Best way to authenticate a user.

iTZKooPA

I need to be able to access the database (MySQL) through the web and update it. I was wondering what the best way to have a user login would be. Obviously passing it through the url would be a bad idea, is there any way I can hide or mask that?

Or is there just a better way in general? I am new to PHP and MySQL so easy would be good but I know for such a topic it may not be done easily.

tomhath

It depends on what you need to do. If phpmyadmin is enough, check this thread:

http://www.phpbuilder.com/board/showthread.php?threadid=10286669&highlight=blowfish

iTZKooPA

I need to have it webbased.

tomhath

Phpmyadmin is a web application.

But if you mean you need it to be part of your own app, the answer depends on how valuable the data is. For many sites, simple Basic Authentication is probably enough. A google search will turn up dozens of tutorials.

http://www.zend.com/zend/tut/authentication.php
http://www.zend.com/manual/features.http-auth.php

If the data is sensitive (financial, personal, etc) you can go all the way to HTTPS and certificates.

http://www.freebsddiary.org/openssl-client-authentication.php

iTZKooPA

Thanks this stuff looks great, I musta been searching with bad keywords. I'll let ya know how it works later on.

iTZKooPA

Ok well I selected the hardcoded method because the information isn't delicate in the least and also there is only going to be two users so its pretty easy.

After a success it is supposed to redirect to the admin page but it isn't.

Currently the Autherization file looks as follows:


<?php

if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW)) 
	     || ( $PHP_AUTH_USER != 'root' )  ) {
	// || ( $PHP_AUTH_PW != 'open' ) should be after the root check once a pw is actually set
	    header( 'WWW-Authenticate: Basic realm="Private"' );
	    header( 'HTTP/1.0 401 Unauthorized' );
	    echo 'Authorization Required.';
	    exit;

} else {

   header('Location: [url]http://localhost/PHP/jobs.v0.2.php[/url]');

}
?>

Upon inputting root as the username it just sits at loading the localhost, when all its supposed to do is redirect to the jobs page. Any ideas?

tomhath

The $PHP_AUTH_* variables won't be set if you have register_globals off. Use the server variable array instead.

$HTTP_SERVER_VARS['PHP_AUTH_USER']

If they are set, you never check the password, (maybe that's done in the else but you just didn't post it).

You probably have the call to the "header" function right, the forum software seems to be messing it up:

header('Location: http://localhost/PHP/jobs.v0.2.php');

iTZKooPA

How do I check on the global vars (just to make sure I know whats actually broke). And your right the forum was messing up the Location link, I had the samething you pasted.

The password portion isn't set because currently there is no password (this is just a bullshit test to make sure I can get everything going then I am gonna migrate) and I added in the vars array but the same problem is happening.

tomhath

It's all covered in the manual. You might have to follow a couple of the links here:

http://us2.php.net/register_globals

How you have it now, the only way to log in is with 'root' as the userid and something nonblank as the password. But it worked fine for me when I used the array.