Return to the HTML Tips
Simple Password Authentication script using PHP and Sessions
From the Lockergnome.com newsletter - Web Development: November 11, 2003 This week, Raphael Pirker has a Simple Password Authentication script for you to digest: If you're one of the many who need to protect content on their Website, I have put together a little piece of code that protects your little realm using PHP and Sessions. The users are included in a mySQL database. Configuration is simple; I'll walk you through it step by step. The database layout for the authentication module can be from a simple database with 3 columns to a complete user information database with addresses, phone numbers and other information. As always, the article shows the most basic setup leaving it up to you to do further exploration. :) I assume you (or your host) already have a mySQL database and phpMyAdmin installed. Log in to the interface and run the following SQL code: CREATE TABLE `users` ( `id` tinyint(4) NOT NULL auto_increment, `user` varchar(15) NOT NULL default '', `pass` varchar(15) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=1 ; The database is created.... now we need a login page. Be aware that the input names must be "user" and "pass" for username and password, in case you're coding your own! Here's my login.htm:<html> <head> <title>Login Page</title> </head> <body> <form action="<?=$PHP_SELF;?>" method="post"> <table width="300" border="0" cellspacing="1" cellpadding="2"> <tr> <td width="55">User:</td> <td width="237"><input name="user" type="text" maxlength="15"></td> </tr> <tr> <td>Pass:</td> <td><input name="pass" type="password" maxlength="15"></td> </tr> <tr> <td>?</td> <td><input type="submit" value="Submit"></td> </tr> </table> </form> </body> </html> I've stripped this down to a minimum, obviously. You can let your imagination run free for the design of your own login page! Save it as login.htm when you're done. Next up is the Basic User Authentication file. The function is made so you only need to include() it at the top of your PHP page and it does its magic. More of that later... first, here's the code. Save it as basic_auth.php or similar, then do the configuration (see the comments provided). 'localhost', // mysql host 'port' => '3306', // mysql port 'user' => 'username', // mysql user 'pass' => 'password', // mysql password 'dbase' => 'database' // mysql database ); $db_config = array( 'table' => "users", // table name for user information 'id' => "id", // column for primary key or user ID. 'user' => "user", // column for user information 'pass' => "pass" // column for user's password ); // no need to edit beyond this point! $db = @mysql_connect($mysql_config['host'].":".$mysql_config['port'],$mysql_config ['user'],$mysql_config['pass']); @mysql_select_db($mysql_config['dbase']); // start session session_start(); // functions... function isAuthenticated($u='',$p='') { global $db,$db_config,$reqAuth; if ($_SESSION['uid'] == 0 && $reqAuth == 1) { $result = @mysql_query("SELECT ".$db_config['id']." FROM ".$db_config['table']." WHERE ".$db_config['user']."='$u' AND ".$db_config['pass']."='$p'",$db); $row = @mysql_fetch_array($result); if (@mysql_num_rows($result) > 0) $_SESSION['uid'] = $row[0]; else $_SESSION['uid'] = 0; } else $_SESSION['uid'] = 0; return $_SESSION['uid']; } function doLogOut() { unset($_SESSION['uid']); } // starting the functions if ($_GET['logout'] == 1) doLogOut(); if (!isAuthenticated($user,$pass)) { @include("login.htm"); exit(); } ?> Once you're done, fire up Notepad or Dreamweaver or whatever editor you use for PHP and start coding the first password-protected page:Welcome to my Secret Realm!
Your ID in the database is: The last line shows how that the unique UserID from the user database is stored in the variable $uid. You can use the $uid variable to retrieve further information from the authenticated user stored in the database. Logging the user out of the authentication system is just as easy as logging him in. Use this code anywhere on your authenticated page:<a href="<?=$PHP_SELF;?>?logout=1"?>Log out</a> That's it for user authentication. You can now start adding users through the phpMyAdmin interface.
[report a broken link by clicking here]