Using an External Authentication Source

The BasicAuthenticator class can maintain a list of usernames and passwords internally for authentication, but often that information is already stored elsewhere - in a database for example. The BasicAuthenticator has been designed to allow it to be easily extended to access such external data sources.

To validate against a source of data other than the built in list (such as a database), you simply need to extend the BasicAuthenticator class and override the validate method.

The validate method takes two parameters, a username and a password and it should return 1 if access is to be allowed, or 0 if access it to be denied.

Here is an example which uses a mySQL database to authenticate against. It assumes that the database contains a table called user with two columns - user_name and user_password.

class MySQLAuthenticator extends BasicAuthenticator { function validate($user, $passwd) { $conn = mysql_connect("localhost", "db_user", "db_password"); mysql_select_db("db_name", $conn); $query = "select user_name from user " . . "where user_name = '" . $user . "' and user_password = '" . $passwd . "')"; $res = mysql_query($query, $conn); if ($res) { $a = mysql_fetch_row($res); if ($a) { return 1; } } return 0; } }

Back to main Basic Authenticator page