authorization

serena1992 · January 2, 2014, 6:36pm

{ // check user is authorized…
// expects Base64 encoded version of ‘jdoe:password’
$headers = apache_request_headers();
{ // checking that Authorization data has been supplied
if (empty($headers[‘Authorization’])) { // no credentials
$info->status = ‘failure’;
$info->error->code = 47;
$info->error->text = ‘Basic HTTP authentication required’;
$this->response($info, 401);
}
}
{ // checking to see if the Authorization string is valid
$this->load->database();
$sql = ‘SELECT COUNT(id) AS records FROM users ‘;
$sql .= ‘WHERE basic_http_auth = "’.$headers[‘Authorization’].’";’;
//$this->response($sql, 200);
$query = $this->db->query($sql);
$data = $query->row();
if ($data->records == “0”) {
$info->status = ‘failure’;
$info->error->code = 48;
$info->error->text = ‘Invalid credentials supplied’;
$this->response($info, 401);
}

My lecturer is using this to authorize users to post reviews or delete them
I need to build something similar but i have no idea how his one works.

Looking online this is done in so many different ways

what would i need to do to have this working for my user data base where the fields/colums are also

id(which is autoincremented),username,password,email.

JimL · January 2, 2014, 8:04pm

I would suggest that you get something together / try something. If you are completely stuck you should break this up into smaller tasks, try to solve them and if you have trouble then ask more spesific questions than “I have no idea how this works”. Not trying to come off as harsh, just want you to have to do some problem solving as that’s what much of the coding stuff is about.

serena1992 · January 2, 2014, 10:28pm

$sql = ‘SELECT COUNT(id) AS records FROM users ‘;
$sql .= ‘WHERE basic_http_auth = "’.$headers[‘Authorization’].’";’;

its this bit the most as im not sure where he is getting the basic_http_auth from? or would it be a field in his users table as a token for that user?

JimL · January 2, 2014, 10:54pm

Yes it seems like there’s a stored authentication hash or something in the users table

serena1992 · January 2, 2014, 11:40pm

if ($data->records == “0”) {
$info->status = ‘failure’;
$info->error->code = 48;
$info->error->text = ‘Invalid credentials supplied’;
$this->response($info, 401);

will this piece of code stop a user from submitting a book? if the records dont match.
i know it returns an error but which bit of the code actually prohibits the user from continuing

astonecipher · January 3, 2014, 1:15am

Roll through the code…

$data = $query->row(); if ($data->records == "0") {

So $data is holding the number of matches from the sql query.

If $data->records (does equal) 0

how many matches were found in the database?

serena1992 · January 3, 2014, 2:05am

i understand that means that if no matches are found give out an error but
if there was a match found do i have to do if match found do this or will it just roll on to the next bit of code automatically

astonecipher · January 3, 2014, 2:07am

It keeps going unless there is something like an exit method call.

serena1992 · January 3, 2014, 2:40am

$info->status = 'failure';

does this stop the rest of the function being called or does it just set the status to failure?