site, but i just seems to reload the
login page. I've tested my variables and all seem to
function when used manually (i.e. conecting, selecting
from db). Should there be a separate file to load _after_
authentication? My log file is also empty although it is
findable and writable by the webserver user.
How can i work through this to debug it?
Thanks
| |
|
|
