Php / Mysql User Authentication

**mvital** · October 18th, 2003, 9:24 AM

To begin with, we will help you create the database that we will use to authenticate off of. Keep in mind, this is a very simple tutorial and there are many other ways for you to do this. Obviously, you'll need MySQL up and running on your machine and know a bit about how to use it. If you don't know how to use MySQL yet, poke around on the net and look for an introduction. I'm sure there is one somewhere.

So, now that we have it up and running and ready to go, get to the mysql> prompt, get into the databse that you want to use (use <database>) and type in the following:

CREATE TABLE user (
name VARCHAR (20),
password VARCHAR (20),
ID INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY (ID));

This will create a table with a name field for the username and a password field, well, for the password. Right now, we will not worry with encrypting the password or anything. It will just be plain text in there, viewable to anyone that can view the database. You can change this later very easily if you want, just encrypt it somehow.

Now, on to more important matters - how do I get the user's input? Easy. Just whip up a little form that will do the work for you. Here's a sample example for you: (this one includes a table around the form to make it look nice)

<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td> </td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>

This form has spots for a username and a password with text boxes for both of them. The last form item is the "submit" button. This allows the user to send off the information when they have completed the form. Now, you'll notice that not only does that button have a name of "submit" but that the form also references the same page with the <?echo $PHP_SELF ?>. This allows you to do the authentication on the same page as the form, reducing the number of pages required on the site.

Next, we come to the actual script for the authentication. It's relatively simple, especially if you have any experience with pulling information from a MySQL database.

Here's some sample code for you to work with:
if ($submit) {
$db=mysql_connect("localhost","user") or die ("cant connect");
mysql_select_db("database",$db) or die ("cant change");
$result=mysql_query("select * from users where name='$username'",$db) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["password"]==$password) {
printf("Successfully Logged In!<a href=\"default.php?\"'>Click Here</a>");
}
}
}

Now, let's take a look at this script. The first few lines are what you use to tell the PHP what connection, database and table to look in. The first line makes the connection to the MySQL database and assigns that connection to $db. The next line chooses the database on the server using that connection. And the third line is the part that actually does the query. It looks for all of the records that have the value for $username in their "name" field from the form.

The next section takes those results and checks them against the user input. It gets the "password" field for the record selected and checks it against the user input. If they match, the link will take them to a valid logged in page.

It's that easy! I hope that this tutorial has provided you with a bit of an idea on how to create a user validation form, and again, I know that it is not the most comprehensive, but it is simply an introduction to the idea behind authenticating from a database.

:surmunity:

**AlexH** · October 18th, 2003, 12:36 PM

For those of you who don't have SSH access, can create their database by creating a file called createdb.php. In this file place the following code:

Code:

<?php
$link = mysql_connect("localhost", "cpanelusername_mysqlusername", "cpanelusername_mysqlpassword") or die(mysql_error());
mysql_select_db("cpanelusername_mysqldatabase", $link) or die(mysql_error());
$query = mysql_query("CREATE TABLE 'user' ( 'name' VARCHAR (20), 'password' VARCHAR (20), 'ID' INT NOT NULL AUTO_INCREMENT, PRIMARY KEY (ID))", $link) or die(mysql_error());
if ($query) echo "Table Created";
?>

Be sure to change cpanel_username to the username that you open cPanel with, mysqlusername to the user that you created for this database, mysqlpassword with the password for that user, and mysqldatabase with the name of the database that this user has access to. Run this script in your browser. If it gives you a message saying Table Created the creation was successful. Once it is created, DELETE THIS FILE IMMEDIATELY, by not deleting it, you are leaving a large security whole open.

October 18th, 2003, 9:24 AM	#1 (permalink)
mvital Surpass Fan Seasoned Poster Joined in Sep 2003 Lives in LISBON - Portugal Hosted on VITAL 47 posts Gave thanks: 1 Thanked 1 Time in 1 Post	To begin with, we will help you create the database that we will use to authenticate off of. Keep in mind, this is a very simple tutorial and there are many other ways for you to do this. Obviously, you'll need MySQL up and running on your machine and know a bit about how to use it. If you don't know how to use MySQL yet, poke around on the net and look for an introduction. I'm sure there is one somewhere. So, now that we have it up and running and ready to go, get to the mysql> prompt, get into the databse that you want to use (use <database>) and type in the following: CREATE TABLE user ( name VARCHAR (20), password VARCHAR (20), ID INT NOT NULL AUTO_INCREMENT, PRIMARY KEY (ID)); This will create a table with a name field for the username and a password field, well, for the password. Right now, we will not worry with encrypting the password or anything. It will just be plain text in there, viewable to anyone that can view the database. You can change this later very easily if you want, just encrypt it somehow. Now, on to more important matters - how do I get the user's input? Easy. Just whip up a little form that will do the work for you. Here's a sample example for you: (this one includes a table around the form to make it look nice) <form method=post action="<?echo $PHP_SELF?>"> <table cellpadding=2 cellspacing=0 border=0> <td>Username:</td><td><input type="text" name="username" size=10></td><tr> <td>Password:</td><td><input type="password" name="password" size=10></td><tr> <td> </td><td><input type="submit" name="submit" value="Log In"></td> </table></form> This form has spots for a username and a password with text boxes for both of them. The last form item is the "submit" button. This allows the user to send off the information when they have completed the form. Now, you'll notice that not only does that button have a name of "submit" but that the form also references the same page with the <?echo $PHP_SELF ?>. This allows you to do the authentication on the same page as the form, reducing the number of pages required on the site. Next, we come to the actual script for the authentication. It's relatively simple, especially if you have any experience with pulling information from a MySQL database. Here's some sample code for you to work with: if ($submit) { $db=mysql_connect("localhost","user") or die ("cant connect"); mysql_select_db("database",$db) or die ("cant change"); $result=mysql_query("select * from users where name='$username'",$db) or die ("cant do it"); while ($row=mysql_fetch_array($result)) { if ($row["password"]==$password) { printf("Successfully Logged In!<a href=\"default.php?\"'>Click Here</a>"); } } } Now, let's take a look at this script. The first few lines are what you use to tell the PHP what connection, database and table to look in. The first line makes the connection to the MySQL database and assigns that connection to $db. The next line chooses the database on the server using that connection. And the third line is the part that actually does the query. It looks for all of the records that have the value for $username in their "name" field from the form. The next section takes those results and checks them against the user input. It gets the "password" field for the record selected and checks it against the user input. If they match, the link will take them to a valid logged in page. It's that easy! I hope that this tutorial has provided you with a bit of an idea on how to create a user validation form, and again, I know that it is not the most comprehensive, but it is simply an introduction to the idea behind authenticating from a database. :surmunity: __________________ ----------------------------------------------------------------------- Mário Vital Design Online WebHosting Do Host WebHosting Design Online Templates Cheap Web Templates server: vital.do-host.com -----------------------------------------------------------------------

October 18th, 2003, 12:36 PM	#2 (permalink)
AlexH Peaches! Excelling Contributor Joined in Jul 2003 Lives in Ottawa, Ontario, Canada Hosted on Jose, Pass19 564 posts Gave thanks: 0 Thanked 0 times	For those of you who don't have SSH access, can create their database by creating a file called createdb.php. In this file place the following code: Code: <?php $link = mysql_connect("localhost", "cpanelusername_mysqlusername", "cpanelusername_mysqlpassword") or die(mysql_error()); mysql_select_db("cpanelusername_mysqldatabase", $link) or die(mysql_error()); $query = mysql_query("CREATE TABLE 'user' ( 'name' VARCHAR (20), 'password' VARCHAR (20), 'ID' INT NOT NULL AUTO_INCREMENT, PRIMARY KEY (ID))", $link) or die(mysql_error()); if ($query) echo "Table Created"; ?> Be sure to change cpanel_username to the username that you open cPanel with, mysqlusername to the user that you created for this database, mysqlpassword with the password for that user, and mysqldatabase with the name of the database that this user has access to. Run this script in your browser. If it gives you a message saying Table Created the creation was successful. Once it is created, DELETE THIS FILE IMMEDIATELY, by not deleting it, you are leaving a large security whole open. __________________ alex.honeywell [ seigousei.net - pass19, binuweb.com - jose ]

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)