I mostly use Firefox but still I check to make sure everything works in IE7
and other browsers equally as well. I had strange results here. I have a
simple login form(user/pass field and submit button). I have the actual
login request script in a common php file. I have an Authentication class
that handles my auth stuff. With the code the way it is, it works perfectly
in firefox. However, in IE7 when you log in it shows the restricted stuff
but as soon as you navigate anywhere else you no longer have access. If you
login again then it works fine just like the first time you logged in using
firefox.
Now if you change $_SESSION['uid']=="" to !isset($_SESSION['uid']) then it
works perfectly on both browsers.
Anyhow, rifle through the code -- just something to think about. Anybody
else have a similar issue before?
Web Code:
Restricted stuff:
<?php
if ($_SESSION['uid']==""){
$ops->postLogin($e);
}else{
?>
Logged in stuff(Restricted stuff)
<?php } ?>
Common snippet:
if ($_POST[action]=="login"){
$auth = new
Authentication($host,$user,$pass,"dbname","http://aerocore.net/";);
if
($auth->verifyCreds($_POST['username'],$_POST['password'],"base_contributors
","id"))
{
$_SESSION['uid'] = $auth->retId;
$auth->failSafe();
break;
}
}
Authentication:
class Authentication extends SQL {
public $errorMsg;
public $retId;
public $clean = array();
public $fail;
public function __construct($host,$user,$pass,$dbname =
null,$fail)
{
parent::__construct($host,$user,$pass,$dbname =
null);
$this->fail=$fail;
}
public function failSafe()
{
header("Location: {$this->fail}");
}
final public function sanitizeLoginCreds($user, $pass)
{
$this->clean['username']=strip_tags($user);
$this->clean['password']=strip_tags($pass);
if (!ctype_alnum($this->clean['username'])){
$this->clean['username']=""; }
if (!ctype_alnum($this->clean['password'])){
$this->clean['password']=""; }
}
final public function verifyCreds($user, $pass, $table,
$retVal = null)
{
$this->sanitizeLoginCreds($user,$pass);
//$this->result = $this->query("SELECT * FROM $table
where username='{$this->clean[username]}' and
password='{$this->clean[password]}'");
if ($this->fetchNumRows("SELECT * FROM $table where
username='{$this->clean[username]}' and
password='{$this->clean[password]}'") == 0)
{
$this->errorMsg = "Incorrect
Username/Password Combo";
$this->failSafe();
return false;
}
else
{
if (isset($retVal))
{
$this->retId =
$this->fetchArray("SELECT * FROM $table where
username='{$this->clean[username]}' and
password='{$this->clean[password]}'");
$this->retId =
$this->retId[$retVal];
}
return true;
}
}
final public function secureLogout()
{
$_SESSION = array();
session_destroy();
$this->failSafe();
}
public function __destruct(){}
}
Brian Seymour
Zend Certified Engineer
AeroCoreProductions
http://www.aerocore.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
