 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
darrensunley
Joined: 09 Jan 2007
Posts: 3
|
 Posted: Tue Jan 09, 2007 4:04 pm Post subject: Auth |
 |
|
I was just after a little bit of advice as to how I need to configure the Auth module to allow me to protect multiple pages. I have a site that allows users to view various leagues that they participate in and have the authentication working (of a fashion !!) by doing the following :-
I have a file called auth_login.php which contains the following ...
| Code: | <?php
if (( isset($_GET['action']) ) AND ( ! strcmp($_GET['action'],"login") ))
{
$show_login = true;
} else {
$show_login = false;
}
require_once "auth_config.php";
if ( $a->checkAuth() )
{
if ($_GET['action'] == "logout")
{
$a->logout();
$a->start();
HTTP::redirect($auth_logged_out_url);
}
}
?> |
I also have a config file called auth_config.php as follows :-
| Code: | <?php
require_once "Auth/Auth.php";
require_once "HTTP.php";
function displayLoginForm($username, $status)
{
$auth_login_url = "auth_login.php";
$temp_form_target = "";
if ( !strcmp(basename($_SERVER['PHP_SELF']),$auth_login_url) )
{
if ( isset($_GET['from']) )
{
$temp_form_target = urldecode($_GET['from']);
} else {
$temp_form_target = "home.php";
}
} else {
$temp_form_target = $_SERVER['REQUEST_URI'];
}
?>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
<javascript as appropriate ...>
</HEAD>
<BODY bgcolor="white" onLoad="setFormFocus()" leftMargin="0" rightMargin="0" topMargin="0" marginwidth="0" marginheight="0">
<FORM name="login_form" method="post" action="<?php print $temp_form_target; ?>" autocomplete="off" onSubmit="return checkForm(this)">
<TABLE border="0" width="100%" cellspacing="5">
<TR height="50">
<TD colspan="5"><IMG height="50" width="1" src="images/empty.gif" border="0"></TD>
</TR>
<TR height="50">
<TD width="100"><IMG height="1" width="100" src="images/empty.gif" border="0"></TD>
<TD width="100" class="s10px">USERNAME :</TD>
<TD width="250" class="s10px"><input type="text" name="username" size="15"></TD>
<TD width="150" class="s24px"><font color="lightgrey">USERNAME</font></TD>
<TD><IMG height="1" width="1" src="images/empty.gif" border="0"></TD>
</TR>
<TR height="50">
<TD width="100"><IMG height="1" width="100" src="images/empty.gif" border="0"></TD>
<TD width="100" class="s10px">PASSWORD :</TD>
<TD width="250" class="s10px"><input type="password" name="password" size="15"></TD>
<TD width="150" class="s24px"><font color="lightgrey">PASSWORD</font></TD>
<TD><IMG height="1" width="1" src="images/empty.gif" border="0"></TD>
</TR>
<TR height="50">
<TD colspan="5"><IMG height="50" width="1" src="images/empty.gif" border="0"></TD>
</TR>
<TR>
<TD width="100"><IMG height="1" width="100" src="images/empty.gif" border="0"></TD>
<TD colspan="3"><input type="submit" value="Login" name="login_submit"></TD>
<TD><IMG height="1" width="1" src="images/empty.gif" border="0"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
$auth_login_url = "auth_login.php";
$auth_logged_out_url = "home.php";
$params = array(
"dsn" => "pgsql://<user>:<password>@localhost/leagueinfo",
"table" => "users",
"usernamecol" => "username",
"passwordcol" => "userpassword"
);
if ( ! isset($show_login) ) { $show_login = true; }
$a = new Auth("DB", $params, "displayLoginForm", $show_login);
$auth_domain = "LBO";
$auth_timeout = 3600;
$a->setSessionName($auth_domain);
$a->setIdle($auth_timeout);
$a->setAdvancedSecurity(); // Requires cookies and javascript to work
$a->start();
#phpinfo();
?> |
Then finally in each page I wrap the existing code in to the following structure ...
| Code: | <?php
require_once "auth_config.php";
if ( ! $a->checkAuth() )
{
$temp_full_redirect_url = $auth_login_url . "?action=login&from=" . urlencode($_SERVER['REQUEST_URI']);
HTTP::redirect($temp_full_redirect_url);
} else {
<page code here ... >
}
?> |
This all certainly appears to work fine but does not let me do authorisations (as opposed to authentications). So, I thought that what I wanted to do was to add in some code that sets some extra data for the authenticated user (i.e. which leagues an authenticated user can view ... rather than the current situation where once successfully authenticated a user can see any league). I was going to do this by using setAuthData() and then referencing the value that I set in the page code using $a->getAuthData() ... but when trying to do this I had some problems and so was wondering if what I am actually doing is creating a new Auth session each time (which presumably would be unnecessary) rather than referencing one that I only ever create once.
I kind of proved this by setting the extra data to be a timestamp and this kept on getting updated rather than remaining as the time set once on login.
Can someone point out to me if what I am doing is correct ??
Also, can someone say where I could set some extra data for an authenticated user so that I could use it time and again as needed (i.e. for authorisation) ??
Cheers,
Darren |
|
| Back to top |
|
 |
darrensunley
Joined: 09 Jan 2007
Posts: 3
|
| Posted: Tue Feb 13, 2007 11:23 am Post subject: Any ideas ?? |
|
|
I have recently upgraded my Auth installation to 1.5.0 in order to take advantage of the new logging facility, and this seems to have helped - a little !!
I have an Auth-protected page that starts with the following ...
| Code: |
require_once "auth_config.php";
if ( ! $a->checkAuth() )
{
$temp_full_redirect_url = $auth_login_url . "?action=login&from=" . urlencode($_SERVER['REQUEST_URI']);
HTTP::redirect($temp_full_redirect_url);
} else {
$temp_login_time = $a->getAuthData('login_time');
$temp_logged_in_user_id = $a->getAuthData('personid');
$temp_logged_in_user_fname = $a->getAuthData('personfname');
|
Then, later in the page it has the following just for me to see whether the call to getAuthData seems to be working as planned (which it doesn't appear to be).
| Code: |
<!-- Logged in at : <?php print $temp_login_time; ?> -->
<!-- Logged in as <?php print $temp_logged_in_user_fname; ?> with id = <?php print $temp_logged_in_user_id; ?> -->
|
The problem is that each time I visit the protected page the logged in time is updated with a later value, implying that it isn't just set the once when I log in. If this is only done once then what I want to do is run a more complex bit of code (but only once at login time) to work out a user's authorisation level.
However, turning on the logging that is now available gives me the following information in
(a) - The login page before submitting my details.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Rendering Login Form.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Unable to locate session storage.
7: AUTH: Auth::login() called.
7: AUTH: Loaded storage container (DB)
6: AUTH: Rendering Login Form.
7: AUTH: Calling loginFunction (displayLoginForm).
|
(b) - The protected page the first time I get to it.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Successful login.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Unable to locate session storage.
7: AUTH: Auth::login() called.
7: AUTH: Loaded storage container (DB)
7: AUTH: Auth_Container_DB::fetchData() called.
7: AUTH: Auth_Container_DB::_connect() called.
7: AUTH: Running SQL against DB: SELECT "personusername", "personpassword", "personid", "personfname" FROM "person" WHERE "personusername" = 'darrensunley'
7: AUTH: Auth_Container::verifyPassword() called.
7: AUTH: Storing additional field: personid
7: AUTH: Storing additional field: personfname
6: AUTH: Successful login.
7: AUTH: Auth::setAuth() called.
|
(c) - The protected page the second time I get to it.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Session OK.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Advanced Security Mode Enabled.
7: AUTH: Generating new Challenge Cookie.
6: AUTH: Session OK.
|
So, my questions would be ...
(1) - Are the messages about "Unable to locate session storage" actually causing problems or are they red herrings ?? If they are causing problems - does anyone know why ??
(2) - Does everything look ok ?? If so, is it the order in which I'm doing things that is causing me problems ??
Any help would be greatly appreciated !!
Cheers,
Darren |
|
| Back to top |
|
|
knesek
Joined: 14 Feb 2007
Posts: 1
|
| Posted: Wed Feb 14, 2007 10:49 pm Post subject: |
|
|
Hi,
I'm by no means php expert, and had the same problem.
I would use setAuthData() and getAuthData() wouldn't work later on.
My problem was that I would redirect afrer setting auth data using header("Location: blabla") before session infomation was commited (Auth uses sessinon to store auth data). Try adding session_commit(); before you redirect or after calling setAuthData(). That helped me, hope it helps you too.
