basic user authentication

zmack

Hey Guys,

I'm developing a database which will contain 'indivduals' information within a MySQL database. I'd like end users to be able to log on via the(www) and view only 'their own' information and not query the entire database in search for their record. What kind of functions within PHP/SQL will i have to get used to in order to get this baby up and running?

Thanks for taking the time to read this and help a novice.

-Abi

lentin64

If you connect to MySQL Database:
<?
if(!$PHP_AUTH_USER) {
header("WWW-authenticate: Basic realm=\"User Login\"");
header("HTTP/1.0 401 Unauthorized");
} else {

$connect=mysql_connect($someserver,$PHP_AUTH_USER,$PHP_AUTH_PW);
// please don't modify PHP_AUTH_USER
// and PHP_AUTH_PW

//something here

mysql_close($connect);
?>

lentin64

sorry.. wrong code..

<?
if(!$PHP_AUTH_USER) {
header("WWW-authenticate: Basic realm=\"User Login\"");
header("HTTP/1.0 401 Unauthorized");
echo "You are not registered.";
} else {

$connect=mysql_connect($someserver,$PHP_AUTH_USER,$PHP_AUTH_PW);
// please don't modify PHP_AUTH_USER
// and PHP_AUTH_PW

//something here

mysql_close($connect);
}
?>

zmack

Hi Steven,

this looks good, the php_auth_user, will i be referencing a particular table in my sql table? im assuming so. Im now wondering how i can take the user ID and password and create a dynamic page that will reproduce only one specfic record for this user as opposed to all the other user records. Thanks for being patient with me, i appreciate all your help.

[deleted]

Read this first:
http://www.php.net/manual/en/features.http-auth.php

once a person is logged in, his browser will send you his username with every request. You can use that username to find his records in the database.

Note: this is very basic/bad/not good/try it and forget about it/there are better ways/insecure and messy.