...

View Full Version : user authentication



ChadWick
11-07-2006, 05:08 AM
Well im building my own user authentication system… and im running into a couple small problems with the login side of things. Of course users sign up and there information is placed in a database then when they go to login they enter there username and password and if they match up with the database then they are authenticated if they don’t match up then an error comes up. Simple…

Now what I want to know what is the best way to have the authenticated users information pulled on different pages of the website.

My thought is to load the user id# from the database and it place it on session… then on other pages it can grab the users settings by the users id #. Or would it be better to load the users username and password into a session and on each page it makes sure that the session username and password match, else an error to login.

Another problem im running into is that I have the login script at login.mysite.com… now how can I set a session to work on the whole website… like home.mysite.com and www.mysite.com... Basiclly not only session on login.mysite.com

Thank you.

Spookster
11-07-2006, 08:48 AM
You should just store the userid in the session. You should never store the username and password. Matter of fact you don't even need to pull the username and password out of the database. You only need to query the database to ensure that a matching login exists. If a matching login exists then store the userid in the session.

As for your other questions....is there a reason you are creating all of these other subdomains? Why not just have www.mysite.com/login and www.mysite.com/home?

Lee Stevens
11-07-2006, 01:02 PM
All you need to do to make sure, session still egsits just use a if isset e.g


<?php
if (isset($_SESSION['userid'])) {
// DO stuff
} else {
// Show error, or redirct to login page.
}
?>

ChadWick
11-07-2006, 04:32 PM
All right so the best way is to get the number of results where POST_username and POST_password in the database... and if the number of results = 1 then you are logged in... else failed login...

and as far as the subdomain... im trying to keep things more orginized, so is there a way to do this... maybe with .htaccess??

ChadWick
11-07-2006, 05:04 PM
her is the login code...



<?php

session_start();

$form = "<br/><br/>";
$form .= "<form action=\"$_SERVER[PHP_SELF]\" method=\"post\">";
$form .= "<table boarder=\"0\">";
$form .= "<tr>";
$form .= "<td>Username:</td>";
$form .= "<td><input type=\"text\" name=\"username\"></td>";
$form .= "</tr>";
$form .= "<tr>";
$form .= "<td>Password:</td>";
$form .= "<td><input type=\"password\" name=\"password\"></td>";
$form .= "</tr>";
$form .= "</table>";
$form .= "<input type=\"submit\" value=\"Login\" name=\"login\">";
$form .= "</form>";

if ($_POST['login']) {

$username = $_POST['username'];
$password = $_POST['password'];

db_connect();

$sql = mysql_query("SELECT uid FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
$row = mysql_fetch_array($sql);
$num = mysql_num_rows($sql);

if($num!=0) {

echo "<br><b>You are now authenticated with userid: $row[uid]</b>";
$_SESSION['userid'] = "$row[uid]";

}
else {

echo "<br/><b>Login Failed</b> Try Again!";
echo ( $form );

}

db_disconnect();

}
else {
echo ( $form );
}

?>

Spookster
11-07-2006, 05:18 PM
Yes the best way to authenticate is that way. Search the database to match the username and password and if their is a result then the login is valid. And in that query you would pull the userid and if the login is valid create a session for that user and store the userid in it.

Subdomains have a purpose but typically not for that reason. It's for creating seperate sites within a domain. Trying to authenticate across multiple subdomains can become a development/maintenance nightmare. You have to ask yourself the question...Why do I need/want a subdomain? Does it make it more organized? Not really no. Creating the subdomain doesn't actually make for better organization. Matter of fact a subdomain typically points to a subdirectory within www.mysite.com so likely it is still organized as www.mysite.com/home.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum