PHP User Auth Script

blcox4

Does any one have or know where I can find a good php user auth script what will work on a W2K system using IIS4 with PHP 4.3.1 and MySql 3.23.

Thanks
-B

autumn

can't remember where I orginally got this from, but I use it all the time for password protecting pages. Sorry if it's a bit messy.

<?

//New user query: "insert into yoga_members (username, password) VALUES ('theusername', encrypt('thepassword','theusername'));"
//Change password query: "update yoga_members set password=encrypt('mypass','theusername'),pas='mypass' where username='theusername';"

// Database settings .. these must work!!
$db_hostname     = 'localhost';						//Server where MySQL is running.
$db_user         = '---------';						//Username to connect with.
$db_pass         = '---------';						//Password to connect with.

define( "DATABASE", "dbname" );					//Database name where table 'acl' is located.


//define( "IMAGE", "images/ourimage.jpg" );			//Image for the title page. Comment out the line for none.
define( "TITLE", "Please Login" );				//Title for the login page.
define( "EXPIRE", 30000 );					//Seconds until the cookie expires.


function DisplayLoginForm () {


Header("Location: templogin.php?error=1");

exit;

}

function GenerateSecret ( $username, $encrypted_password ) {

$exp = 60 * 60 * 24;
$md5str = MD5( TIME() );
$cookie_val = "$username-$encrypted_password-$md5str";
setcookie("yoga_auth", $cookie_val, time()+$exp);
$arg = "update yoga_members set string='$md5str' where username='$username'";
$row = mysql_db_query( DATABASE, $arg );

}

function AuthenticateUser ( $username, $password ) {

$arg = "select password, 1 as auth from yoga_members where username='$username' and password=encrypt('$password','$username')";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));

if ($row[auth]) {

	GenerateSecret($username,$row[password]);
	}
	else {
	DisplayLoginForm();
	}
}

function AuthenticateCookie ( $cookie, $username, $password ) {

$cookie_var = split("-", $cookie);
$ck_username = $cookie_var[0];
$ck_password = $cookie_var[1];
$secret = $cookie_var[2];

$arg = "select 1 as auth from yoga_members where username='$ck_username' and password='$ck_password' and string='$secret'";
$row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));

if (!($row[auth]))
	AuthenticateUser ( $username, $password );
	else return $ck_username;

}

mysql_connect($db_hostname,$db_user,$db_pass) or 
   die("Unable to connect to the SQL server...");



$yoga_auth = $HTTP_COOKIE_VARS["yoga_auth"];

if ($yoga_auth){
  $username = AuthenticateCookie( $yoga_auth, $username, $password );
	}else if ($username){
		AuthenticateUser( $username, $password );

}else{
		DisplayLoginForm();
}

	// get client name
$client_result = mysql_db_query( DATABASE,"SELECT * from members WHERE username='$username'");
$rez=mysql_fetch_array($client_result);
$mem_id = $rez["id"];
$client_ysid = $rez["ysid"];




?>