(if any of PHP Auth devs is by chance reading this, please add this info to the
setAuthData end user documents when you have a chance)
Good luck with php authing,
Kreso |
|
| Back to top |
|
|
darrensunley
Joined: 09 Jan 2007
Posts: 3
|
| Posted: Thu Feb 15, 2007 3:08 pm Post subject: Nice try !! |
|
|
Thanks for that.
Unfortunately, I tried that and it seemed to have the side effect that I was getting prompted to authenticate more often !!
I'll keep trying though ....
ps :- If anyone knows where or how we can talk to the developers of Auth then that would be the best thing I guess  |
|
| Back to top |
|
|
mark
Joined: 07 Jan 2007
Posts: 1003
|
| Posted: Sat Feb 24, 2007 2:34 pm Post subject: Re: Nice try !! |
|
|
| darrensunley wrote: | | ps :- If anyone knows where or how we can talk to the developers of Auth then that would be the best thing I guess |
The PEAR general mailing list is always a good place for getting support from the package authors: http://pear.php.net/support/lists.php |
|
| Back to top |
|
|
graywall
Joined: 27 Jun 2007
Posts: 6
|
| Posted: Wed Jun 27, 2007 6:54 pm Post subject: PEAR Auth package saying "Unable to locate session stor |
|
|
Hello Darren
I was wondering if you found the answer to the problem you had back in February with the PEAR Auth package saying "Unable to locate session storage".
I have the same problem and have not found the solution yet.
Graham
| darrensunley wrote: | I have recently upgraded my Auth installation to 1.5.0 in order to take advantage of the new logging facility, and this seems to have helped - a little !!
I have an Auth-protected page that starts with the following ...
| Code: |
require_once "auth_config.php";
if ( ! $a->checkAuth() )
{
$temp_full_redirect_url = $auth_login_url . "?action=login&from=" . urlencode($_SERVER['REQUEST_URI']);
HTTP::redirect($temp_full_redirect_url);
} else {
$temp_login_time = $a->getAuthData('login_time');
$temp_logged_in_user_id = $a->getAuthData('personid');
$temp_logged_in_user_fname = $a->getAuthData('personfname');
|
Then, later in the page it has the following just for me to see whether the call to getAuthData seems to be working as planned (which it doesn't appear to be).
| Code: |
<!-- Logged in at : <?php print $temp_login_time; ?> -->
<!-- Logged in as <?php print $temp_logged_in_user_fname; ?> with id = <?php print $temp_logged_in_user_id; ?> -->
|
The problem is that each time I visit the protected page the logged in time is updated with a later value, implying that it isn't just set the once when I log in. If this is only done once then what I want to do is run a more complex bit of code (but only once at login time) to work out a user's authorisation level.
However, turning on the logging that is now available gives me the following information in
(a) - The login page before submitting my details.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Rendering Login Form.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Unable to locate session storage.
7: AUTH: Auth::login() called.
7: AUTH: Loaded storage container (DB)
6: AUTH: Rendering Login Form.
7: AUTH: Calling loginFunction (displayLoginForm).
|
(b) - The protected page the first time I get to it.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Successful login.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Unable to locate session storage.
7: AUTH: Auth::login() called.
7: AUTH: Loaded storage container (DB)
7: AUTH: Auth_Container_DB::fetchData() called.
7: AUTH: Auth_Container_DB::_connect() called.
7: AUTH: Running SQL against DB: SELECT "personusername", "personpassword", "personid", "personfname" FROM "person" WHERE "personusername" = 'darrensunley'
7: AUTH: Auth_Container::verifyPassword() called.
7: AUTH: Storing additional field: personid
7: AUTH: Storing additional field: personfname
6: AUTH: Successful login.
7: AUTH: Auth::setAuth() called.
|
(c) - The protected page the second time I get to it.
| Code: |
PEAR_LOG_INFO level messages:
6: AUTH: Session OK.
PEAR_LOG_DEBUG level messages:
7: AUTH: Auth::start() called.
7: AUTH: Auth::assignData() called.
7: AUTH: Auth::checkAuth() called.
7: AUTH: Advanced Security Mode Enabled.
7: AUTH: Generating new Challenge Cookie.
6: AUTH: Session OK.
|
So, my questions would be ...
(1) - Are the messages about "Unable to locate session storage" actually causing problems or are they red herrings ?? If they are causing problems - does anyone know why ??
(2) - Does everything look ok ?? If so, is it the order in which I'm doing things that is causing me problems ??
Any help would be greatly appreciated !!
Cheers,
Darren |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
