Page 1 of 1

how to authenticate users?

Posted: Fri Jan 08, 2016 7:03 pm
by step5086
I want users to login to my zend server for IBM i. Then limit access to web pages to authenticated users. How to do this in PHP?

thanks,

Re: how to authenticate users?

Posted: Mon Jan 11, 2016 3:56 pm
by scottgcampbell
There are a lot of different ways to do this:

Use QSYGETPH to validate username/password against a user profile (I use a stored procedure that calls RPG to do this) then store something in the session to indicate the user is logged in and check that session variable on each page.

Use Basic authentication https://support.zend.com/hc/en-us/artic ... entication - I've never used this but I have seen areas where it is used.

Create a table that stores username and enctypted password and validate against this, then store something in the session to indicate the user is logged in and check that session variable on each page.

Scott

Re: how to authenticate users?

Posted: Tue Jan 12, 2016 2:07 am
by step5086
thanks Scott.

I used the basic authentication described in your link. To verify that the user has entered a valid as400 user name and password I call db2_connect with the user name and password.

<?php

// ----------------------- AuthenticateUserProfile -----------------
function AuthenticateUserProfile( )
{
$userName = $_SERVER['PHP_AUTH_USER'] ;
$password = $_SERVER['PHP_AUTH_PW'] ;
$loggedIn = TRUE ;

// check that user and password are entered.
if (( $userName == NULL ) || ( $password == NULL ))
{
$loggedIn = FALSE ;
}
// prompt for user login.
if ($loggedIn == FALSE)
{
header('WWW-Authenticate: Basic realm="abc"');
header('HTTP/1.0 401 Unauthorized');
exit ;
}

// connect to the ibm i database using the user name and password.
$conn = db2_connect("*LOCAL",$userName,$password);
if (!$conn)
{
header('WWW-Authenticate: Basic realm="abc"');
header('HTTP/1.0 401 Unauthorized');
exit ;
}
}

// -------------------------- main ------------------------------
AuthenticateUserProfile( ) ;

$userName = $_SERVER['PHP_AUTH_USER'] ;
echo "logged in as user: " . $userName ;

?>