On Mon, 2004-11-01 at 16:26, Brad Dameron wrote:
> On Mon, 2004-11-01 at 15:17, Jason Davis wrote:
> > sc.php
> > <?php
> > setCookie('data' , 'blah');
> > include 'gc.php';
> > ?>
> >
> > gc.php
> > <?php
> > print $_COOKIE['data'] . " <-here";
> > ?>
> >
> >
> > this is the out put of running sc.php
> >
> > <-here
> >
> >
> > why is this , i want to set a cookie ... then have a include do
> > something
> > with it ... is this not possible to do during the same http transaction?
> >
> > thanks
>
> Your setcookie line is wrong. You have a uppercase C. Which it will
> think it is a different function.
>
> Also with your login page instead of sending them to another page to
> check auth send them to the same page. Here is a example:
>
> if (isset($_GET['user']) && $_GET['type'] == "submit") {
> $user = trim($_POST['user']);
> $pass = trim($_POST['pass']);
> if ( "1" == $autherror=authenticateUser($user, $pass)){
> $_SESSION['app_user'] = $user;
> $_SESSION['app_pass'] = $pass;
> error_log ("DNS_LOGIN: $user logged in from ip: $ip.", 0);
> header("Location: tiny_edit_login.inc.php");
> exit;
> } else {
> error_log ("$user failed on " . date("m-d-Y H:i:s") . " with
> password of '$pass' from ip: $ip", 0);
> }
> }
>
>
>
> I return back a 1 if auth successful or a 0 if not. I prefer to use
> session's with cookies over cookies directly.
>
> Brad
>
i like this idea , how then do you go about making sure users are authed
on pages other than the login page?
here is my plan ...
use this object for auth
<?php
$seed_phrase = 'my_wife_Would_love_it_no_really';
$use_mysql = '0'; // set to one and fill in $mysql_vars else set to 0
and file in $passwdFile var rel or full path
$mysql_ip = '1.1.1.1';
$mysql_user = 'nub';
$mysql_pass = 'nubpasswd';
$mysql_db = 'testdb';
$mysql_passwd_key = 'username';
$mysql_passwd_field = 'password';
$mysql_table = 'users';
$passwdFile = '/var/www/web_editor/.htAuthTool';
class AuthTool{
function checkAuth(){
if(empty($_COOKIE['data'])){
return 0;
}
else{
$data = $_COOKIE['data'];
list($username,$hash) = split(",", $data);
$phrase1 = md5($username . $seed_phrase . $_SERVER['REMOTE_ADDR']);
if(!strcmp($phrase1 , $hash)){
return $username;
}
else{
return 0;
}
}
} // close checkAuth
function cookiePut($user){
$phrase = md5($user . $seed_phrase . $_SERVER['REMOTE_ADDR']);
$authData = $user . "," . $phrase;
setCookie('data' , $authData);
}//close cookiePut
function auth($user,$pass){
$pass = md5($pass);
if($use_mysql){
$query = "select $mysql_passwd_field from $mysql_table where
$mysql_passwd_key = '$user'";
$result = $this->sqlQuery($query);
if(!$result){
echo "Error:No sql result";
}
else{
list($thePass) = mysql_fetch_array($result); //this line might not
work , test with mysql later
if(!strcmp($thePass , $pass)){
$this->cookiePut($user);
return $user;
}
}
return 0;
}
else{
global $passwdFile;
if($passwd_file = file($passwdFile)){
foreach($passwd_file as $line){
list($username,$passwd,$groups) = split(":" , $line);
if(!strcmp($username , $user)){
if(!strcmp(rtrim($pass) ,rtrim($passwd))){
$this->cookiePut($user);
return $user;
}
}
}
}
else{
return "Error:No passwd file.";
}
return 0;
}
}//close auth
function sqlQuery($theQuery){
$db = mysql_connect($mysql_ip,$mysql_user,$mysql_pass) or die("Could
not connect to database");
mysql_select_db($mysql_db) or die("Could not select database");
$result = mysql_query($theQuery) or die("query failed");
return $result;
} // close sqlQuery
}// close class
?>
and put this at the top of each page ...
include 'inc/AuthTool.class.php';
if(!AuthTool::checkAuth()){
//send to login
//exit
}
any feedback? :)
ty,
jd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
