On 1/17/07, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
Ramdas wrote: > Hi Group, > > A very newbie question. Might be discussed earlier, please forgive. Are so much of a noob that STFW is not within your capabilities? (just thought I'd ask, given that you admit to realising the info *might* be out there already) > > I am having a site in PHP ( not very great design ) which I need to > convert/modify to use functions. Such the code for connecting / > binding to Ldap is not repeated & scripts are more readable. > > The site deals with modifying / adding / deleting entries in a LDAP dir. > > In each of the pages following is done: > > <?php > > require 'validate.php' ;// validate.php checks if the user is loged in > > $connect = ldap_connect(ldapserver); > if ($connect) { > > bind ... > do the things.... > > }else { echo erro..} > > ?> > > > Also please advice what is a correct method of checking the user's > session. Currenlty I use a "HTTP_SESSION_VARS" variable to store the recommended to use the $_SESSION superglobal instead and stuff values directly into (after having called session_start()) instead of using session_register() et al. > user's login & passwd . Each time the user hits the page these vars you only need to store *whether* they are logged in - and set that value when you actually handle a login attempt (obviously storing their username could be handy) I don't see any reason to store the passwd and validate against ldap on every request ... in fact I believe that storing the pwd in such a way is essentially less secure. > are checked with the existing values in the LDAP (this is done by > validate.php). > > Please suggest me some good starting point where I can start a fresh > with more compact/cleaner Code. that question is about as vague as 'how long is a chinaman?' (the answer to that question being 'yes he is') here are some very vague ideas/functions: an include file ... =========== 8< ===================== <?php function sessionCheck() { if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) { /* show login page then .. */ exit; } } function doLogin($username, $passwd) { $_SESSION['loggedin'] = false; if (/* given $username+$passwd check outs in ldap*/) $_SESSION['loggedin'] = true; return $_SESSION['loggedin']; } ?> an 'init' include file =========== 8< ===================== <?php require 'your-include-file.php'; // see above session_start(); if (isset($_POST['uname'], $_POST['pwd'])) { doLogin($_POST['uname'], $_POST['pwd']); } sessionCheck(); ?> any other file (other than the login 'page') =========== 8< ===================== <?php require 'your-init-file.php'; // we are logged in - it's magic // do some shit // the end, congrats go get laid :-) ?>
Thanx for the all responses. Regards Ram -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php