Authenticating with an existing Drupal database

[AndyBelleba]

I searched through the forum and couldn't find any information directly to what I need. If a thread has already been posted, please feel free to link and close the thread.

I'm new to PHP/MySQL as most people are who probably visit are. I'm willing to get my hands dirty and learn, but I'm running into a few problems along the way of doing what I need to do with your script.

Here is what I'm trying to accomplish (if it matters at all).

I'm running a Drupal (CMS) website where I have public blogs in the search engines. Their are links on these blogs that point to large files. I want to prevent Guests from downloading these links. My first thoughts were to simply use the mod_auth_mysql Apache mod. This would make it simple for me to complete this task with a few lines in the .htaccess. My host wouldn't enable it for me. Shared Hosting sucks..

Anyways, I got a hold of your script and I love all the comments. I have a general idea how it all works but I'm hitting some walls while trying to accomplish something so little.

I'm trying to modify your script to authenticate from my Drupal database. Seems easy enough right? Here are a few details and one of things way I tried to do this with failure.

I don't think I have a problem connecting to the database. This seemed simple enough editing config.php
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Code:

  You should change these values to reflect your own database details:
*/
$dbhost="localhost";
$dbuser="abelleba_drupal_user";
$dbpass="1234512345";
$dbname="abelleba_drupal";

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

My next step was to find where the MySQL query is and change it so it looks for the correct table, and field names. This is where I'm failing I think.

I edit functions.php in this part:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Code:

/******************************************************\
 * Function Name : checkPass($login, $password)
 *
 * Task : check login/passwd match that stored in db
 *
 * Arguments : string($login, $password);
 *
 * Returns : array $row  - array of member details on success
 *                              false on failure
 \******************************************************/
function checkPass($login, $password) {
        /*
        Password checking function:
        This is a simple function that takes the $login name and
        $password that a user submits in a form and checks that a
        row exists in the database where:

        the value of the 'login' column is the same as the value in $login
        and
        the value of the 'password' column is the same as the value in $password

        If exactly one row is returned, then that row of data is returned.
        If no row is found, the function returns 'false'.
        */
        global $link;

        $query="SELECT name, pass FROM users WHERE login='$login' and password='$password'";
        $result=mysql_query($query, $link)
                or die("checkPass fatal error: ".mysql_error());

        // Check exactly one row is found:
        if(mysql_num_rows($result)==1) {
                $row=mysql_fetch_array($result);
                return $row;
        }
        //Bad Login:
        return false;
} // end func checkPass($login, $password)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

*NOTE*
        $query="SELECT name, pass FROM users WHERE login='$login' and password='$password'";

This looks like the only line I would have to change to complete my objective. In my database the table name is 'users' the username field is 'name' the password field name is 'pass'.

What else do I need to change or adjust to get this script to authenticate from my existing database with different fields but the same table names?

Regards,

[AndyBelleba]

Well, it seems I got it to work using MD5 in the query. Now my only problem is getting it to work with usernames that contains spaces. I.E. "Computer Question Help" as the username. I'll update the thread if I can fix it or not.

Changes: functions.php

Code:

$query="SELECT name, pass FROM users WHERE login='$login' and password='$password'";

Changed to:

Code:

$query="SELECT name, pass FROM users WHERE name='$login' and pass='". md5($password) ."'";

Regards,

[AndyBelleba]

Figured out the last problem by changing line 51/159 in login.php to:

Code:

field_validator("login name", $_POST["login"], "alphanumeric_space", 4, 50);

Guess I'm all set. Can leave this thread for the search engine.

Full details on the modifications done to allow the script to work with a existing database can be downloaded, along with a set of modification instructions can be found at the links listed below this thread.

It's basically almost identical to Jez's script but some information has been removed and modified such as 'join.php'. This file has been totally removed along with a few other things that wouldn't be necessary for a script like this. If your looking to do both, I may suggest downloading Jez's original version, and follow the modifications I made being you cannot create new usersname's or passwords with my modified version.

AuthExistDb 1.0 Script Does not allow new Users/Passwords to be inserted, but uses a existing table instead.
SimpleAuth 1.3 Script Allows new users/passwords to be inserted.

Regards,

[munk]

Wow that's impressive!  Wish all posts were like that!

Sounds like you have it all sorted out and have a good grasp of it, you probably know more than me anyway, I've been away from PHP for a while now so it's a little hazy hehe.

Good luck and thanks for the kind comments.