Reputation: 31
simple authentication using credentials in php
I need to write and authenticate user based on username, password and some other credentials like some of their user information name, mail etc. or some other thing. How can we do that in php?
My login code with username and password. how to add some credentials also with this program for authentication:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if (!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str)
{
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if ($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if ($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry = "SELECT * FROM members WHERE login='$login' AND passwd='" . md5($_POST['password']) . "'";
$result = mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: member-index.php");
exit();
} else {
//Login failed
header("location: login-failed.php");
exit();
}
} else {
die("Query failed");
}
?>
if that credentials in dynamic that will be good. How to do that?
Upvotes: 3
Views: 547
Answers (1)
Reputation: 1462
admin, member, moderator.. this sounds like role association (role based authentication) to me! The thing here is that one role is usually given to more than one person.
In order to succeed you always need to authenticate first on the person itself, not the role,after that you decide the role. I guess it could go like this:
field 1, please enter username field 2, please enter password field 3, please select role (let's say he chooses admin) from select menu
then you php does that: 1. check username and password okay (mysql query). 2. check what roles are associated (mysql query) to this person (let's say memeber) 3. echo 'We are sorry you cannot enter the system as administrator but only as member'
And of course there are business rules that you apply to when somene has the right to take (or being removed) some role.
Upvotes: 1
Related Questions
- User/Admin login via PHP
- PHP login.. is there a better way to do that?
- User authentication PHP/SQL
- How do I authenticate a user in PHP / MySQL?
- Simple login connected to MySQL - whats wrong?
- PHP authenticating registered users
- authentication safely
- Authentication MySQL vs PHP?
- PHP Username/Password Security