De Necker Henri wrote: > Hi there!I want to know how to reload the following script of mine by > using a cookie.If the cookie expires the user must lgin again.I can get it > right to reload the authentication script > This is my code im using in my secure pages : > > require_once("inc/db.inc"); > > if(!isset($Cookie)){ > include("quick_auth.php"); > unset($PHP_AUTH_USER);
PHP_AUTH_USER is re-sent by the browser on each connection... So unset-ing it is usually ineffective except for being able to use isset($PHP_AUTH_USER) instead of isset($Cookie) in the rest of your script... > }else{ > //echo "<br>Cookie is set"; > session_start(); > //register session variables. > session_register('userid'); > session_register('username'); > session_register('useremail'); > } > > //Now get data from tables so that we can authenticate the users that has > admin rights etc etc.: > > $query = "SELECT user_type > FROM staffinfo > WHERE createdate = '$userid'"; > > echo "<br>Ueserid = $userid"; > $row = db_array($query); > > if($row[0]) > { > $intcom_authtype = $row[0]; > }else{ > $intcom_authtype = "x"; > }; //end if $row[0] > > $right['p'] = "power user"; > $right['n'] = "normal user"; > $right['x'] = "no user"; > > echo "<br>This user has ".$right[$intcom_authtype]." rights"; > > //////////////////////////////////////////END OF > AUTHENTICATION/////////////////////////////////////// > > This is my quick_auth.php : > Its is basically the same as in the manual! > > //require_once("inc/db.inc"); > > function recall() > { > Header("WWW-Authenticate: Basic realm=\"Intranet Authentication\""); > Header("HTTP/1.0 401 Unauthorized"); > echo "Sorry, you have to authenticate to gain access.\n"; > exit; > } //end of function recall > > if(!isset($PHP_AUTH_USER)) > { > Header("WWW-Authenticate: Basic realm=\"Intranet Authentication\""); > Header("HTTP/1.0 401 Unauthorized"); > echo "Sorry, you have to authenticate to gain access.\n"; > exit; > }else{ > $email = $PHP_AUTH_USER; > $password = $PHP_AUTH_PW; > if(!strrchr($email,"@")){$email=$email."@ford.co.za";} > > $query = "SELECT createdate,lastupdate,password,email,name > FROM staffinfo > WHERE email = '$email'"; > > $row = db_array($query); > > $createdate_t = $row[0]; > $lastupdate_t = $row[1]; > $password_t = strtolower($row[2]); > $email_t = $row[3]; > $name = $row[4]; > > $password = substr($password,0,20); > > if((strtolower($password)!=$password_t) || (!$password)) > { You really shouldn't store the passwords in plain-text in the database. You can use http://php.net/crypt to store an encrypted copy of the passwords in the database. Then, this test would read more like: if ((crypt($password, 'XX') != $password_t)) > recall(); > > }else{ > $CookieString=$createdate_t."&".$email_t; > SetCookie("Cookie",$CookieString,time()+10); //setting new cookie A 10 second cookie? That's not real useful... Give them a half hour at least... Change the 10 to 60 * 30 or even higher. Also for some broken (IE) browsers, you have to specify a path as well as a time, or not a time. So add '/' at the end of this. > $userid = $createdate_t; //We use the creation date as our user id. On a very busy server, you could maybe end up with multiple users with the same userid then... Not good. > $username = $name; > $useremail = $email_t; > > //initiate session > session_start(); > //register session variables. > > session_register('userid'); > session_register('username'); > session_register('useremail'); > > }; //if password correct > > }; //if information submitted > > -- Like music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]