Thread: How to attach Database to a site
View Single Post
  #2 (permalink)  
Old 06-01-2005, 07:36 PM
jitender's Avatar
jitender jitender is offline
Site Admin
  
Join Date: Jun 2004
Posts: 1,200
jitender has a spectacular aura aboutjitender has a spectacular aura aboutjitender has a spectacular aura about
iTrader: (0)
Default
The first step to building a simple user authentication system is to create the table in your database that stores the login information. In this script we use one mysql table called"'logins", and the login name and password fields are stored in a hashed (md5) and encrypted state for security reasons. The function that issues the SQL command to create this table looks like this:

PHP Code:
function MakeTableLogins($database$host$db_user$db_pass) {//create the logins table
$linkID mysql_connect($host$db_user$db_pass); 
mysql_select_db($database$linkID); 
mysql_query("create table logins (user char(32), pasword char(32))"$linkID); 


This should be called by passing the name of the database, database server host and the username password for that database server.

We only use one way encryption because our script never needs to know the actual plaintext of the username or password, its only must decide if the supplied information matches the information from the table. This is done by performing the same hash/encrypt routine on the inputted data and then comparing those values to the database. The function this script uses to return the encrypted data looks like this:

PHP Code:
function Encrypt($string) {//hash then encrypt a string 
$crypted crypt(md5($string), md5($string));
return $crypted;


The next thing our script will have to be able to do is to add the requried users records to the table. We cannot do this by hand because the data is encrypted so there is a function that handles this also:

PHP Code:
function AddUser($database$host$db_user$db_pass$username$password) { //add user to table logins 
$linkID mysql_connect($host$db_user$db_pass);
mysql_select_db($database$linkID);
$password encrypt($password);
$username encrypt($username);
mysql_query("insert into logins values ('$username', '$password')"$linkID);


The next and final piece to our script is the actual login function. This function is passed arguments of the database login information, and the username and password the user supplied. The function returns true if the user information matches the data in the table exactly and false if they do no match.

PHP Code:
function Login($database$host$db_user$db_pass$user$password) { //attempt to login false if invalid true if correct 
$auth false;
$user Encrypt($user);

$linkID mysql_connect($host$db_user$db_pass);
mysql_select_db("$database"$linkID);
$result mysql_query("select password from logins where user = '$user'"$linkID);
$pass mysql_fetch_row($result);
mysql_close($linkID);

if ($pass[0] === (Encrypt($password))) {
$auth true;
}
return $auth;
__________________
Free Webmaster Tools - Free SEO Tools
phpLDHacks - Add your template or Hack and earn money
Text Link Ads - Buy & Sell text link ads
Reply With Quote