Using an External Authentication Source

The BasicAuthenticator class can maintain a list of usernames and passwords internally for authentication, but often that information is already stored elsewhere - in a database for example. The BasicAuthenticator has been designed to allow it to be easily extended to access such external data sources.

To validate against a source of data other than the built in list (such as a database), you simply need to extend the BasicAuthenticator class and override the validate method.

The validate method takes two parameters, a username and a password and it should return 1 if access is to be allowed, or 0 if access it to be denied.

Here is an example which uses a mySQL database to authenticate against. It assumes that the database contains a table called user with two columns - user_name and user_password.

class MySQLAuthenticator extends BasicAuthenticator
{
    function validate($user, $passwd)
    {
        $conn = mysql_connect("localhost", "db_user", 
                  "db_password");
        mysql_select_db("db_name", $conn);
        $query = "select user_name from user " .
            . "where user_name = '" . $user 
            . "' and user_password = '" . $passwd . "')";          
        $res = mysql_query($query, $conn);
        if ($res)
        {
            $a = mysql_fetch_row($res);
            if ($a)
            {
                return 1;
            }
        } 
        return 0;
   }
}

Simple Access Control
Using an External Authentication Source

Back to main Basic Authenticator page