File: faq.txt
Script Name: vAuthenticate 3.0.1
Author: Vincent Ryan Ong
Email: hide@address.com
Description:
vAuthenticate is a revolutionary authentication script which uses
PHP and MySQL for lightning fast processing. vAuthenticate comes
with an admin interface where webmasters and administrators can
create new user accounts, new user groups, activate/inactivate
groups or individual accounts, set user level, etc. This may be
used to protect files for member-only areas. vAuthenticate
uses a custom class to handle the bulk of insertion, updates, and
deletion of data. This class can also be used for other applications
which needs user authentication.
This script is a freeware but if you want to give donations,
please send your checks (coz cash will probably be stolen in the
post office) them to:
Vincent Ryan Ong
Rm. 440 Wellington Bldg.
655 Condesa St. Binondo, Manila
Philippines, 1006
++++++++++++++++++++++++++++++
FREQUENTLY ASKED QUESTIONS (FAQ's)
++++++++++++++++++++++++++++++
Q1. Can I add new fields to the authuser database and then just modify the auth.php
file? I wanted to add fields like email address, birthday, etc. which are user-
specific.
A1. Technically, you can. However, I extremely advise against doing this because
with auth.php being a class, it was meant not to be touched with regard to
the functions that it contain. A workaround to your concern is to create a new
table with a foreign key for authuser's uname field. This will be the link between
the 2 tables. You can then put whatever info you want on the second table.
To see a script in action which uses vAuthenticate but never modified the
authuser and authgroup tables, please see vSignup (available for download at
the vScripts area in http://www.beanbug.net)
Q2. How do I allow users to sign themselves up instead of me adding them 1 by 1?
A2. vSignup might be more appropriate for your needs. You may download it at the
vScripts area in http://www.beanbug.net.
Q3. What are levels for?
A3. Actually, aside from user level 1, which is the administrator level, this field is for
informational purposes only. However, you may use this field as the point of
authentication. Meaning, you may restrict access to a page depending on the
level of the user that has logged in (see vAuthenticate.php for case in point).
If you don't use levels for such a function, it won't have any impact at all.
Starting on version 3.0, there will be a sample page for implementing
authentication on a per-level basis. The file can be found under the members
folder with a filename of bylevel.php. You may check out the code if you want
to know more about it.
Q4. What are groups for?
A4. Just like levels, you may use teams/groups as your authentication point. For example,
in vAuthenticate.php, instead of making an if-else statement for the level, we
may look at the team/group to asses if the user is allowed to view the secured
page. Starting on version 3.0, there will be a sample page for implementing
authentication on a per-level basis. The file can be found under the members
folder with a filename of bylevel.php. You may check out the code if you want
to know more about it.
Q5. What does an "inactive" status mean?
A5. An inactive status makes the specific user unable to login and view the secured areas.
Q6. How do I display the login name or other user details in the secured pages?
A6. If you want to display the username, all you have to do is display $USERNAME via an
"echo" or a "print" statement. However, if you want to display other details such
as team, level, or status of the user, you would have to display it like:
echo $check['FIELD'];
or
print $check['FIELD'];
where FIELD is either team, level, or status.
You would also be using this method if you plan on making if-else statements
based on the values that any of these field hold.
Q7. I get this error message when I try to login:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /some/path/public_html/folder/folder/auth.php on line 54
A7. In PHP, getting an error similar this either means:
* You have spelled your database name wrong
* You have spelled your username wrong
Take note that PHP is case sensitive. UserName is not the same with USERname.
Going back to vAuthenticate, re-check your authconfig.php and auth.php and see
if you have spelled those correctly.
Q8. Im testing vauthenticate, and the only thing I can get out of it, is:
Notice: Undefined variable: username in D:\WWW\auth\vAuthenticate.php on line 43
Notice: Undefined variable: password in D:\WWW\auth\vAuthenticate.php on line 43
A8. This is basically resolved by making sure that you have register_globals set to "On" in your
PHP.ini file (If you are making use of a web host and does not have direct access to
the PHP modules and PHP.ini file, ask your Web Host to turn this feature on).
* NOTE: Starting on version 3.0, vAuthenticate will work even with register_globals
turned off.
Q9. How do I create a backup of my data?
