User Authentication question

Discussion in 'Web Design and Development' started by CavemanUK, Jan 24, 2013.

  1. macrumors 6502

    CavemanUK

    #1
    Hi guys,

    For a few years I've been playing around with a php driven website that manages the customers in our small business. Its very low usage and more of a fun project than anything... recently ive been looking at making it more mobile and more html5/css3 specific etc.

    Anyway, I was thinking about the user authentication. Currently there are 3 users that are stored in a mysql database and validated in the obvious way.

    I wanted to improve the security and stability of this side of things and was wondering if this is something i can use something like facebook or openid for? basically i want to allow the same 3 users access but nobody else. it seems like facebooks authentication would certainly ensure its the right person logging in.

    does this make any kind of sense or is there a better way?
     
  2. macrumors 68000

    SrWebDeveloper

    #2
    Yep.

    Visit this page, download, install and load the class as instructed:

    http://dan.cx/blog/2010/09/integrating-facebook-logins-into-your-php-website-easily

    This method is excellent because you can force Facebook authentication by including this in any PHP page, it's secure and uses the FB API, and the added bonus of optionally getting user's info after login to customize the PHP page.

    Looking at the example code, to limit to 3 specific users try something like (untested, to show concept only after class is loaded which is not shown below, edit for your needs):

    PHP:
    $facebook = new FacebookLogin('100929283281389''8*******************************1');
    $user $facebook->doLogin();
    echo 
    'User\'s URL: '$user->link'<br />';
    echo 
    'User\'s name: '$user->name'<br />';
    echo 
    'Full details:<br /><pre>'print_r($usertrue), '</ pre>';

    // Set an array with 3 FB user names you permit
    $allowedNames=array("joe","john","nancy");

    // Authenticate them - remember in_array() is case sensitive
    if (in_array($user->name,$allowedNames)) {

    // Rest of page displays here - user is authorized so they can view it

    } else {

    // User is not permitted
    echo "Sorry, $user->name, you are not permitted access to this page.";

    }
     

Share This Page