Ramdas wrote:
> Hi Group,
>
> A very newbie question. Might be discussed earlier, please forgive.
Are so much of a noob that STFW is not within your capabilities?
(just thought I'd ask, given that you admit to realising the info *might*
be out there already)
>
> I am having a site in PHP ( not very great design ) which I need to
> convert/modify to use functions. Such the code for connecting /
> binding to Ldap is not repeated & scripts are more readable.
>
> The site deals with modifying / adding / deleting entries in a LDAP dir.
>
> In each of the pages following is done:
>
> <?php
>
> require 'validate.php' ;// validate.php checks if the user is loged in
>
> $connect = ldap_connect(ldapserver);
> if ($connect) {
>
> bind ...
> do the things....
>
> }else { echo erro..}
>
> ?>
>
>
> Also please advice what is a correct method of checking the user's
> session. Currenlty I use a "HTTP_SESSION_VARS" variable to store the
recommended to use the $_SESSION superglobal instead and stuff values
directly into (after having called session_start()) instead of using session_register()
et al.
> user's login & passwd . Each time the user hits the page these vars
you only need to store *whether* they are logged in - and set that value when you
actually handle a login attempt (obviously storing their username could be handy)
I don't see any reason to store the passwd and validate against ldap on
every request ... in fact I believe that storing the pwd in such a way is essentially less
secure.
> are checked with the existing values in the LDAP (this is done by
> validate.php).
>
> Please suggest me some good starting point where I can start a fresh
> with more compact/cleaner Code.
that question is about as vague as 'how long is a chinaman?'
(the answer to that question being 'yes he is')
here are some very vague ideas/functions:
an include file ...
=========== 8< =====================
<?php
function sessionCheck()
{
if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
/* show login page then .. */
exit;
}
}
function doLogin($username, $passwd)
{
$_SESSION['loggedin'] = false;
if (/* given $username+$passwd check outs in ldap*/)
$_SESSION['loggedin'] = true;
return $_SESSION['loggedin'];
}
?>
an 'init' include file
=========== 8< =====================
<?php
require 'your-include-file.php'; // see above
session_start();
if (isset($_POST['uname'], $_POST['pwd'])) {
doLogin($_POST['uname'], $_POST['pwd']);
}
sessionCheck();
?>
any other file (other than the login 'page')
=========== 8< =====================
<?php
require 'your-init-file.php';
// we are logged in - it's magic
// do some shit
// the end, congrats go get laid :-)
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
