Sorry if this was already answered ...
I think what Dave intends to do is give your students some kind of
authentication (you can use a generic account), then have PHP connect to the
database without the student ever seeing the login information (besides the
script that is doing the basic authentication).
Now, if PHP can connect to the types of databases your system would need to
use is a different story ... you would probably have to ask the vendor about
that.
Regards,
Matthew Moldvan
---------------------------------------
System Administrator
Trilogy International, Inc
http://www.trilogyintl.com/ecommerce/
---------------------------------------
-----Original Message-----
From: Jeremy Peterson [mailto:jeremy.peterson@moody.edu]
Sent: Thursday, January 09, 2003 4:54 PM
To: David Smith
Cc: php-db@lists.php.net
Subject: Re: Authenticating through a php script
Dave,
I am afraid I am not communicating what I am trying to do.
I have multiple databases that my library purchases. FirstSearch,
Ebscohost, etc. These company's have there own authentication systems that
I have no control over. A lot of them give user names and passwords that
can access their secure database; however I will not give out this
information to students. I want to design a system that will log the
students on directly without them ever seeing the log in screen.
A) Does this make sense in what I am trying to do?
B) How can I do it?
Jeremy
At 12:38 PM 1/9/2003 -0700, David Smith wrote:
>I haven't looked over all your code in detail, but the problem you
>describe seems to be best solved using PHP Sessions. Sessions store data
>between browser refreshes. You could store whether a user has been
>authenticated via LDAP, and then on a subsequent page, you can reference
>that information to determine how to proceed.
>
>Here's the doc: http://www.php.net/manual/en/ref.session.php
>
>--Dave
>
>On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote:
> > David,
> >
> > I have ldap working, my problem is the second half of my question.
> >
> > The problem script workflow:
> > 1. Authenticate on LDAP (Resolved)
> > 2. Connect to different authenticated site for the user (Not sure
> where to
> > go now.)
> >
> > My guess was to send the post information to where the form action
points
> > to. Having done this, all I get is a blank page. I guess if PHP sends
> > the post information then the client will be out of the authentication
> > loop. There must be a better way. But I don't think I have enough
> > information to know how to proceed.
> >
> > Somehow I have to get the browser to send the http post rather than
> > PHP. Is this possible.
> >
> > Jeremy
> >
> > P.S.
> >
> > The script I am using right now incorporates Chris Alsop's class:
> >
> > <!-- CLASS START -->
> >
> > <?php
> > ## Archive: c_http.class
> > ## Description: Basic http class functions (only post right now)
> > ## Author: Chris Alsop - chris@mindpointe.com (rumblefiz)
> > ## Property Of: Everyone
> > ## Date Created: 07/01/2001
> > ## Mod History: 07/01/2001 Chris Alsop - Initial Coding
> > ##
> >
==========================================================================
> > class c_http {
> > ## DECLARE CLASS VARIABLES ----------------
> > var $QUERY_STRING;
> > var $TARGET_DOMAIN;
> > var $TARGET_FILE;
> > var $RESPONSE;
> > ## END CLASS VARIABLE DECLARATION ---------
> >
> > ## FUNCTION: c_http()
> > ## ARGS: $psQueryString : String
> > ## $psTargetDomain : String
> > ## $psTargetFile : String
> > ## ''''''''''''''''''''''''''''''''''''''''
> > function c_http($psQueryString,
> > $psTargetDomain,$psTargetFile) {
> >
> > $this->QUERY_STRING = $psQueryString;
> > $this->TARGET_DOMAIN = $psTargetDomain;
> > $this->TARGET_FILE = $psTargetFile;
> > }
> > ## END FUNCTION: c_http() *****************
> >
> > ## FUNCTION: post()
> > ## ARGS: None
> > ## RETURNS: Boolean
> > ## ''''''''''''''''''''''''''''''''''''''''
> > function post() {
> > $qs = $this->QUERY_STRING;
> > $domain = $this->TARGET_DOMAIN;
> > $thefile = $this->TARGET_FILE;
> > if(!$fp = fsockopen($domain,80)) {
> > print "Socket not open<br>";
> > return false;
> > exit();
> > }
> > $postData = "POST http://$domain/$thefile HTTP/1.0\r\n";
> > $postData .= "Content-type:
> > application/x-www-form-urlencoded\r\n";
> > $postData .= "Content-length: ".strlen($qs)."\r\n\r\n";
> > $postData .= $qs;
> >
> > if(!fputs($fp,$postData)) {
> > return false;
> > exit();
> > }
> >
> > $data = "";
> > while(!feof($fp)) $data .= fgets($fp,32000);
> > $pos = 0;
