Using PEAR:AUTH and PEAR:MDB2 to secure your website - bare essentials
This is a basic authentication system using the PEARS Auth package. It is very similar to the previous tutorial, authentication tutorial, but is far simpler in that it only has the bare essentials for an authentication system. You can add your own HTML, templates, etc.
The files
-
login.php
members.php
register.php
remove_user.php
user_removed.php
index.php
get_user_details.php
send_email.php
menu.php
You’ll need to create a table with 3 columns, username, password and email. Make sure that you change the configuration in the options array in each of the above files to allow connection to your database and table.
A brief description of each file
login.php This is the login page. It displays a login form. The user enters their user name and password, these are compared to those in the database and if they validate, the user is allowed access to the members page. If not, then the user is returned to the home page and an error message is displayed.
members.php This is the members only page. If the user is logged in then they are allowed access to this page. The page also checks the $user_ok variable which is set on successful login. If it is true then the user is allowed access to the page. If not then the user is returned to the home page. This variable is used to prevent access to the page by merely entering the address in browser.
register.php This page allows the new user to register by entering their username, password and email address. The new username is first checked with existing user names and only if it is unique, is the record stored in the database. If the new name is not unique, the user is returned to the register page and an error message is displayed. On successful registration, the user is redirected to the login page.
remove_user.php This page allows the user to enter their username and password. Their email address is retrieved from the database and an email sent to them to confirm the removal.
user_removed.php Once the user has clicked on the link provided in the email sent to them, they arrive at this page where they are given the final chance to delete their record. Once they delete it here, it is not reversible.
index.php This is the home page containing the menu.
get_user_details.php This page is accessed when the user has forgotten their username or password. It allows them to enter their email address which is then used by the send_email.php page.
send_email.php This page checks whether the email address entered in get_user_details.php is in the database. If it is then the username and a new password are sent to that address. If not then the user is redirected to the home page where an error message is displayed.
menu.php This is the menu containing the links to the various pages which are displayed on each page.
Get the files
These files can be downloaded here. Each one contains easily understood comments which explains the logic of the files. Once you have read through them, it will be very easy to adapt these files to suite your needs. Download
Sorry, there are no related posts but check these out
Comments
Comment from muziq
Time: April 20, 2007, 11:36 pm
there’s a few things I’ve noticed about these files, although I really liked this tutorial - covers lots of usefull aspects to using PEAR Auth.
members.php failed due to no ob_start() in the code
login.php failed because ob_start() was below the first echo,
also I’m having strange behaviour with the email address sometimes not being added to the database, although not all the time which is weird…
Anyway, thanks again for this otherwise great tutorial.
Comment from jes
Time: June 15, 2007, 7:23 am
im having an error in the register page in this line:
$result = $mdb2->query($query);
the error is:
PHP Fatal error: Call to undefined method MDB2_Error::fetchRow() in \register.php on line 80
help please
Comment from clive
Time: June 15, 2007, 9:26 am
hi
this runs fine on my set up - php 4.4.2
is your version of php later than this? if not, try upgrading to the latest version of php.
good luck
regards
clive
Comment from tkane2000
Time: November 26, 2007, 12:44 am
I get the same error as jes:
[25-Nov-2007 17:26:04] PHP Fatal error: Call to undefined method MDB2_Error::fetchRow() in C:\Users\Trevor\workspaceFlex3.2.2\EastPleastant\htdocs\auth\basic_auth\register.php on line 70
I have php5.2.5. Any plans to update code?
Comment from clive
Time: November 26, 2007, 11:05 am
hi
sorry i can’t help - too busy. perhaps someone else that experienced the same problem and managed to overcome it can comment here.
regards
clive
Comment from werik
Time: January 17, 2008, 8:21 pm
Had the same error as #3 & #5, resolved it by changing the table name in the select query on line 66 to represent the table I just created
Pingback from Cool Website Directory » Blog Archive » Search Web Site - Press Release: New look website for Britain s leading retirement … - E-consultancy (press release)
Time: April 10, 2007, 11:22 pm
[...] Using PEAR:AUTH and PEAR:MDB2 to secure your website - bare essentialsIt is very similar to the previous tutorial, http://www.idig.za.net/using-pearauth-and-pearmdb2-to-secure-your-website/2007/03/23/ but is far simpler in that it only has the bare essentials for an authentication system. … [...]