[PHP] Login Verification
Hi everyone. I have a quick question regarding the above. currently I have a form that posts to another page. However, rather than wait until they get to that page to verify their login are there conventions that are recognised for this process currently...? For example, my code for the form's header is: echo form action='login_verified.php' method='post' name='Login Form' title='Login Form'; How can I ensure that only once a user has been verified that they can see the page in my form's action field...? -- - Michael Mason Arras People www.arraspeople.co.uk - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
On Sunday 11 July 2004 03:47, Harlequin wrote: I have a quick question regarding the above. currently I have a form that posts to another page. However, rather than wait until they get to that page to verify their login are there conventions that are recognised for this process currently...? For example, my code for the form's header is: echo form action='login_verified.php' method='post' name='Login Form' title='Login Form'; How can I ensure that only once a user has been verified that they can see the page in my form's action field...? At the most basic level a login system would work something like this: 1) User submits login credentials 2) A login script checks credentials, if OK, send user a token (via session/cookie). In your backend, associate that token with that user and note that they're logged in. 3) At the start of all your protected pages, you need to check for the token and whether it's valid. I'm surprised that you're asking this because I thought that you had your login system all sussed out! -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* And miles to go before I sleep. -- Robert Frost */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
I did Jason but am reworking all the pages and tidying the syntax up and one of the things I never sorted out was the fact that users logging in would be taken to the logged in page although their user data was not displayed and an error told them they logged in incorrectly. This, from a users perspective, can seem confusing because although they haven't been verified they are looking at what appears to be a members page. But the message tells them otherwise and the PHP code never retrieves their data from the database because they were not successfully verified. I suppose I'm over egging the pudding but I'd like it to be slick that's all. -- - Michael Mason Arras People www.arraspeople.co.uk - Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Sunday 11 July 2004 03:47, Harlequin wrote: I have a quick question regarding the above. currently I have a form that posts to another page. However, rather than wait until they get to that page to verify their login are there conventions that are recognised for this process currently...? For example, my code for the form's header is: echo form action='login_verified.php' method='post' name='Login Form' title='Login Form'; How can I ensure that only once a user has been verified that they can see the page in my form's action field...? At the most basic level a login system would work something like this: 1) User submits login credentials 2) A login script checks credentials, if OK, send user a token (via session/cookie). In your backend, associate that token with that user and note that they're logged in. 3) At the start of all your protected pages, you need to check for the token and whether it's valid. I'm surprised that you're asking this because I thought that you had your login system all sussed out! -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* And miles to go before I sleep. -- Robert Frost */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
In article [EMAIL PROTECTED], Harlequin wrote: I did Jason but am reworking all the pages and tidying the syntax up and one of the things I never sorted out was the fact that users logging in would be taken to the logged in page although their user data was not displayed and an error told them they logged in incorrectly. Meaby you can have a look at pear::auth ? -- Tim Van Wassenhove http://home.mysth.be/~timvw -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
Harlequin wrote: I did Jason but am reworking all the pages and tidying the syntax up and one of the things I never sorted out was the fact that users logging in would be taken to the logged in page although their user data was not displayed and an error told them they logged in incorrectly. This, from a users perspective, can seem confusing because although they haven't been verified they are looking at what appears to be a members page. What makes it look like a members page? Put in a condition that will modify the page look or whatever you need. But the message tells them otherwise and the PHP code never retrieves their data from the database because they were not successfully verified. I suppose I'm over egging the pudding but I'd like it to be slick that's all. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
On Sunday 11 July 2004 04:46, Harlequin wrote: I did Jason but am reworking all the pages and tidying the syntax up and one of the things I never sorted out was the fact that users logging in would be taken to the logged in page although their user data was not displayed and an error told them they logged in incorrectly. WHy *would* they get an error? You wrote the app, so under what coonditions would you output an error? This, from a users perspective, can seem confusing because although they haven't been verified they are looking at what appears to be a members page. But the message tells them otherwise and the PHP code never retrieves their data from the database because they were not successfully verified. Sounds like you have a fatal flaw with your system. I strongly suggest that you read a few of the many login system tutorials out there and maybe consider using one of the many ready made login systems. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* I didn't get sophisticated -- I just got tired. But maybe that's what sophisticated is -- being tired. -- Rita Gain */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Verification
On Sat, 10 Jul 2004 20:47:47 +0100, Harlequin [EMAIL PROTECTED] wrote: Hi everyone. I have a quick question regarding the above. currently I have a form that posts to another page. However, rather than wait until they get to that page to verify their login are there conventions that are recognised for this process currently...? For example, my code for the form's header is: echo form action='login_verified.php' method='post' name='Login Form' title='Login Form'; How can I ensure that only once a user has been verified that they can see the page in my form's action field...? -- - Michael Mason Arras People www.arraspeople.co.uk - Why not skip that step by adding a login redirect page? It checks the form values against the database and if all is good hands out credentials and sends the user on their way, and if they supply the wrong information they are sent to another page. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Login verification
i would think you could just use crypt() to check the pass against what you read in from the file -Original Message- From: Ashley M. Kirchner [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 2:27 AM To: PHP-General List Subject: [PHP] Login verification I want to make a login page in PHP, which will check the user/password against the system's user/password file (in my case, /etc/passwd and /etc/shadow.) With the machine running PAM, how can I have PHP do this? Keep in mind I don't need to modify anything, just verify the login. Once verified, the script either continues on to doing other things, or it bombs with a bad login page. -- H | Life is the art of drawing without an eraser. - John Gardner + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 Director of Internet Operations / SysAdmin. 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Login Verification - snag!
I just realized I jumped the gun on myself with my question earlier. /etc/shadow isn't accessible by anyone but root. With that said, how can I build a login page in PHP, running as the web server daemon process, that can validate the user against the system's shadow file? I hate to have to duplicate the file with different permissions just so that the process can read it when it needs to. -- H | Life is the art of drawing without an eraser. - John Gardner + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 Director of Internet Operations / SysAdmin. 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Login Verification - snag!
I hate to have to duplicate the file with different permissions AMK just so that the process can read it when it needs to. How about persorm a exec(su username password) grabbing the output? Or something like that... -- Kind regards, Morten Winkler -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Login verification
I want to make a login page in PHP, which will check the user/password against the system's user/password file (in my case, /etc/passwd and /etc/shadow.) With the machine running PAM, how can I have PHP do this? Keep in mind I don't need to modify anything, just verify the login. Once verified, the script either continues on to doing other things, or it bombs with a bad login page. -- H | Life is the art of drawing without an eraser. - John Gardner + Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 Director of Internet Operations / SysAdmin. 800.441.3873 x130 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave, #6 http://www.pcraft.com . . .. Boulder, CO 80303, U.S.A. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]