Re: Php coding help - Newbie question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/17/07, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
Ramdas wrote:
> Hi Group,
>
> A very newbie question. Might be discussed earlier, please forgive.

Are so much of a noob that STFW is not within your capabilities?
(just thought I'd ask, given that you admit to realising the info *might*
be out there already)

>
> I am having a site in PHP ( not very great design ) which I need to
> convert/modify to use functions. Such the code for connecting /
> binding to Ldap is not repeated & scripts are more readable.
>
> The site deals with modifying / adding / deleting entries in a LDAP dir.
>
> In each of the pages following is done:
>
> <?php
>
> require 'validate.php' ;// validate.php checks if the user is loged in
>
> $connect = ldap_connect(ldapserver);
> if ($connect) {
>
> bind ...
> do the things....
>
> }else { echo erro..}
>
> ?>
>
>
> Also please advice what is a correct method of checking the user's
> session. Currenlty I use a "HTTP_SESSION_VARS" variable to store the

recommended to use the $_SESSION superglobal instead and stuff values
directly into (after having called session_start()) instead of using session_register()
et al.

> user's login & passwd . Each time the user hits the page these vars

you only need to store *whether* they are logged in - and set that value when you
actually handle a login attempt (obviously storing their username could be handy)

I don't see any reason to store the passwd and validate against ldap on
every request ... in fact I believe that storing the pwd in such a way is essentially less
secure.

> are checked with the existing values in the LDAP (this is done by
> validate.php).
>
> Please suggest me some good starting point where I can start a fresh
> with more compact/cleaner Code.

that question is about as vague as 'how long is a chinaman?'
(the answer to that question being 'yes he is')

here are some very vague ideas/functions:

an include file ...
=========== 8< =====================
<?php
function sessionCheck()
{
       if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
               /* show login page then .. */
               exit;
       }
}

function doLogin($username, $passwd)
{
       $_SESSION['loggedin'] = false;
       if (/* given $username+$passwd check outs in ldap*/)
               $_SESSION['loggedin'] = true;

       return $_SESSION['loggedin'];
}
?>

an 'init' include file
=========== 8< =====================
<?php

require 'your-include-file.php'; // see above


session_start();

if (isset($_POST['uname'], $_POST['pwd'])) {
       doLogin($_POST['uname'], $_POST['pwd']);
}

sessionCheck();

?>

any other file (other than the login 'page')
=========== 8< =====================
<?php

require 'your-init-file.php';

// we are logged in - it's magic

// do some shit

// the end, congrats go get laid :-)

?>


Thanx for the all responses.

Regards
Ram

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux