Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jun 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    user authentication

    Well im building my own user authentication system… and im running into a couple small problems with the login side of things. Of course users sign up and there information is placed in a database then when they go to login they enter there username and password and if they match up with the database then they are authenticated if they don’t match up then an error comes up. Simple…

    Now what I want to know what is the best way to have the authenticated users information pulled on different pages of the website.

    My thought is to load the user id# from the database and it place it on session… then on other pages it can grab the users settings by the users id #. Or would it be better to load the users username and password into a session and on each page it makes sure that the session username and password match, else an error to login.

    Another problem im running into is that I have the login script at login.mysite.com… now how can I set a session to work on the whole website… like home.mysite.com and www.mysite.com... Basiclly not only session on login.mysite.com

    Thank you.

  • #2
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    You should just store the userid in the session. You should never store the username and password. Matter of fact you don't even need to pull the username and password out of the database. You only need to query the database to ensure that a matching login exists. If a matching login exists then store the userid in the session.

    As for your other questions....is there a reason you are creating all of these other subdomains? Why not just have www.mysite.com/login and www.mysite.com/home?
    Last edited by Spookster; 11-07-2006 at 08:51 AM.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #3
    Regular Coder
    Join Date
    Aug 2006
    Location
    UK, London, Dartford
    Posts
    221
    Thanks
    3
    Thanked 14 Times in 14 Posts
    All you need to do to make sure, session still egsits just use a if isset e.g
    PHP Code:
    <?php
    if (isset($_SESSION['userid'])) {
        
    // DO stuff
    } else {
        
    // Show error, or redirct to login page.
    }
    ?>

  • #4
    New Coder
    Join Date
    Jun 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    All right so the best way is to get the number of results where POST_username and POST_password in the database... and if the number of results = 1 then you are logged in... else failed login...

    and as far as the subdomain... im trying to keep things more orginized, so is there a way to do this... maybe with .htaccess??

  • #5
    New Coder
    Join Date
    Jun 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    so basiclly...

    her is the login code...

    PHP Code:
    <?php
        
        session_start
    ();
        
            
    $form "<br/><br/>";
        
    $form .= "<form action=\"$_SERVER[PHP_SELF]\" method=\"post\">";
        
    $form .= "<table boarder=\"0\">";
        
    $form .= "<tr>";
        
    $form .= "<td>Username:</td>";
        
    $form .= "<td><input type=\"text\" name=\"username\"></td>";
        
    $form .= "</tr>";
        
    $form .= "<tr>";
        
    $form .= "<td>Password:</td>";
        
    $form .= "<td><input type=\"password\" name=\"password\"></td>";
        
    $form .= "</tr>";
        
    $form .= "</table>";
        
    $form .= "<input type=\"submit\" value=\"Login\" name=\"login\">";
        
    $form .= "</form>";
        
         if (
    $_POST['login']) {
        
               
    $username $_POST['username'];
            
    $password $_POST['password'];

            
    db_connect();
        
            
    $sql mysql_query("SELECT uid FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); 
            
    $row mysql_fetch_array($sql);
            
    $num mysql_num_rows($sql);

                if(
    $num!=0) {

                    echo 
    "<br><b>You are now authenticated with userid: $row[uid]</b>";
                      
    $_SESSION['userid'] = "$row[uid]";

                } 
                else {
        
                    echo 
    "<br/><b>Login Failed</b> Try Again!";
                    echo ( 
    $form );

                }

            
    db_disconnect();
        
            }
            else {
                echo ( 
    $form );
            }

    ?>

  • #6
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Yes the best way to authenticate is that way. Search the database to match the username and password and if their is a result then the login is valid. And in that query you would pull the userid and if the login is valid create a session for that user and store the userid in it.

    Subdomains have a purpose but typically not for that reason. It's for creating seperate sites within a domain. Trying to authenticate across multiple subdomains can become a development/maintenance nightmare. You have to ask yourself the question...Why do I need/want a subdomain? Does it make it more organized? Not really no. Creating the subdomain doesn't actually make for better organization. Matter of fact a subdomain typically points to a subdirectory within www.mysite.com so likely it is still organized as www.mysite.com/home.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •