<?php
$dbhost='localhost';
$dbuser='root';
$dbpass=789456;
$dbname='codigos';
$db = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Couldn't connect to the database.");
mysqli_select_db($db,$dbname) or die("Couldn't select the database");
//--------------- AUTHENTICATION MODULE --------------------------
function displayLogin() {
header("WWW-Authenticate: Basic realm=\"Ambiorix\"");
header("HTTP/1.0 401 Unauthorized");
echo "<h2>Authentication Failure</h2>";
echo "The username and password provided did not work. Please reload this page and try again.";
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users from inserting bogus data.
$PHP_AUTH_USER = addslashes($_SERVER['PHP_AUTH_USER']);
//$PHP_AUTH_PW = md5($PHP_AUTH_PW);
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
// Check username and password against the database.
$query="SELECT count(user_id) as valid FROM codeusers WHERE password='$PHP_AUTH_PW' AND user='$PHP_AUTH_USER' ";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_assoc($result)) {
if($row[valid]<1) {
displayLogin();
}
}
}
?>
CREATE TABLE `codeusers` (
`user_id` int(10) NOT NULL,
`user` char(10) NOT NULL,
`password` char(10) NOT NULL,
`date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
No hay comentarios:
Publicar un comentario