Simply execute a selection query
against the logins table, using the entered username and password as criteria for the
query. Of course, such a solution is not dependent upon specific use of a MySQL
database; any relational database could be used in its place.
IP-based Authentication
Sometimes you need an even greater level of access restriction to ensure the validity
of the user. Of course, a username/password combination is not foolproof; this information
can be given to someone else, or stolen from a user. It could also be guessed through
deduction or brute force, particularly if the user chooses a poor login combination, which
is still quite common. To combat this, one effective way to further enforce authentication
validity is to require not only a valid username/password login pair, but also a specific IP
address. To do so, you only need to slightly modify the userauth table used in the
previous section, and modify the query used in Listing 14-6. The revised table is displayed
in Listing 14-7.
Listing 14-7. The logins Table Revisited
CREATE TABLE logins (
id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT,
pswd VARCHAR(32) NOT NULL,
ip VARCHAR(15) NOT NULL,
PRIMARY KEY(id));
376 CHAPTER 14 ?– AUTHENTICATING YOUR USERS
The code for validating both the username/password and IP address is displayed
in Listing 14-8.
Listing 14-8. Authenticating Using a Login Pair and an IP Address
function authenticate_user() {
header('WWW-Authenticate: Basic realm="Secret Stash"');
header("HTTP/1.
Pages:
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453