Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

CavemanUK

macrumors 6502
Original poster
Jun 29, 2006
449
61
Rhyl, North Wales
Hi guys,

For a few years I've been playing around with a php driven website that manages the customers in our small business. Its very low usage and more of a fun project than anything... recently ive been looking at making it more mobile and more html5/css3 specific etc.

Anyway, I was thinking about the user authentication. Currently there are 3 users that are stored in a mysql database and validated in the obvious way.

I wanted to improve the security and stability of this side of things and was wondering if this is something i can use something like facebook or openid for? basically i want to allow the same 3 users access but nobody else. it seems like facebooks authentication would certainly ensure its the right person logging in.

does this make any kind of sense or is there a better way?
 

SrWebDeveloper

macrumors 68000
Dec 7, 2007
1,871
3
Alexandria, VA, USA
Hi guys,

I was wondering if this is something i can use something like facebook or openid for? basically i want to allow the same 3 users access but nobody else. it seems like facebooks authentication would certainly ensure its the right person logging in.

Yep.

Visit this page, download, install and load the class as instructed:

http://dan.cx/blog/2010/09/integrating-facebook-logins-into-your-php-website-easily

This method is excellent because you can force Facebook authentication by including this in any PHP page, it's secure and uses the FB API, and the added bonus of optionally getting user's info after login to customize the PHP page.

Looking at the example code, to limit to 3 specific users try something like (untested, to show concept only after class is loaded which is not shown below, edit for your needs):

PHP:
$facebook = new FacebookLogin('100929283281389', '8*******************************1');
$user = $facebook->doLogin();
echo 'User\'s URL: ', $user->link, '<br />';
echo 'User\'s name: ', $user->name, '<br />';
echo 'Full details:<br /><pre>', print_r($user, true), '</ pre>';

// Set an array with 3 FB user names you permit
$allowedNames=array("joe","john","nancy");

// Authenticate them - remember in_array() is case sensitive
if (in_array($user->name,$allowedNames)) {

// Rest of page displays here - user is authorized so they can view it

} else {

// User is not permitted
echo "Sorry, $user->name, you are not permitted access to this page.";

}
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.