2009
12.11
12.11
Here is a bit of code which uses Google credentials to authenticate a user. The idea is to use PHP sessions support and existing Google accounts for user management and don’t store any additional passwords.
You need PHP Zend Framework for this.
First let’s create a auth page which will be used to authenticate and de-authethicate user.
<?php
// Destroy session if user logs out
if ($_GET['action'] == "logout")
{
// Open the session first
session_start();
// Remove all the variables in the session
session_unset();
// Destroy the session
session_destroy();
// Redirect to login page
header('Location: auth.php');
}
else
{
// Open sesion
session_start();
// Load credentials
$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : null;
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;
$captchaToken = isset($_REQUEST['captchatoken']) ? $_REQUEST['captchatoken'] : null;
$captchaText = isset($_REQUEST['captchatext']) ? $_REQUEST['captchatext'] : null;
// Log in
if ($email && $password)
{
require_once 'Zend/Loader.php';
Zend_Loader::registerAutoload();
try
{
$client = Zend_Gdata_ClientLogin::getHttpClient($email, $password, 'xapi', null, 'Zend-ZendFramework', $captchaToken, $captchaText);
$_SESSION['email'] = $email;
}
catch (Zend_Gdata_App_CaptchaRequiredException $e)
{
$captchaToken = $e->getCaptchaToken();
$captchaUrl = $e->getCaptchaUrl();
}
catch (Zend_Gdata_App_AuthException $e)
{
$error = $e->getMessage();
}
}
// If login successful redirect to profile
if (isset($_SESSION['email']))
{
header('Location: profile.php');
exit;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login with google credentials</h1>
<?php if (isset($error)): ?>
<p><?php echo htmlspecialchars($error); ?></p>
<?php endif; ?>
<form method="post">
<p><label for="email">Email:</label> <input id="email" name="email" type="text" value="<?php echo htmlspecialchars($email); ?>"></p>
<p><label for="password">Password:</label> <input id="password" name="password" type="password"></p>
<?php if (isset($captchaUrl)): ?>
<div><input type="hidden" name="captchatoken" value="<?php echo htmlspecialchars($captchaToken); ?>"></div>
<p><img src="<?php echo htmlspecialchars($captchaUrl); ?>" alt=""></p>
<p><label for="captchatext">Text:</label> <input id="captchatext" name="captchatext" type="text"></p>
<?php endif; ?>
<p><button type="submit">Login</button></p>
</form>
</body>
</html>
// Destroy session if user logs out
if ($_GET['action'] == "logout")
{
// Open the session first
session_start();
// Remove all the variables in the session
session_unset();
// Destroy the session
session_destroy();
// Redirect to login page
header('Location: auth.php');
}
else
{
// Open sesion
session_start();
// Load credentials
$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : null;
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;
$captchaToken = isset($_REQUEST['captchatoken']) ? $_REQUEST['captchatoken'] : null;
$captchaText = isset($_REQUEST['captchatext']) ? $_REQUEST['captchatext'] : null;
// Log in
if ($email && $password)
{
require_once 'Zend/Loader.php';
Zend_Loader::registerAutoload();
try
{
$client = Zend_Gdata_ClientLogin::getHttpClient($email, $password, 'xapi', null, 'Zend-ZendFramework', $captchaToken, $captchaText);
$_SESSION['email'] = $email;
}
catch (Zend_Gdata_App_CaptchaRequiredException $e)
{
$captchaToken = $e->getCaptchaToken();
$captchaUrl = $e->getCaptchaUrl();
}
catch (Zend_Gdata_App_AuthException $e)
{
$error = $e->getMessage();
}
}
// If login successful redirect to profile
if (isset($_SESSION['email']))
{
header('Location: profile.php');
exit;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login with google credentials</h1>
<?php if (isset($error)): ?>
<p><?php echo htmlspecialchars($error); ?></p>
<?php endif; ?>
<form method="post">
<p><label for="email">Email:</label> <input id="email" name="email" type="text" value="<?php echo htmlspecialchars($email); ?>"></p>
<p><label for="password">Password:</label> <input id="password" name="password" type="password"></p>
<?php if (isset($captchaUrl)): ?>
<div><input type="hidden" name="captchatoken" value="<?php echo htmlspecialchars($captchaToken); ?>"></div>
<p><img src="<?php echo htmlspecialchars($captchaUrl); ?>" alt=""></p>
<p><label for="captchatext">Text:</label> <input id="captchatext" name="captchatext" type="text"></p>
<?php endif; ?>
<p><button type="submit">Login</button></p>
</form>
</body>
</html>
Call this file auth.php. When user opens it in a browser it will be asked for his Google email and password or redirected to profile.php page if he is already logged in.
Here is profile.php code:
<?
// Start session
session_start();
// If user loged in
if (isset($_SESSION['email']))
{
echo "You are logged in with email: ";
echo $_SESSION['email'];
echo "</br><a href=\"auth.php?action=logout\">Click here to log out</a>";
}
else
{
// Redirect to log in page
header('Location: auth.php');
}
?>
// Start session
session_start();
// If user loged in
if (isset($_SESSION['email']))
{
echo "You are logged in with email: ";
echo $_SESSION['email'];
echo "</br><a href=\"auth.php?action=logout\">Click here to log out</a>";
}
else
{
// Redirect to log in page
header('Location: auth.php');
}
?>
Now when user clicks Click here to log out he will go to logout action in auth.php and session will be destroyed. That’s all you need for a simple login mechanism using Google credentials.
No Comment.
Add Your Comment