RE: [PHP] 'Code Snippets' you couldn't live without
this is not a code snippet just a class that i have re-used about a 100 times. It is for authenticating users via a passwd file or mysql. Hope it will help someone ... also , if you improve it please email me the changes :) http://mohadib.openactive.org/web_editor/AuthTool.class.php.txt jd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with include()
Hello,
I have a login page .. the user types in user and pass
then the form gets posted to tiny_edit.php
tiny_edit.php checks user and pass then sets a cookie if auth is
successful. Then the original login page is included. The login page has
logic at the top to check for the auth cookie ... if there, it sends
user to home page ... if not it displays the login screen. This works
mostly except ... when the user auths ... the cookie gets set ... then
the login page is included ... the login page does not see the auth
cookie until the user refreshes their browser ... why is this happening?
thanks,
jd
login page
?php
$bt = new AuthTool();
if($username = $bt-checkAuth()){
//send to homepage
print you are already logged on $username;
}
?
html
head
title
Tiny Edit Login
/title
link rel=stylesheet type=text/css href=inc/tiny_edit.css /
/head
body
form action=?php echo $_SERVER['PHP_SELF']; ? method=post
table width=240 cellspacing=0 border=0
tr
td width=100% class=white align=center
bTiny Edit Login/b
/td
/tr
/table
table width=240 cellspacing=0 border=0
tr
td class=grey width=120 align=centerUser:/tdtd class=grey
width=100input type=text name=user/td
/tr
tr
td class=grey width=120 align=centerPass:/tdtd class=grey
width=100input type=password name=pass/td
/tr
/table
table width=240 cellspacing=0 border=0
tr
td width=100% class=white align=right
input type=submit value=Login class=submitstyle
/td
/tr
/table
form
/body
/html
tiny_edit.php
if(!$_GET['instance'] !$_POST['instance']){
$at = new AuthTool();
if($_POST['user'] $_POST['pass']){
$at-auth($_POST['user'],$_POST['pass']); //this sets cookie if user
and pass are correct
}
include inc/tiny_edit_login.inc.php;
}
thanks,
jd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with include()
On Mon, 2004-11-01 at 16:08, Richard Davey wrote:
Hello Jason,
Monday, November 1, 2004, 10:34:16 PM, you wrote:
JD the login page is included ... the login page does not see the auth
JD cookie until the user refreshes their browser ... why is this happening?
Cookies (set via setcookie) are not available to you on the same page
as you set them. The function is a means to send a special header to
the browser that makes it create the cookie when the page loads which,
at this point in your script, hasn't happened yet.
If you are including the login.php script further down the page then
rather than checking for the cookie itself, why not just check for the
original value you set the cookie to?
Best regards,
Richard Davey
thanks a lot Richard :)
I was just about to email this simple test case ... so even tho you
told me the answer I,ll post so someone else might use it
i am misunderstanding cookies and/or include() ... please look at this
code...
sc.php
?php
setCookie('data' , 'blah');
include 'gc.php';
?
gc.php
?php
print $_COOKIE['data'] . -here;
?
this is the out put of running sc.php
-here
why is this , i want to set a cookie ... then have a include do
something
with it ... is this not possible to do during the same http transaction?
thanks
--
http://www.launchcode.co.uk - PHP Development Services
I am not young enough to know everything. - Oscar Wilde
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with include()
On Mon, 2004-11-01 at 16:10, Vail, Warren wrote:
How did you go to the page that included the login page, if you
included it
in the tiny_edit.php (which is the routine that sets the cookie in the
browser, you need to cause the browser to send it back to you by doing
a
redirect;
Header(Location: tiny_edit.php);
Exit;
When tiny_edit is entered the second time it should be able to
retrieve the
cookie. (this is basically what you are doing manually by refreshing
the
browser).
HTH,
Warren Vail
yeah baby! thas what im talkin bout! thanks a lot :p
if(!$_GET['instance'] !$_POST['instance']){
$at = new AuthTool();
if($_POST['user'] $_POST['pass']){
$at-auth($_POST['user'],$_POST['pass']); //set cookie
Header(Location: tiny_edit.php);
Exit;
}
include inc/tiny_edit_login.inc.php;
}
thanks again all,
jd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with include()
On Mon, 2004-11-01 at 16:26, Brad Dameron wrote:
On Mon, 2004-11-01 at 15:17, Jason Davis wrote:
sc.php
?php
setCookie('data' , 'blah');
include 'gc.php';
?
gc.php
?php
print $_COOKIE['data'] . -here;
?
this is the out put of running sc.php
-here
why is this , i want to set a cookie ... then have a include do
something
with it ... is this not possible to do during the same http transaction?
thanks
Your setcookie line is wrong. You have a uppercase C. Which it will
think it is a different function.
Also with your login page instead of sending them to another page to
check auth send them to the same page. Here is a example:
if (isset($_GET['user']) $_GET['type'] == submit) {
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
if ( 1 == $autherror=authenticateUser($user, $pass)){
$_SESSION['app_user'] = $user;
$_SESSION['app_pass'] = $pass;
error_log (DNS_LOGIN: $user logged in from ip: $ip., 0);
header(Location: tiny_edit_login.inc.php);
exit;
} else {
error_log ($user failed on . date(m-d-Y H:i:s) . with
password of '$pass' from ip: $ip, 0);
}
}
I return back a 1 if auth successful or a 0 if not. I prefer to use
session's with cookies over cookies directly.
Brad
i like this idea , how then do you go about making sure users are authed
on pages other than the login page?
here is my plan ...
use this object for auth
?php
$seed_phrase = 'my_wife_Would_love_it_no_really';
$use_mysql = '0'; // set to one and fill in $mysql_vars else set to 0
and file in $passwdFile var rel or full path
$mysql_ip = '1.1.1.1';
$mysql_user = 'nub';
$mysql_pass = 'nubpasswd';
$mysql_db = 'testdb';
$mysql_passwd_key = 'username';
$mysql_passwd_field = 'password';
$mysql_table = 'users';
$passwdFile = '/var/www/web_editor/.htAuthTool';
class AuthTool{
function checkAuth(){
if(empty($_COOKIE['data'])){
return 0;
}
else{
$data = $_COOKIE['data'];
list($username,$hash) = split(,, $data);
$phrase1 = md5($username . $seed_phrase .
$_SERVER['REMOTE_ADDR']);
if(!strcmp($phrase1 , $hash)){
return $username;
}
else{
return 0;
}
}
} // close checkAuth
function cookiePut($user){
$phrase = md5($user . $seed_phrase . $_SERVER['REMOTE_ADDR']);
$authData = $user . , . $phrase;
setCookie('data' , $authData);
}//close cookiePut
function auth($user,$pass){
$pass = md5($pass);
if($use_mysql){
$query = select $mysql_passwd_field from $mysql_table where
$mysql_passwd_key = '$user';
$result = $this-sqlQuery($query);
if(!$result){
echo Error:No sql result;
}
else{
list($thePass) = mysql_fetch_array($result); //this
line might not
work , test with mysql later
if(!strcmp($thePass , $pass)){
$this-cookiePut($user);
return $user;
}
}
return 0;
}
else{
global $passwdFile;
if($passwd_file = file($passwdFile)){
foreach($passwd_file as $line){
list($username,$passwd,$groups) = split(: ,
$line);
if(!strcmp($username , $user)){
if(!strcmp(rtrim($pass)
,rtrim($passwd))){
$this-cookiePut($user);
return $user;
}
}
}
}
else{
return Error:No passwd file.;
}
return 0;
}
}//close auth
function sqlQuery($theQuery){
$db = mysql_connect($mysql_ip,$mysql_user,$mysql_pass) or die(Could
not connect to database);
mysql_select_db($mysql_db) or die(Could not select database);
$result
[PHP] gpg/php problems ....
the code below encrypts a phrase using gpg and sends out via email ... i get the data ok ... but my mail client does not show it ... if i view email sorce i can see the encrypted message ... what am i doing wrong? thanks, jd $username = mohadib; $pgp=/usr/bin/gpg; $user=Zend Commerce [EMAIL PROTECTED]; $recp=[EMAIL PROTECTED]; //$data=$oneOrder; $command = 'echo hello word | '.$pgp.' -a --always-trust --batch --no-secmem-warning -e -u '.$user.' -r '.$recp.''; $oldhome = getEnv(HOME); putenv(HOME=/home/$username); $result = exec($command, $encrypted, $errorcode); putenv(HOME=$oldhome); $subject=Test message; $headers = MIME-Version: 1.0\r\n; $headers .= Content-Type: multipart/encrypted; protocol=\application/pgp-encrypted\; boundary=\=-uc4rTrDFZtVQGtcexwyv\\r\n; $message = --=-uc4rTrDFZtVQGtcexwyv Content-Type: application/pgp-encrypted Content-Transfer-Encoding: 7bit Version: 1 --=-uc4rTrDFZtVQGtcexwyv Content-Type: application/octet-stream; name=encrypted.asc Content-Transfer-Encoding: 7bit\n\n; $message .= implode(\n, $encrypted); $message .= \n\n--=-uc4rTrDFZtVQGtcexwyv--; mail($recp,$subject,$message,$headers); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
