Re: Log-in script help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe Harman wrote:

Hey Andrew...

IN MY OPINION... forget the cookies... only use php sessions... but
like I said IMO.... you can never rely on the end user having them
cookies enabled... same with things like javascript...

let me outline some steps for you... everyone else... feel free to
state pros and cons to theses.. cause i always make mistakes, or
forget things :o)

1. get the user's access info... ie username & password

2. look for the user in the database that stores the access infro

3. if access is granted, I usually set 2 session variables
     a. $_SESSION['auth'] = TRUE      // They are authorized
     b. $_SESSION['user_id'] = {who}  // Who is it
     a. $_SESSION['user_level'] = {level} // What level access do
they have (optional)

4. at the beginning of each restricted access page, verify that they
are authorized to access that page... if they are not redirect them to
a access denied page.


that should get you started... maybe the second step would be to make this stuff into functions... ... also, IMO.. it's a good idea to make a logout script that will distroy that user's active session...

my turn for an IMO :) - my preference is to have a check on the function that writes the $_SESSION vars or the cookie (I generally use encrypted cookies which are in turn restricted to certain areas of the site). This check is on the referer - if it's not from a foreign URL, then write them new as if the user is non auth. This stops people on public machines from hitting a back button and being authenticated as the previous user.
Tom


not
sure what your PHP experience is... but hopefully the above steps will
help you out some..

Cheers!
Joe





On 25 Jan 2005 17:35:08 -0600, Bret Hughes <bhughes@xxxxxxxxxxxxx> wrote:


On Tue, 2005-01-25 at 16:45, AceZero2790@xxxxxxx wrote:


Hey,
      I need a particular type log in script. I'm not sure how to do it or
where I could find a tutorial that would help me, so I'll describe what I need
and then maybe someone could tell me what kind of script I need (sessions or
whatever) and where I could get the script/learn how to make it.
      I need a pretty basic log in script. Something that people log in to,
and the page and all linked/related pages cannot be accessed unless the person
has logged in.
      So what do I need for this? Cookies, sessions both? And where can I
learn how?

-Andrew


I use the pear auth package and like it alot.  I know I did some
modification for our purposes but I suspect it works out of the box.

All you do is include auth.php on all pages you want to protect and it
will direct you to a login page if you have not logged in.  Pretty cool
stuff.

http://pear.php.net/package/Auth
HTH

Bret

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php








-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux