De Necker Henri wrote:
> Hi there!I want to know how to reload the following script of mine by
> using a cookie.If the cookie expires the user must lgin again.I can get it
> right to reload the authentication script
> This is my code im using in my secure pages :
>
> require_once("inc/db.inc");
>
> if(!isset($Cookie)){
> include("quick_auth.php");
> unset($PHP_AUTH_USER);
PHP_AUTH_USER is re-sent by the browser on each connection...
So unset-ing it is usually ineffective except for being able to use
isset($PHP_AUTH_USER) instead of isset($Cookie) in the rest of your
script...
> }else{
> //echo "<br>Cookie is set";
> session_start();
> //register session variables.
> session_register('userid');
> session_register('username');
> session_register('useremail');
> }
>
> //Now get data from tables so that we can authenticate the users that has
> admin rights etc etc.:
>
> $query = "SELECT user_type
> FROM staffinfo
> WHERE createdate = '$userid'";
>
> echo "<br>Ueserid = $userid";
> $row = db_array($query);
>
> if($row[0])
> {
> $intcom_authtype = $row[0];
> }else{
> $intcom_authtype = "x";
> }; //end if $row[0]
>
> $right['p'] = "power user";
> $right['n'] = "normal user";
> $right['x'] = "no user";
>
> echo "<br>This user has ".$right[$intcom_authtype]." rights";
>
> //////////////////////////////////////////END OF
> AUTHENTICATION///////////////////////////////////////
>
> This is my quick_auth.php :
> Its is basically the same as in the manual!
>
> //require_once("inc/db.inc");
>
> function recall()
> {
> Header("WWW-Authenticate: Basic realm=\"Intranet Authentication\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Sorry, you have to authenticate to gain access.\n";
> exit;
> } //end of function recall
>
> if(!isset($PHP_AUTH_USER))
> {
> Header("WWW-Authenticate: Basic realm=\"Intranet Authentication\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Sorry, you have to authenticate to gain access.\n";
> exit;
> }else{
> $email = $PHP_AUTH_USER;
> $password = $PHP_AUTH_PW;
> if(!strrchr($email,"@")){$email=$email."@ford.co.za";}
>
> $query = "SELECT createdate,lastupdate,password,email,name
> FROM staffinfo
> WHERE email = '$email'";
>
> $row = db_array($query);
>
> $createdate_t = $row[0];
> $lastupdate_t = $row[1];
> $password_t = strtolower($row[2]);
> $email_t = $row[3];
> $name = $row[4];
>
> $password = substr($password,0,20);
>
> if((strtolower($password)!=$password_t) || (!$password))
> {
You really shouldn't store the passwords in plain-text in the database.
You can use http://php.net/crypt to store an encrypted copy of the
passwords in the database. Then, this test would read more like:
if ((crypt($password, 'XX') != $password_t))
> recall();
>
> }else{
> $CookieString=$createdate_t."&".$email_t;
> SetCookie("Cookie",$CookieString,time()+10); //setting new cookie
A 10 second cookie? That's not real useful... Give them a half hour at
least... Change the 10 to 60 * 30 or even higher.
Also for some broken (IE) browsers, you have to specify a path as well as a
time, or not a time. So add '/' at the end of this.
> $userid = $createdate_t; //We use the creation date as our user id.
On a very busy server, you could maybe end up with multiple users with the
same userid then... Not good.
> $username = $name;
> $useremail = $email_t;
>
> //initiate session
> session_start();
> //register session variables.
>
> session_register('userid');
> session_register('username');
> session_register('useremail');
>
> }; //if password correct
>
> }; //if information submitted
>
>
--
Like music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
