Authenticate and Track Users with PHP
Page 3 —
Validation Against a Flat File
Suppose you have a text file in which your usernames and passwords are separated by colons, such as:
joe:ai890d
jane:29hj0jk
mary:fsSS92
bob:2NNg8ed
dilbert:a76zFs
You can create a loop that will split apart these usernames and passwords before attempting to match them against $PHP_AUTH_USER and $PHP_AUTH_PW. First, open the file containing the list and read the contents into a variable called $file_contents:
|
$filename = "/path/to/file.txt";
$fp = fopen($filename, "r");
$file_contents = fread($fp, filesize($filename));
fclose($fp);
|
Now the $file_contents variable contains all of the characters in the username/password file; it's stored as one long string with carriage return characters. We can now use the
explode() function to separate this string into something we can use. The explode function is simple and very handy: It allows you put portions or a string into array elements by designating a separation character. For instance, if we were to explode the string "blah1;blah2;blah3," using the semicolon as a separation character, we'd end up with array with three elements: blah1, blah2, and blah3.
First, we want to put each username/password pair into its own little array element. We'll explode the $file_contents variable into an array called $line — the separator is the carriage return character. |
$line = explode("\r", $file_contents);
|
Now each element of $line ($line[0], $line[1], etc.) contains a username/password pair (joe:ai890d, jane:29hj0jk, etc.). You need to explode these little guys one step further to get the username as one array element and the password as another. To do this, use a loop:
|
// loop for as long as $line has stuff in it
while($i <= sizeof($line)) {
// explode to get username and password
$data_pair = explode(":", $line[$i]);
// try to find a match
// if match exists, assign value of 1 to $auth and break out of the loop
if (($data_pair[0] == "$PHP_AUTH_USER") && ($data_pair[1] == "$PHP_AUTH_PW")) {
$auth = 1;
break;
// if match doesn't exit, assign value of 0 to $auth
} else {
$auth = 0;
}
// increment to continue looping
$i++;
}
|
Next, do something with the value of $auth. The goal is a value of 1, so if $auth == 1, the user is authorized and there is much rejoicing. However, if $auth == 0, the user doesn't belong, so pop up that nasty box one more time:
|
if ($auth == "1") {
echo "You're authorized! ";
exit;
} else {
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
|
The whole script looks something like this. You're also welcome to see this script in action.
|
<?php
// File Name: auth03.php
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
exit;
} else if (isset($PHP_AUTH_USER)) {
// If non-empty, open file containing valid user info
$filename = "/path/to/file.txt";
$fp = fopen($filename, "r");
$file_contents = fread($fp, filesize($filename));
fclose($fp);
// Place each line in user info file into an array
$line = explode("\n", $file_contents);
// For as long as $i is <= the size of the $line array,
// explode each array element into a username and password pair
$i = 0;
while($i <= sizeof($line)) {
$data_pair = explode(":", $line[$i]);
if (($data_pair[0] == "$PHP_AUTH_USER") && ($data_pair[1] ==
"$PHP_AUTH_PW")) {
$auth = 1;
break;
} else {
$auth = 0;
}
$i++;
}
if ($auth == "1") {
echo "<P>You're authorized!</p>";
exit;
} else {
header('WWW-Authenticate: Basic realm="My Private Stuff"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
}
?>
next page»
|
|
