On 1/18/07, Ramdas <ramdas.phutane@xxxxxxxxx> wrote:
On 1/17/07, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
> Ramdas wrote:
> > Hi Group,
> >
> > A very newbie question. Might be discussed earlier, please forgive.
>
> Are so much of a noob that STFW is not within your capabilities?
> (just thought I'd ask, given that you admit to realising the info *might*
> be out there already)
>
> >
> > I am having a site in PHP ( not very great design ) which I need to
> > convert/modify to use functions. Such the code for connecting /
> > binding to Ldap is not repeated & scripts are more readable.
> >
> > The site deals with modifying / adding / deleting entries in a LDAP dir.
> >
> > In each of the pages following is done:
> >
> > <?php
> >
> > require 'validate.php' ;// validate.php checks if the user is loged in
> >
> > $connect = ldap_connect(ldapserver);
> > if ($connect) {
> >
> > bind ...
> > do the things....
> >
> > }else { echo erro..}
> >
> > ?>
> >
> >
> > Also please advice what is a correct method of checking the user's
> > session. Currenlty I use a "HTTP_SESSION_VARS" variable to store the
>
> recommended to use the $_SESSION superglobal instead and stuff values
> directly into (after having called session_start()) instead of using session_register()
> et al.
>
> > user's login & passwd . Each time the user hits the page these vars
>
> you only need to store *whether* they are logged in - and set that value when you
> actually handle a login attempt (obviously storing their username could be handy)
>
> I don't see any reason to store the passwd and validate against ldap on
> every request ... in fact I believe that storing the pwd in such a way is essentially less
> secure.
>
> > are checked with the existing values in the LDAP (this is done by
> > validate.php).
> >
> > Please suggest me some good starting point where I can start a fresh
> > with more compact/cleaner Code.
>
> that question is about as vague as 'how long is a chinaman?'
> (the answer to that question being 'yes he is')
>
> here are some very vague ideas/functions:
>
> an include file ...
> =========== 8< =====================
> <?php
> function sessionCheck()
> {
> if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
> /* show login page then .. */
> exit;
> }
> }
>
> function doLogin($username, $passwd)
> {
> $_SESSION['loggedin'] = false;
> if (/* given $username+$passwd check outs in ldap*/)
> $_SESSION['loggedin'] = true;
>
> return $_SESSION['loggedin'];
> }
> ?>
>
> an 'init' include file
> =========== 8< =====================
> <?php
>
> require 'your-include-file.php'; // see above
>
>
> session_start();
>
> if (isset($_POST['uname'], $_POST['pwd'])) {
> doLogin($_POST['uname'], $_POST['pwd']);
> }
>
> sessionCheck();
>
> ?>
>
> any other file (other than the login 'page')
> =========== 8< =====================
> <?php
>
> require 'your-init-file.php';
>
> // we are logged in - it's magic
>
> // do some shit
>
> // the end, congrats go get laid :-)
>
> ?>
>
Thanx for the all responses.
Regards
Ram
Hi all,
Sorry for troubling all again.
I am trying to use the Pear DB_ldap for the above scripts.
Does any one have any sample code for ldap_connect () ldap_search etc.
Thanx once again.
Regards
Ram
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
