how to authenticate users?

General discussion on Zend Server for IBM System i
Post Reply
step5086
Posts: 7
Joined: Tue Dec 01, 2015 4:03 pm

how to authenticate users?

Post by step5086 » Fri Jan 08, 2016 7:03 pm

I want users to login to my zend server for IBM i. Then limit access to web pages to authenticated users. How to do this in PHP?

thanks,

scottgcampbell
Posts: 187
Joined: Wed Apr 22, 2009 2:29 pm
Location: Edmonton, AB, Canada

Re: how to authenticate users?

Post by scottgcampbell » Mon Jan 11, 2016 3:56 pm

There are a lot of different ways to do this:

Use QSYGETPH to validate username/password against a user profile (I use a stored procedure that calls RPG to do this) then store something in the session to indicate the user is logged in and check that session variable on each page.

Use Basic authentication https://support.zend.com/hc/en-us/artic ... entication - I've never used this but I have seen areas where it is used.

Create a table that stores username and enctypted password and validate against this, then store something in the session to indicate the user is logged in and check that session variable on each page.

Scott

step5086
Posts: 7
Joined: Tue Dec 01, 2015 4:03 pm

Re: how to authenticate users?

Post by step5086 » Tue Jan 12, 2016 2:07 am

thanks Scott.

I used the basic authentication described in your link. To verify that the user has entered a valid as400 user name and password I call db2_connect with the user name and password.

<?php

// ----------------------- AuthenticateUserProfile -----------------
function AuthenticateUserProfile( )
{
$userName = $_SERVER['PHP_AUTH_USER'] ;
$password = $_SERVER['PHP_AUTH_PW'] ;
$loggedIn = TRUE ;

// check that user and password are entered.
if (( $userName == NULL ) || ( $password == NULL ))
{
$loggedIn = FALSE ;
}
// prompt for user login.
if ($loggedIn == FALSE)
{
header('WWW-Authenticate: Basic realm="abc"');
header('HTTP/1.0 401 Unauthorized');
exit ;
}

// connect to the ibm i database using the user name and password.
$conn = db2_connect("*LOCAL",$userName,$password);
if (!$conn)
{
header('WWW-Authenticate: Basic realm="abc"');
header('HTTP/1.0 401 Unauthorized');
exit ;
}
}

// -------------------------- main ------------------------------
AuthenticateUserProfile( ) ;

$userName = $_SERVER['PHP_AUTH_USER'] ;
echo "logged in as user: " . $userName ;

?>

Post Reply