A9. If you have phpMyAdmin in your website, you can create a dump for your data. This will
show you the SQL statements that can be executed to restore the data. For more
information on this, please consult your phpMyAdmin users manual.
Q10. Why are there 2 administrator accounts instead of just 1 (only sa)?
A10. This is for backup purposes. Just in case you forgot the sa password, there's another
user who has administrative rights assuming that you did not create new admin
accounts.
Q11. Can I delete the sa and admin accounts?
A11. No. Both cannot be deleted.
Q12. Can I delete the test account?
A12. No. Actually, there's no logical explanation for this but it wouldn't hurt if it just sits
there.
Q13. Does vAuthenticate work for sites using an IP address instead of a domain name?
A13. Starting on version 3.0, sites using an IP address would be able to use vAuthenticate.
Q14. Does vAuthenticate provide data encryption?
A14. No. However, starting on version 3, the password field is now encrypted to provide
a more secure authenticating medium.
Q15. Why is the password field left blank after selecting a username from the list found
on the right portion of the page in authuser.php?
A15. Since the password field from the DB is encrypted, auth.php was modified to recognize
that if you leave the password empty upon pressing the Modify button, it won't
change the existing password for the user. However, if you put some value into
the said field, auth.php would set it to that value.
Q16. How can I protect a page that is outside the directory where vAuthenticate.php is
stored? For example:
DOMAIN: http://www.mysite.com
vAuthenticate INSTALLATION: http://www.mysite.com/vAuth
MEMBERS' DIRECTORY: http://www.mysite.com/members
vAuthenticate ADMINISTRATION: http://www.mysite.com/vAuth/admin
A16. Basically, this is how vAuthenticate's security works. We set the user session after
the user clicks on the button to login. This will call vAuthenticate.php which
stores the username and password in 2 cookie variables which will be used
throughout the site. As with cookies, you can only use its value wherever
you set it and all the subdirectories under the directory where you've set it.
Referring to your example, you won't be able to secure your members' directory
since it is outside the directory where you are setting the cookies
(http://www.mysite.com/vAuth).
To get around this, we need to do 3 things:
1. Move/Copy vAuthenticate.php from http://www.mysite.com/vAuth to the root
directory which is http://www.mysite.com. With this, we can be sure
that our cookies are set in the root directory.
2. Modifiy authconfig.php's $resultpage variable to accommodate the new
path to the file. This should be relative to the login file. If you are going
to use the login.php file provided with the vAuthenticate package, you'd
have to set $resultpage to something like "../vAuthenticate.php"
3. Modify vAuthenticate.php to accommodate the path to auth.php and
authconfig.php. If we're going to use the example above, instead of
having these lines on line 41 and 42:
include_once ("auth.php");
include_once ("authconfig.php");
You need to change this into:
include_once ("vAuth/auth.php");
include_once ("vAuth/authconfig.php");
* NOTE: Remember that all values on A16 are all based on an example. You have to
change this according to your setup.
Q17. After changing the password in the members' area, why am I booted out of my session?
A17. This happens to anyone (including admins) who tries to modify their password while
they are logged in. This is because as far as the cookies are concerned, they
contain the username and password combination you used when you logged in.
After changing your password, the system updates the authuser database which
would make your current session username and password not match with the ones
in the database. You would have to login again after changing your password.
Q18. I pulled up the login screen and attempted to login but it gives me a "Page not Found"
error with the url of http://www.somedomain.com/<?%20print%20$resultpage%20?>.
A18. This is because the page where you have the login portion has a .html extension in its filename
instead of .php (or .php3 or .phtml).
Q19. I installed vAuthenticate and executed createdb.sql successfully. However, when I try to login,
I get an error stating that the username and password I entered does not match or that I
entered the wrong password.
A19. The first thing you need to check is of course, that you're entering the correct username and
password combination. These are case sensitive so "access" is not the same as "Access".
After this, you need to go to your DB Manager (phpMyAdmin, for example) and make sure that
ALL columns in your authuser table is in small caps. There are instances where the level and
status fields become "LEVEL" and "STATUS" respectively (automatically done by MySQL). If
any columns (NOT the actual table valeus, mind you) are in capital letters, rename them
to have all small caps.
Q20. I have some questions that are not listed here. Where can I contact you for support?
A20. For support on vAuthenticate, you may send your inquiries to hide@address.com
----------------------------------------
Last Modified: September 19, 2003