> > for($i=0; $i<2000; $i++) {
> > if(strtoupper(substr($data,$i,4)) == "\r\n\r\n") {
> > $pos = $i+4; $i = 2000;
> > }
> > }
> > $data = substr($data,$pos);
> >
> > $base = "<base href ";
> > $base = $base . "=";
> > $base = $base . " 'http://$domain/' ";
> > $base = $base . ">";
> >
> > if (eregi("<body",$data)) {
> > $data = eregi_replace("<body",$base."<BODY",$data);
> > } else {
> > $data = $base . $data;
> > }
> > $this->RESPONSE = $data;
> > fclose($fp);
> > return true;
> > }
> > ## END FUNCTION: post() *******************
> > }
> > ?>
> >
> > <!-- CLASS END -->
> > <!-- Test Script -->
> >
> > <?php
> >
> >
> >
> > /*Form information I am trying to send to- example only
> > <form name="MyForm" action="login.php" method="post">
> > Please log into MyMBI
> > ID <INPUT TYPE="text" NAME="meuser" SIZE=15>
> > Password<INPUT TYPE="password" NAME="password" SIZE=15>
> > <INPUT TYPE="submit" VALUE="Sign in"><BR>
> > </FORM>
> > */
> > //setting up the varibles
> >
> > // print "hi test 1<p> ";
> > $post_info = "meuser=*******&password=******";
> >
> > $oHttp = new c_http($post_info,"my.mbinet.net","/login.php");
> > if(!$oHttp->post()) {
> > echo "error";
> > }
> >
> > echo $oHttp->RESPONSE;
> > // first arg is the query string you want to post. it must be
> urlencoded.
> > if you want the current querystring you can use $QUERY_STRING. the
second
> > arg is the domain and the third is the file (or script) that is getting
> > posted to.
> > ?>
> >
> >
> >
> >
> >
> >
> > At 10:28 AM 1/9/2003 -0700, David Smith wrote:
> > >Jeremy,
> > >
> > >LDAP authentication happens in two stages: connect and bind. The
connect
> > >stage is just establishing a connection with the LDAP server
> > >(ldap_connect()). No username or password is necesary in this stage.
> > >Once your connection is established, you attempt a bind (ldap_bind())to
> > >verify a username/password on the LDAP server. Here's some PHP code
that
> > >will do it or you:
> > >
> > ><?php
> > >
> > >$ldap_server = "example.com"; // change to your LDAP server host name
> > >$ldap_port = 389; // might be different for your server
> > >$pw = "yourpassword"; // change to your password
> > >$dn = "cn=dave,ou=people,dc=example,dc=com"; // change to the dn you
want
> > >to authenticate
> > >
> > >$connect_result = ldap_connect( $ldap_server, $ldap_port );
> > >
> > >// Did we connect?
> > >if( ! $connect_result )
> > >{
> > > echo "Could not connect to '$server_name' on port
> '$server_port'";
> > >}
> > >
> > >$bind_result = ldap_bind( $connect_result, $admin_dn, $admin_pw );
> > >
> > >// Did we bind?
> > >if( ! $bind_result )
> > >{
> > > echo "Bad username/password";
> > >}
> > >else
> > >{
> > > echo "Correct username/password!";
> > >}
> > >
> > >?>
> > >
> > >Here's some good documentation on the topic:
> > >http://www.php.net/manual/en/ref.ldap.php
> > >
> > >Let us know how it goes.
> > >
> > >--Dave
> > >
> > >
> > >
> > >On Thu, 2003-01-09 at 10:01, Jeremy Peterson wrote:
> > > > I am working on a script that will authenticate on a central system
my
> > > > company has devised for us to use (LDAP) and then authenticate them
to
> > > > other sites that I want them to access (Online Databases and other
> > > > electronic resources I do not control but pay lots of money for all
> > > > students to access).
> > > >
> > > > I have seen this done on a product produced by Epixtech called RPA
> > > > (Remote Patron Authentication). This is an authentication system
that
> > > > avoids using a proxy server. It basically handles the authentication
> > > > (LDAP) and sends the appropriate information to the other secure
> > > > source (Online Database, Electronic Resources, or my online
catalog's
> > > > patron information.) Typically there are multiple ways it will
> > > > authenticate for the user to other resources. URL referer, ip
> > > > authentication, fill in an user/password form for the user. I just
> > > > can't get the user/password portion to work on a protected
> site. My tests
> > > > of sending post information to another one of my scripts works
> fine. But
> > > > it doesn't work as of yet.
> > > >
> > > > I have worked a bit with scripts that send post information through
> > > > sendToHost function (fsockopen and fputs). But nothing is really
> > > > working here. Does anyone know how I should go about this? All
> > > > suggestions will be great!
> > > >
> > > >
> > > > Thanks a bunch,
> > > >
> > > > Jeremy
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
