At 15:21 10/11/2005, you wrote:
Message-ID: <20051110002409.38155.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Nov 2005 11:24:09 +1100 (EST)
From: JeRRy <jusa_98@xxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1489996746-1131582249=:37621"
Content-Transfer-Encoding: 8bit
Subject: Login Auth help? | Handling pages help? (2 questions)
Hi,
Need some ideas/opinions on a project I have.
The project is for a Radio Station (online one) where DJ's can login
to the site and do stuff and listeners can listen in live to the live feeds.
Now I downloaded a password protected code that uses MySQL to store
the info but it fails each time. It wont sucessfully login despite
setting the database up correctly etc. So instead of posting the
code here I would like to know peoples ideas/links on a method of
login. What I'd prefer to set is not a HTML login but more the
traditional popup box login. Like used on CPANEL.
The "popup box" is called HTTP authentication. There are some
specific $_SERVER variables associated with this which you can use -
AFAIK they weren't and still aren't reliably available on windows
installs of Apache on PHP, but on BSD / Linux / OSX installs it
should work fine.
You should use code adapted from this, then when you have $username
and $password, check both against your database (making sure they are
made 'safe' by removing slashes and so forth) : I use a function
called safestring() which does that stripping, else you can write
something yourself (such as use addslashes() from PHP)
if (isset($_SERVER["PHP_AUTH_USER"])) {
$username=safestring($_SERVER["PHP_AUTH_USER"]);
$password=safestring($_SERVER["PHP_AUTH_PW"]);
} else {
header("WWW-Authenticate: Basic realm=\"My Music Server\"");
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password
to access this resource\n";
exit;
}
The first time the script is hit, $_SERVER["PHP_AUTH_USER"] is *not*
set so it pops up the HTTP authenticate box using the headers shown.
When they are set, you can check the database, and see if the login
is valid. If it isn't a vaild username/password, send those headers
again until the user gets it right - possibly locking out their IP
for an hour after 3 unsuccessful attempts.
The username/password (details) will be stored to a database. Any
suggestions on fully working code?
Go to www.phpbuilders.com and search for 'database login code', we
won't duplicate it here.
Also each DJ will have a webpage within a database.
Why a webpage - did you mis-type that ? Better just to store some
information about them in the database and create the page
dynamically from that. Otherwise you manually have to edit the
database entry each time you want to update their page !
So updates to their pages will be made on the database, as I am not
really good at writing to a text file from PHP from a
webpage. Never learnt it to be honest, what would be
easiest/best? Writing to a database or a text file directly?
Database, it's what they're designed for.
That is it for now, if anyone is interested in the station itself to
listen to or see progress please feel free to reply and I'll post the url.
PS I'm working on the same system as you, online radio/webcam etc so
maybe it'd be nice to see what work you've done so far.
HTH
Cheers - Neil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
