Independent Digital

Creating and managing dynamic websites using Php, MySql, HTML and Wordpress with a bit of PEAR on the side

Entries Comments



Email This Post    Print This Post   

Using PEAR:AUTH and PEAR:MDB2 to secure your website

23 March, 2007 (15:07) | MySQL, PEAR | By: clive

It’s easy and secure.

Requirements


It is assumed that you have a working knowledge of HTML and php and have the necessary PEAR packages installed. You will also need a database (I have used MySql here but you can use others, just make sure that you then install the necessary MDB2 driver for that database). The PEAR packages should include:

  • Auth - the authentication package
  • MDB2 - the database abstraction layer
  • MDB2_Driver_mysql - the MySql MDB2 driver
  • HTML_Quickform - which creates and processes HTML forms
  • HTML_Common2 - the abstract base class for HTML classes


    • The basic structure of the website


    I used the Andreas02 template created by Andreas Viklund for this tutorial. He has some greate templates, some of which are open source.

    This imaginary website consists of 4 pages, the main home or index page, a login page, a register page and a members page. I used the same HTML template (andreas02) for all the pages.

    Navigational structure


    The index page has a sidebar containing the login and register links. The user must register before he can log in. The login link takes the user to the login page where, on successfully logging in, the user is taken to the members page. The members page has a logout button which logs the user out and returns him to the index page. The register link takes the user to the register page. Successful registration takes the user to the login page. A failed registration takes the user back to the registration page and displays an error message. A failed login returns the user to the index page and displays an error message.

    The Index page


    This is basically the home page of the website and consists almost entirely of HTML. It is the standard Andreas02 template with a few php lines and 2 added links. The file is then saved as a php file.

    The Login page


    The login page uses the same Andreas02 template and includes some php code. This code displays a Quickform login form consisting of the username and password text boxes and a login button. On completing the form, the form is processed and the username and password are compared to those stored in the database. If a match is made, the user is redirected to the members page. If no match is made, the user is returned to the login page with an error message included in the URL. The login page uses Quickform to create and process the login form and MDB2 to connect to and query the database. It also uses Auth to authenticate the user.

    The Register page


    The register page uses the Andreas02 template and includes some php code. The code displays a Quickform consisting of the username and password text boxes and the register button. On completing the form, the form is processed and the database is querried to see whether the username exists. If it does then the user is returned to the register page with an error message stating that the user exists. If the user does not exist then the username and password are added to the database and the user is redirected to the login page. If the data is not added successfully to the database, then the user is redirected to the register page.

    The Members page


    The members page uses the Andreas02 template and includes some php code. The code displays a Quickform logout button. When clicked, it destroys cookies, sessions, flushes the output buffer, logs the user out and directs him to the index page.

    Download the file containing all the files for the imaginary website here

      Secure_site.zip (34.1 KiB, 223 hits)

    . Useful to analyse the use of the php code (commented) which shows how to use Auth, MDB2 and Quickform within a website.

    Hope you find this short tutorial useful. Let me know if you need any help using Auth, Quickform, MDB2 or Flexy.

    Bookmark and Share

    Sorry, there are no related posts but check these out

    « PEAR:Quickform FAQ’s - a reference guide
    Using Flexy in a simple web page - a tutorial »

    Comments

    Comment from clive
    Time: March 26, 2007, 1:10 pm

    To further secure your website, you can enable password encryption by changing the “cryptType” in the options array and also change the password element type to password in the Quickform forms.

    You can also conrol the username and password input by including validation rules in the registration and login Quickform forms. For example, you could require that the password be a minimum of 6 characters long.

    By using Quickform’s built in validation rules (or your own) you can determine the data included in your user database.

    Pingback from Independent Digital » Using PEAR:AUTH and PEAR:MDB2 to secure your website - bare essentials
    Time: April 10, 2007, 2:37 pm

    [...] Using PEAR:AUTH and PEAR:MDB2 to secure your website [...]

    Comment from Rimian
    Time: April 18, 2007, 2:58 am

    This is a good resource!

    Since there are reverse MD5 tables around then yes 6 characters minimum and force a number in the password field to avoid dictionary atacks.

    Pingback from MySQL general security guidelines. Part 1 | Independent Digital
    Time: February 29, 2008, 10:30 am

    [...] the following security guidelines so that you will be in a better position to protect your data.All security measures should apply to the entire server and not just the MySQL server in order to protect it from any and [...]

    Comment from Mirko
    Time: September 7, 2008, 12:36 am

    There is an error in download link… And code block are empty… Can you fix this problem or send me the tutorial?
    Thanks

    Comment from clive
    Time: September 9, 2008, 9:56 am

    sorry about the broken link. it’s fixed now and should work.
    regards

    clive