Location: PHPKode > scripts > burnauth > burnauth/burnauth.php
<?
/*
File: burnauth.php
Belongs to Script Name: Burning Auth V 1.0
Author: Luca Vignaroli
Email: hide@address.com

Description:
Burning Auth is a script to handle user authenticated access to php scripts. 
The goal is quite simple: protect from unauthorized access those pages who 
need to be kept under admin control, such as data/content administration and/or
members only areas on a website.

Security is achieved through a database authentication and mantained with a 
Session variable set to the authenticated user's name. Every page can be protected
including the file 'shield.php'; at the beginning of it.

Check out the file README for installation instructions. This script is freeware.
*/

class burnauth{
	//!!CHANGE THESE VALUES TO REFLECT YOUR SERVER'S SETTINGS!!
	var $HOST;	
	var $DBUSERNAME;
	var $DBPASSWORD;
	var $DBNAME;
	var $loginpage;
	
	//Constants Init (PHP4)
	function burnauth() {
		$this->HOST = "localhost";	// DB HOST
		$this->DBUSERNAME  = "root";	// USERNAME
		$this->DBPASSWORD = "";	        // USER PASSWORD
		$this->DBNAME = "dbname";	// DB NAME
		$this->loginpage = "login.php";	//Login Form Page (include the file's path here if needed)
	}//END: Function Variables INIT
	
	//Draw Form Function, just to provide lazy asses something to avoid designing some html by themselves
	function drawloginform($errormsg) {
		echo "<center><form method=post action='$this->loginpage?mode=submit'>";
		echo "<table border=0 cellpadding=0 cellspacing=0 width=200>";
		echo "<tr><td align=right>Username:</td><td align=left><input type=text name='user' style='width : 100px;'></td></tr>";
		echo "<tr><td align=right>Password:</td><td align=left><input type=password name='pass' style='width : 100px;'></td></tr>";
		echo "<tr><td align=right>$errormsg</td><td align=left><input type=submit name='Login' value='Login'></td></tr>";
		echo "</table></form></center>";
	} // END: Draw Login Form
		
	/*SHIELD FUNCTION - checks for username and password's presence in the users database and 
	  grants access to the following script, otherwise it redirects to a "Access Denied" page */
	function shield($username, $password) {
		//SQL query to fetch the user's row from the database
		$sql = "SELECT * FROM USERS WHERE USERNAME='$username' AND PASSWORD='$password'";
		//SQL query to prepare an eventual update of the LASTTIMEHERE field
		$updatelt = "UPDATE USERS SET LASTTIMEHERE = NOW() WHERE USERNAME='$username'";
		//DB connection
		$conn = mysql_connect($this->HOST, $this->DBUSERNAME, $this->DBPASSWORD);
		$dbsel = mysql_select_db($this->DBNAME);
		$rs = mysql_query($sql); 
		
		//Fetching the array and counting the rows returned
		$numrows = mysql_num_rows($rs);
		$row = mysql_fetch_array($rs);
		
		// No Martini? NO PARTY!!
		if ($numrows == 0) {
			return false;
		}
		elseif (($row[USERNAME] != $username) || ($row[PASSWORD] != $password)) {
			//Wrong username or Password
			return false;
		}
		else {
			/*The user is OK, let's let him in! .. not before updating his last login date.
			  and the session name to his username but only if he's not logged already*/
			if ((!isset($_SESSION['user'])) || ($_SESSION['user']!= $username)) {
				$_SESSION['user'] = $username;
				$update = mysql_query($updatelt);
			}
			return true;
		}
		mysql_free_result($result);
		mysql_close($this->DBNAME);
	} // End: shield function
	
	// List Users Function
	function listusers() {
		$sql = "SELECT * FROM USERS ORDER BY ID DESC";
		$conn = mysql_connect($this->HOST, $this->DBUSERNAME, $this->DBPASSWORD);
		$dbsel = mysql_selectdb($this->DBNAME);
		$rs = mysql_query($sql);
		
		echo "<hr>";
		echo "<b>USERS LIST:</b><br><hr>";
		echo "<p>";
		while ($row = mysql_fetch_array($rs)) {
			echo "<a href='admin.php?mode=edit&uid=$row[ID]'>|-Change----| </a><b>". strtoupper($row[USERNAME]) . "</b><a href='admin.php?mode=del&uid=$row[ID]'> |----Delete-|</a><br>";
		}
		echo "</p>";
		echo "<hr>";
		echo "|<a href='admin.php?mode=new'>Insert New</a>|";
		echo "<hr>";
	} //END: FUNCTION LISTUSERS
} //End: Burnauth Class
?>
Return current item: burnauth