Home arrow PHP arrow Page 2 - Authentication Scripts for a User Management Application

Script Explained - PHP

In this article we will continue to discuss the application-wide scripts that we started to talk about in the last article. These special scripts are used by all the scripts and pages of the application. We will continue to look at the func.inc script that has several useful functions defined in it. This article is the third part of a nine-part series.

TABLE OF CONTENTS:
  1. Authentication Scripts for a User Management Application
  2. Script Explained
  3. Function Continued
  4. The logout script
By: David Web
Rating: starstarstarstarstar / 7
December 01, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The first function checks to see if a given user has admin access. It takes one parameter, which is the user ID. It uses this id to run a query and check the user access level.

First, a query is defined:


function isadmin($id){

//run query to check if this user is admin

$sql = "SELECT level FROM users WHERE uid='".$id."'";


Then the query is run using the mysql_query() function:


$res = mysql_query($sql);


Then a check is made to determine whether or not the query was successful, using the $res variable that contains the result of the query. If the result has a value, then it means that the user id is valid. In that case, the access level is retrieved:


if($res){

$row= mysql_fetch_assoc($res);


Next, the code checks the access level. If it is admin, then the function returns true:


if($row['level'] == 'admin'){

return TRUE;

}else{


Otherwise it returns false:


return FALSE;

}

}

}


The next function is called the isAuthed() function. It is responsible for checking to see if a user is authenticated. It should be used on the very top of every page to ensure that anyone who accessed a particular page has the right to be there.

The function takes one parameter. It essentially works by checking to see if the session variable is set. In this case, it will be the username that is set when the user logs in. Below is the code:


function isAuthed($uname){

if(isset($uname)){

return TRUE;

}else{

return FALSE;

}

}


It can be used in the following way:

if(isauthed){

//user is authenticated, can view the page

}else{

//the user is not authenticated, redirect to login page

}


The function is very easy to understand. First it takes the given name and checks to see if it is set. If so, the function returns true


if(isset($uname)){

return TRUE;

}else{


Otherwise, the function returns false, which basically means that the username is not set; therefore, the user that is trying to access this particular page does not have the right to do so:


return FALSE;


The next function is called genpass(). It does not take any parameters. It is responsible for generating a random password. It will be used during the registration process, and features the following code:


function genpass()

{

//This function generates a 7 character password

$chars = "1234567890abcdefGHIJKLMNOPQRSTUVWxyz
ABCDEFghijklmnopqrstuvwXYZ1234567890";

$thepass = '';

for($i=0;$i<7;$i++)

{

$thepass .= $chars{rand() % 39};

}

return $thepass;

}


It is used like so:


$randpass = genpass();



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: