PHP Authentication 3

wellmad · Feb 3, 2005

Hi,

I am fairly new to PHP programming and I would like to know whether you can use secure authentication in PHP without using a mySQL db? I will only be creating a really small site with maybe 3 or 4 users and feel that a whole sql db to store 3 usernames and their passwords is a little overkill! Does anyone know of a way of acheiving this? Or even if it is possible...

I would like to do it without SQl if posible because although it is possible to find free hosting packages that allow PHP, I cannot find any that include a mySQL db. Incidentally can anyone recommend a good free/cheap hosting provider (preferrably in the UK)? I have found one called freeola.com but have heard bad reports about these guys...

ericbrunson · Feb 3, 2005

Just write your user information to a file and read it.

ingresman · Feb 4, 2005

have a look at

http://www.supanames.co.uk

Bastien · Feb 4, 2005

or use an .htaccess file.

Also consider buying hosting on Ebay. I do that and have had no problems.

Bastien

I wish my computer would do what I want it to do,
instead of what I tell it to do...

jpadie · Feb 4, 2005

for what it is worth, here is a some code i knocked up to do file read/writes in a basic security environment. it works but there is bound to be a more elegant way of doing it.

To use: just cut and paste into a single php file and then call it from a browser.

Code:

<?
//scripted by Justin Adie, 4-4-2005
//this can be used by including the file in each of the pages you want to restrict to logged on users
session_start();
$file= "users.php"; //this is the variable for the user filename. use a php extension so that it gets parsed by the engine if accessed by a browser.  
if ($_SESSION['loggedon'] != "true" || $_REQUEST['actiontype']="logout")
{
	if (!isset($_REQUEST['actiontype']))
	{
		displayloginform();
		exit;
	}
	else
	{
		switch ($_REQUEST['actiontype'])
		{
			case "logout":
				logout();
				exit;
				break;
			case "logon":
				$g = logonuser($_POST['username'], $_POST['password']);
				if ($g===false)
				{
					displayloginform("Username or password error");
					exit;
				}
				//otherwise do nothing because login was successful!	
				break;
				
			case "registerme":
				displayregistrationform();
				exit;
				break;
				
			case "processregistration":
				if (!isset ($_POST['username']) || !isset($_POST['password']))  // test for illicit arrivals
				{	die ("Invalid input"); }
				else 
				{
					$g = processregistration($_POST['username'], $_POST['password']);
					if ($g === false) 
					{	
						die("There has been an error with your registration");
					}
					else
					{
						displayloginform();
						exit;
				
					}
				}
		}
		
	}
		
}

//everything is either "die()"'d or exited above
//do other things here or leave blank and use this from  calling page
die("You are logged in.  Click <a href=$_SERVER[PHP_SELF]?actiontype=logout>here</a> to log out.");





function displayloginform($msg="")
{
	if ($msg==="") {$disp="display:none";}else{$disp="";}
	echo "
		<html>
		<head>
			<style type='text/css'>
				body {text-align:center;}
				fieldset {border-style:groove; border-width:medium;}
				.form {width:300px; margin: 0px auto; }
				.row {clear:both;}
				.label {width:80px; text-align:right; float:left;}
				.field {width:100px; text_align:left; float:right;}
				.msg {color:red; $disp}
			</style>
		</head>
		<body>
		<div class='form'>
		<form name='logon' method='post' action=$_SERVER[PHP_SELF]>
		<fieldset>
			<legend>Login</legend>
			<input type='hidden' name='actiontype' value='logon' /> \r\n
			<div class='msg'>$msg</div>
			<div class='row'><span class='label'><label for='username'>User Name</label></span><span class='field'><input type='text' name='username' /></span>\r\n</div>
			<div class='row'><span class='label'><label for='password'>Password</label></span><span class='field'><input type='text' name='password' /></span> \r\n</div>
			<div class='row'><span class='field'><input type='submit' value='Logon' name='submit' /></span>\r\n</div>
			<div class='row'>Click <a href=$_SERVER[PHP_SELF]?actiontype=registerme>here</a> to register</div>
			</fieldset>
		</form>
		</div>
		</body>
		</html>
	";
}
function getuserdata()
{	
	//this function opens the password file and reads all data into 
	//an array which it hands back to the calling function
	
	global $file; //make sure that this is in a protected directory
	$fh = fopen($file,"a+"); //this sets the file handler. 
	$i=0;
	while (($data[$i] = fgetcsv($fh)) !== FALSE) {
   		$i++;
   }

	fclose($fh);
	// there will now be an array of arrays
	foreach ($data as $key=>$val)
	{
		$users[$val[0]]=$val[1];
	}
	return $users;
} 

function displayregistrationform()
{
	//this function just displays a basic registration form
	echo 
	"
		<html>
		<head>
			<style type='text/css'>
				body {text-align:center;}
				fieldset {border-style:groove; border-width:medium;}
				.form {width:300px; margin: 0px auto; }
				.row {clear:both;}
				.label {width:80px; text-align:right; float:left;}
				.field {width:100px; text_align:left; float:right;}
				
			</style>
		</head>
		<body>
		<div class='form'>
		<form name='register' method='post' action=$_SERVER[PHP_SELF]>
			<fieldset>
			<legend>Register User</legend>
			<input type='hidden' name='actiontype' value='processregistration' /> \r\n
			<div class='row'><span class='label'><label for='username'>User Name</label></span><span class='field'><input type='text' name='username' /></span>\r\n</div>
			<div class='row'><span class='label'><label for='password'>Password</label></span><span class='field'><input type='text' name='password' /></span> \r\n</div>
			<div class='row'><span class='field'><input type='submit' value='Register User' name='submit' /></span>\r\n</div>
			</fieldset>
		</form>
		</div>
		</body>
		</html>
	";
}
function processregistration($user, $pwd)
{
	//	this function takes the inputs and tests whether a user already exists with that name.
	//  if does not exist then write to file
	global $file;
	
	$users = getuserdata();  //reads the user data into the variable
	$md5_user = md5($user); //store user names and password as md5 for security
	$md5_pwd = md5($pwd);
	if (array_key_exists($md5_user,$users) === true)  //tests for existing user
	{
		return false;
	}
	else
	{	
		$fh = fopen($file, "a+");
		fwrite($fh,$md5_user.",".$md5_pwd);	//write the new user into the file
		fclose($fh);
		return true;
	}
}

function logonuser($user, $pwd)
{

	$users = getuserdata();  //reads the user data into the variable

	$md5_user = md5($user); //store user names and password as md5 for security
	$md5_pwd = md5($pwd);
	
	if (array_key_exists($md5_user,$users) === true)
	{
		if ($users[$md5_user] === $md5_pwd)	
		{
			$_SESSION['loggedon'] = "true";
			return true;
		}
		else 
		{
			if (isset($_SESSION['loggedon'])) 
			{
				unset ($_SESSION['loggedon']);
			}
			return false;
			
		}
	}
	else
	{
		if (isset($_SESSION['loggedon'])) 
		{
			unset ($_SESSION['loggedon']);
		}
		return false;
	}
}
function logout()
{
	if (isset($_SESSION['loggedon'])) 
		{
			unset ($_SESSION['loggedon']);
		}
	echo "You have been logged out.  Click <a href=$_SERVER[PHP_SELF]>here</a> to log in.";
}
?>

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

PHP Authentication 3

wellmad

Technical User

ericbrunson

Technical User

ingresman

IS-IT--Management

Bastien

Programmer

jpadie

Technical User

Similar threads

Part and Inventory Search

Sponsor