auth using php realm with mysql

Posted on 2005-04-23
Medium Priority
Last Modified: 2013-12-12
i want to use apache realm aut but not with .htacess and .htpasswd but with mysql so that it will auth the user by checking the username and password againiest mysql database.....how can i do this???
Question by:neutrongenious
  • 2
  • 2
LVL 49

Accepted Solution

Roonaan earned 150 total points
ID: 13853397
Well php auth is quite "easy" to write yourself:

  $authorized = false;
    or die('No db connection');
  mysql_select_db('some database')
    or die('No db connection');

  if(!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']))
    $username = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
    $password = mysql_real_escape_string($_SERVER['PHP_AUTH_PW']);
    $query = "SELECT id FROM usertable WHERE".
             " `username` = '$username' AND".
             " `password` = '$password' LIMIT 1";
    $result = mysql_query($query);
      $authorized = (mysql_num_rows($result) == 1);
    Header('WWW-Authenticate: Basic realm="My Websites Realm" ');
    Header("HTTP/1.0 401 Unauthorized");
    echo "Action cancelled: Try again";


Author Comment

ID: 13854688
thanks for the reply it works fine.
now tell me i want to use this user's info in some areas how can i use them....
should i store them in a session or what?????
and what if i want to provide that user logoff info....
LVL 49

Expert Comment

ID: 13856621
Yes, you would store such data in a session.

Add <?php session_start();?> as the first line of code, and you can store and retrieve anything you want in and from the $_SESSION array.

I am not sure wether or not you can unset($_SESSION['PHP_AUTH_USER']) but then again, you could have a go at it. Otherwise you have to add some additional code, which makes your session invalid when someone tries to login.


Author Comment

ID: 13861205
thanks this solves my problem

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses
Course of the Month13 days, 21 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question