PHP page that we would need to carry out a restricted access by key and password for multiple users, where each one has their own access data, which is saved in the database.
We are going to see the PHP pages that we would need to carry out a restricted access by key and password for multiple users, where each one has their own access data. Note: This article is intended to supplement the manual. In fact, in this article we are only going to deal with the page that collects the user’s data (his name and password) and checks if they are correct, redirecting to the secure application (if the data corresponds to any user in the database). , or to the entry page (if the data did not correspond to any registered user).
The first thing is to remember the scheme of pages of the proposed authentication system. We can see it in the article. We are going to try to place here a code for the page “I check data”
The database
The database that we are going to use will contain a table for the users, where each one will have at least two fields: a username and a password, both of text type.
User table Field name Field type user_name Text user_key Text
In a user database, the username should be a unique value, unrepeatable for another user, that is, we cannot have two users with the same name. For this reason, the user_name field could be the primary key of the table, although we could also have created an additional field, called for example user_id, of autonimeric type and placed it as the primary key.
In order not to insert two users with the same username, when inserting them into the table, we will check that there is no user already entered with the username to be inserted. We are not going to see this step, although important, since we are only going to focus on deciding whether or not a user can enter the application, assuming that the users are already inserted in the database.
In the example we assume that we use a MySQL database, however, any type of database can be used for objectives such as the ones we propose.
How the script works
The script that will be used to decide whether or not a user can enter the application is very simple. It simply makes a call to the database to check if the authentication data written by the visitor (username and password) correspond to that of any user. If so, entry is allowed and if not, it is denied.
The first thing would be to open a connection with the database and select the database with which we have to work.
// connect to the database
$conn = mysql_connect(“server”,”user”,”password”);
//select the database
mysql_select_db(“db_name”,$conn);
A second step is to build an SQL statement that allows us to check whether or not a user exists with the authentication data entered. We use a simple SELECT statement, on the users table, where users with the same username and password entered in the access page are extracted.
//SQL statement to search for a user with that data
$ssql = “SELECT * FROM username WHERE username=’$username’ and username_key=’$password'”;
// Execute the statement
$rs = mysql_query($ssql,$conn);
If that SELECT statement responds with any record found, we will know that there is a user whose authentication data perfectly matches those entered. In that case we can carry out the actions aimed at allowing access. On the contrary, if the SELECT statement does not find any record, we will know that there is no user with the authentication data entered and therefore, we must carry out the actions aimed at restricting access.
if (mysql_num_rows($rs)!=0){
//valid username and password
// define a session and save data
session_start();
session_register(“authenticated”);
$authenticated = “YES”;
header(“Location: application.php”);
} else {
//if it doesn’t exist, I’ll send it back to the front page
header(“Location: index.php?usererror=yes”);
}
The actions to restrict or allow access are exactly the same as those we have been using in the control script without using the database. So we are not going to comment on them further, but we refer you to the article where we explain them.
The complete code of the example would be the following.
// connect to the database
$conn = mysql_connect(“server”,”user”,”password”);
//select the database
mysql_select_db(“db_name”,$conn);
//SQL statement to search for a user with that data
$ssql = “SELECT * FROM username WHERE username=’$username’ and username_key=’$password'”;
// Execute the statement
$rs = mysql_query($ssql,$conn);
// see if the username and password is valid
//if the execution of the SQL statement gives us some result
//it is that this username/password combination exists
if (mysql_num_rows($rs)!=0){
//valid username and password
// define a session and save data
session_start();
session_register(“authenticated”);
$authenticated = “YES”;
header(“Location: application.php”);
} else {
//if it doesn’t exist, I’ll send it back to the front page
header(“Location: index.php?usererror=yes”);
}
mysql_free_result($rs);
mysql_close($conn);
?>
Note: It is important to note that this page should not contain any text before the opening of the PHP code, not even line breaks. This is because at the end a redirection is performed and this type of instruction can only be executed if no character has been written in the body yet. To be more specific, this is the error we get if we write before on the send headers page:
Warning: Cannot add header information – headers already sent by (output started at /htdocs/examples/autentif-php_bbdd/control.php:2) in /htdocs/examples/autentif-php_bbdd/control.php on line 26
Another coding possibility
Prior to the publication of this article, Hector Varón, a .com reader, sent us a control code that is basically the same as the one we have explained, although with some differences that make it interesting for publication.
We include it so that those interested can download it, and from here we send our thanks to Hector.
.
Facebook Comments
Disqus