• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

User authentication with .htaccess and mySQL

7

777php

Diamond Member
I have a server running red hat 7.1 and apache with php and mysql. I am trying to implement user authentication via the .htaccess protocol but I would also like apache to pass the variable to php so it can then in turn pass the variable to mySQL.

mySQL would then query the database for the access level id for each user that has been properly authenticated. PHP would then enable users to view data according to their access level id. I am having trouble writing code that can effectively do this.

Basically I am trying to pass a variable $remote_user to PHP to pass on to mySQL. mySQL then queries the database for information to then be passed back to PHP for additional handling.

Any help would be great guys. Thanks.
 
i can't recall for sure (not at home, but i can check tomorrow) but i'm pretty sure you can use environment variables pretty easily, just by making a variable & assigning it the value of $remote_user

$htaccess = "$remote_user";

or whatever variable name you prefer.
 
thanks....that would be great....I need an example to work from.

I'm stuck so far...the variable doesn't seem to be passing.
 
ok, i was kinda getting confused w/ remote_user & remote_addr.

is remote_user an environment variable?
if so, here's what i think u should do

$htaccess = getenv("remote_user");

or I need more information... like is $remote_user the variable you are creating ? or env. variable ?
 
I believe that .htaccess creates the variable for you when you use it as your authentication method.

I'm trying to pass that variable to PHP so I can use it to grab some data from mySQL. Basically I need for the username to be cross-referenced with a couple of tables in mySQL.

In turn if the username passes all the requirements then it is kicked to a specific page.

I'll try this line but, it is similar to something that I have already tried. I'll keep you posted, thanks for your help so far.

$htaccess = getenv("remote_user");

 
I acutally found that the variable being passed was $PHP_AUTH_USER and not $remote_user.

I used this script to handle the variable in php.

if(!isset($PHP_AUTH_USER)) {
header("WWW-Authenticate: Basic realm=\"Your Realm\"");
header("HTTP/1.0 401 Unauthorized");
echo "401 message.\n";
exit;
} else {
echo "<p>Hello $PHP_AUTH_USER.</p>";
}

Now all I need to do is to be able to take the $PHP_AUTH_USER variable and reference it to it's mySQL database entry and have PHP redirect the user according to his/her information. (In this case it is $access_id on row 3 of table 'users')

How do I do this?
 
well, that should just take a sql statement.

ie.

SELECT *
FROM users
WHERE $access_id = $PHP_AUTH_USER


? will that work. i take it the $PHP_AUTH_USER variable is the same as an entry in the $access_id field in the users table.
if not, i need to know a bit more about ur db.

if u wanna chat, use MSN or AIM if ya got it
 
I am not familiar with sql, I'm just beginning to learn it.

If I were to write a php statment with the SQL query that I am trying to make it would be similar to the following w/o proper syntax

variables

$PHP_AUTH_USER
$access_id

if ($PHP_AUTH_USER== ($access_id > 1))
then
echo "redirect to specific page";

I need sql to query the user id first and then cross-reference the access id which is on a scale of 0 to 5. If the ID is greater than 1 then the user is allowed to go to a specific page, if not then user is redirected to another page altogether.

Can I use a sql query to grab all that info and then declare them as variables to then use in PHP?
 
I'm assuming that $access_id is in the same table, but if not you could link them with a foriegn key probably. But anyways:

$sql = "SELECT access_id from your_table where user_id = '$PHP_AUTH_USER'";
//db connection stuff here
//run query
while($row=mysql_fetch_array($query_result)) {
$access_id = $row['access_id'];
switch($access_id) {
case 1:
//some code
break;
case 2:
//some code
break;
case 3:
//some code
break;
deafault:
//some code
}
}

i hope this helps some.
 
I've tried using your code docmanhattan and I can't seem to get it to work properly, here is my code.

<?php

include "/var/www/html/php/common_db.inc";

if(!isset($PHP_AUTH_USER)) {
header("WWW-Authenticate: Basic realm=\"Realm\"");
header("HTTP/1.0 401 Unauthorized");
echo "You are not authorized to use the see this page.\n";
exit;
} else {
echo "<p>Hello $PHP_AUTH_USER.</p>";
}

$link_id = db_connect('database');

$result = mysql_query("SELECT access FROM users WHERE userid = '$PHP_AUTH_USER'");

while($row = mysql_fetch_array ($result)) {
$access = $row['3'];

switch($access) {
case $access=0:
echo ("You have an access id of 0.");
//$location = "http://www.anypage0.com";
break;
case $access=1:
echo ("You have an access id of 1.");
//$location = "http://www.anypage1.com";
break;
case $access=2:
echo ("You have an access id of 2.");
//$location = "http://www.anypage2.com";
break;
case $access=3:
echo ("You have an access id of 3.");
//$location = "http://www.anypage3.com";
break;
case $access=4:
echo ("You have an access id of 4.");
//$location = "http://www.anypage4.com";
break;
case $access=5:
echo ("You have an access id of 5.");
//$location = "http://www.anypage5.com";
break;
}
}

?>

I have two instructions for each case statement, I've commented out the page forwarding for the sake of seeing if the code works without having to be redirected. As of now, the echo statements are not working, so somewhere the variable is not being passed. What's wrong with my code?
 
Incorrect use of switch and case. Corrected below:

switch($access) {
case 0:
echo ("You have an access id of 0.");
//$location = "http://www.anypage0.com";
break;
case 1:
echo ("You have an access id of 1.");
//$location = "http://www.anypage1.com";
break;
case 2:
echo ("You have an access id of 2.");
//$location = "http://www.anypage2.com";
break;
case 3:
echo ("You have an access id of 3.");
//$location = "http://www.anypage3.com";
break;
case 4:
echo ("You have an access id of 4.");
//$location = "http://www.anypage4.com";
break;
case 5:
echo ("You have an access id of 5.");
//$location = "http://www.anypage5.com";
break;
}
 
Looking at the syntax, the switch statement I had theoretically should have worked. I did try your switch code RSMemphis but it also did not work. I wonder what's wrong.....
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top