Re: Authenticating through a php script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I haven't looked over all your code in detail, but the problem you
describe seems to be best solved using PHP Sessions. Sessions store data
between browser refreshes. You could store whether a user has been
authenticated via LDAP, and then on a subsequent page, you can reference
that information to determine how to proceed.

Here's the doc: http://www.php.net/manual/en/ref.session.php

--Dave

On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote:
> David,
> 
> I have ldap working, my problem is the second half of my question.
> 
> The problem script workflow:
> 1. Authenticate on LDAP (Resolved)
> 2. Connect to different authenticated site for the user  (Not sure where to 
> go now.)
> 
> My guess was to send the post information to where the form action points 
> to.  Having done this, all I get is a blank page.  I guess if  PHP sends 
> the post information then the client will be out of the authentication 
> loop.  There must be a better way.  But I don't think I have enough 
> information to know how to proceed.
> 
> Somehow I have to get the browser to send the http post rather than 
> PHP.  Is this possible.
> 
> Jeremy
> 
> P.S.
> 
> The script I am using right now incorporates Chris Alsop's class:
> 
> <!-- CLASS START -->
> 
> <?php
>    ## Archive:        c_http.class
>    ## Description:    Basic http class functions (only post right now)
>    ## Author:         Chris Alsop - chris@mindpointe.com (rumblefiz)
>    ## Property Of:    Everyone
>    ## Date Created:   07/01/2001
>    ## Mod History:    07/01/2001   Chris Alsop     - Initial Coding
>    ## 
> ==========================================================================
>       class c_http {
>          ## DECLARE CLASS VARIABLES ----------------
>             var $QUERY_STRING;
>             var $TARGET_DOMAIN;
>             var $TARGET_FILE;
>             var $RESPONSE;
>          ## END CLASS VARIABLE DECLARATION ---------
> 
>          ## FUNCTION: c_http()
>          ## ARGS:     $psQueryString : String
>          ##           $psTargetDomain : String
>          ##           $psTargetFile : String
>          ## ''''''''''''''''''''''''''''''''''''''''
>             function c_http($psQueryString,
>                $psTargetDomain,$psTargetFile) {
> 
>                $this->QUERY_STRING  = $psQueryString;
>                $this->TARGET_DOMAIN = $psTargetDomain;
>                $this->TARGET_FILE   = $psTargetFile;
>             }
>          ## END FUNCTION: c_http() *****************
> 
>          ## FUNCTION: post()
>          ## ARGS:     None
>          ## RETURNS:  Boolean
>          ## ''''''''''''''''''''''''''''''''''''''''
>             function post() {
>                $qs      = $this->QUERY_STRING;
>                $domain  = $this->TARGET_DOMAIN;
>                $thefile = $this->TARGET_FILE;
>                if(!$fp = fsockopen($domain,80)) {
>                                   print "Socket not open<br>";
>                   return false;
>                   exit();
>                }
>                $postData  = "POST http://$domain/$thefile HTTP/1.0\r\n";
>                $postData .= "Content-type: 
> application/x-www-form-urlencoded\r\n";
>                $postData .= "Content-length: ".strlen($qs)."\r\n\r\n";
>                $postData .= $qs;
> 
>                if(!fputs($fp,$postData)) {
>                   return false;
>                   exit();
>                }
> 
>                $data = "";
>                while(!feof($fp)) $data .= fgets($fp,32000);
>                $pos = 0;
>                for($i=0; $i<2000; $i++) {
>                   if(strtoupper(substr($data,$i,4)) == "\r\n\r\n") {
>                      $pos = $i+4; $i = 2000;
>                   }
>                }
>                $data = substr($data,$pos);
> 
>                $base = "<base href ";
>                $base = $base . "=";
>                $base = $base . " 'http://$domain/' ";
>                $base = $base . ">";
> 
>                if (eregi("<body",$data)) {
>                   $data = eregi_replace("<body",$base."<BODY",$data);
>                } else {
>                   $data = $base . $data;
>                }
>                $this->RESPONSE = $data;
>                fclose($fp);
>                return true;
>             }
>          ## END FUNCTION: post() *******************
>          }
> ?>
> 
> <!-- CLASS END -->
> <!-- Test Script -->
> 
> <?php
> 
> 
> 
> /*Form information I am trying to send to- example only
> <form name="MyForm" action="login.php" method="post">
> Please log into MyMBI
> ID <INPUT TYPE="text" NAME="meuser" SIZE=15>
> Password<INPUT TYPE="password" NAME="password" SIZE=15>
> <INPUT TYPE="submit" VALUE="Sign in"><BR>
> </FORM>
> */
> //setting up the varibles
> 
> //   print "hi test 1<p>        ";
> $post_info = "meuser=*******&password=******";
> 
>     $oHttp = new c_http($post_info,"my.mbinet.net","/login.php");
>     if(!$oHttp->post()) {
>        echo "error";
>     }
> 
>     echo $oHttp->RESPONSE;
> //   first arg is the query string you want to post. it must be urlencoded. 
> if you want the current querystring you can use $QUERY_STRING. the second 
> arg is the domain and the third is the file (or script) that is getting 
> posted to.
> ?>
> 
> 
> 
> 
> 
> 
> At 10:28 AM 1/9/2003 -0700, David Smith wrote:
> >Jeremy,
> >
> >LDAP authentication happens in two stages: connect and bind. The connect
> >stage is just establishing a connection with the LDAP server
> >(ldap_connect()). No username or password is necesary in this stage.
> >Once your connection is established, you attempt a bind (ldap_bind())to
> >verify a username/password on the LDAP server. Here's some PHP code that
> >will do it or you:
> >
> ><?php
> >
> >$ldap_server = "example.com"; // change to your LDAP server host name
> >$ldap_port = 389; // might be different for your server
> >$pw = "yourpassword"; // change to your password
> >$dn = "cn=dave,ou=people,dc=example,dc=com"; // change to the dn you want 
> >to authenticate
> >
> >$connect_result = ldap_connect( $ldap_server, $ldap_port );
> >
> >// Did we connect?
> >if( ! $connect_result )
> >{
> >         echo "Could not connect to '$server_name' on port '$server_port'";
> >}
> >
> >$bind_result = ldap_bind( $connect_result, $admin_dn, $admin_pw );
> >
> >// Did we bind?
> >if( ! $bind_result )
> >{
> >         echo "Bad username/password";
> >}
> >else
> >{
> >         echo "Correct username/password!";
> >}
> >
> >?>
> >
> >Here's some good documentation on the topic:
> >http://www.php.net/manual/en/ref.ldap.php
> >
> >Let us know how it goes.
> >
> >--Dave
> >
> >
> >
> >On Thu, 2003-01-09 at 10:01, Jeremy Peterson wrote:
> > > I am working on a script that will authenticate on a central system my
> > > company has devised for us to use (LDAP) and then authenticate them to
> > > other sites that I want them to access (Online Databases and other
> > > electronic resources I do not control but pay lots of money for all
> > > students to access).
> > >
> > > I have seen this done on a product produced by Epixtech called RPA
> > > (Remote Patron Authentication).  This is an authentication system that
> > > avoids using a proxy server. It basically handles the authentication
> > > (LDAP) and sends the appropriate information to the other secure
> > > source (Online Database, Electronic Resources, or my online catalog's
> > > patron information.)  Typically there are multiple ways it will
> > > authenticate for the user to other resources.  URL referer, ip
> > > authentication, fill in an user/password form for the user.  I just
> > > can't get the user/password portion to work on a protected site.  My tests
> > > of sending post information to another one of my scripts works fine.  But
> > > it doesn't work as of yet.
> > >
> > > I have worked a bit with scripts that send post information through
> > > sendToHost function (fsockopen and fputs).  But nothing is really
> > > working here.  Does anyone know how I should go about this?  All
> > > suggestions will be great!
> > >
> > >
> > > Thanks a bunch,
> > >
> > > Jeremy



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux