Examples - Authentication and Access Control
The following example shows a simple authentication / access system. This is the directory structure in use:
- prepend.php - The initialisation (include) file.
- plugins/dbspec/ - Our database specification plugins.
- site/ - The document root. ie http://www.example.com/ points to this directory.
File: prepend.php
Click on a comment to hide it. Click
here to show all comments.
/**
* File: prepend.php
* Purpose: include this file from all php pages to start Xnyo
**/
/**
* We include Xyno and create an instance (object)
**/
require_once '/path/to/xnyo/xnyo.class.php';
$xnyo = new Xnyo;
/**
* We're using the SQL authentication module (default)
**/
$xnyo->auth_type = 'sql';
/**
* Setup our database stuff
**/
$xnyo->database_type = 'mysql';
$xnyo->db_host = 'localhost';
$xnyo->db_user = 'someuser';
$xnyo->db_passwd = 'somepass';
/**
* Start Xnyo!
**/
$xnyo->start();
?>
File: plugins/dbspec/auth.php
Click on a comment to hide it. Click
here to show all comments.
/**
* File: plugins/dbspec/auth.php
* Purpose: This is the database table specification file that Xnyo will look for to describe the
* table we're checking login details against.
*
* If Xnyo can't find your own dbspec file, it will use the one that comes with Xnyo.
**/
/**
* A Database Specification plugin is a simple set of rules to translate table/database/column
names
**/
class dbspec_auth
{
/**
* The name of the database that the "auth" spec file points to
**/
var $_database = 'mydatabase';
/**
* The name of the table that the "auth" spec file points to
**/
var $_title = 'mytable';
/**
* The fields in our table. The auth plugin requires these three fields.
**/
var $username = 'username';
var $password = 'password';
var $groups = 'groups';
/**
* Field Breakdown:
*
* username: The username that they login with, obviously, this could also be an email
address/whatever.
* password: A hash of the users password for checking against. Currently we use the MD5 hash
algorithm,
* but this will be configurable in future releases. Once a password enters the
database,
* Xnyo will NEVER let it be taken out of the database, we let the SQL server check it.
* groups: A comma delimited list of the groups that this user belongs in. (eg
admin,user,moderator)
**/
/**
* So this is what our table looks like:
*
* CREATE TABLE mytable (
* username text,
* password text,
* groups text
* );
*
* Difficult eh? Without the comments a spec file only needs a minimum of 4 lines.
**/
}
?>
File: site/index.php
Click on a comment to hide it. Click
here to show all comments.
/**
* File: site/index.php
* Purpose: tell them if they're logged in, or display a login link if they are.
**/
require_once '../prepend.php';
// Set our messages
if ($access->check('required'))
{
$loginmsg = 'logged in!';
$loginout = '<a href="logout.php">Click here to logout.</a>';
} else
{
$loginmsg = 'not logged in!';
$loginout = '<a href="login.php">Click here to login.</a>';
}
// are they an admin or moderator?
if ($access->check('admin,moderator'))
{
// we can do admin specific things in here
$admin = 'You are an admin or a moderator!';
}
?>
<html>
<head>
<title>Xnyo Authentication Example</title>
</head>
<body>
<div>
You are <?=$loginmsg?> <?=$loginout?> <?=$admin?>
</div>
</body>
</html>
File: site/login.php
Click on a comment to hide it. Click
here to show all comments.
/**
* File: site/login.php
* Purpose: display login form and log them in!
**/
require_once '../prepend.php';
// are they logging in?
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
/**
* Filter our POST variables through. By default Xnyo lets nothing through (for security reasons)
* This can be disabled, of course.
**/
//special username type
$xnyo->filter_post_var('username', 'username');
// special password type
$xnyo->filter_post_var('password', 'password');
/**
* Load the authentication plugin
**/
$xnyo->load_plugin('auth');
/**
* Check if they entered the right details!
**/
if ($auth->login($_POST['username'], $_POST['password']))
{
/**
* Yep, logged in correctly! Xnyo will handle session info automatically. So we can just
* do whatever we want now.
**/
header('Location: index.php');
exit();
}
/**
* Nope they didnt login right. Get our error message
**/
$errors = array
(
XNYO_AUTH_BLANK_USERNAME => 'You need to enter your username.',
XNYO_AUTH_BLANK_PASSWORD => 'You need to enter your password.',
XNYO_AUTH_INVALID => 'Your username or password was invalid. Please try again.',
XNYO_AUTH_UNAUTHORISED => 'Your are not authorised to login to this site.', // no groups
// xnyo configuration error - no $xnyo->auth_type specified
XNYO_AUTH_NO_AUTH_TYPE => 'A server error has occured, please try again later.',
// xnyo configuration error - no matching plugin found for $xnyo->auth_type
XNYO_AUTH_NO_PLUGIN => 'A server error has occured, please try again later.'
);
/**
* Error message
**/
$errormessage = $errors[$auth->error];
}
?>
<html>
<head>
<title>Xnyo Authentication Example: Login</title>
</head>
<body>
<?php if (isset($errormessage)): ?>
<div style="color: #FF0000;">
<?=$errormessage?>
</div><br />
<?php endif; ?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
Username: <input type="text" name="username" value=""><br />
Password: <input type="password" name="password" value=""><br />
<input type="submit" name="Login">
</form>
</body>
</html>
File: site/logout.php
Click on a comment to hide it. Click
here to show all comments.
/**
* File: site/logout.php
* Purpose: Logout a user!
**/
require '../prepend.php';
/**
* This is probably one of the easiest things in Xnyo.
**/
$access->logout();
/**
* That was it! We can redirect back to the index now
**/
header('Location: index.php');
?>
Website is Copyright © Odynia.org 2000-2005 - Xnyo is released under a BSD license.
About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog