PHPLIB auth.

IM just getting started with phplib and have created a simple code like below.

<?php
page_open(
      array("sess"=>"CS_Session",
      "auth"=>"Example_Auth",
      "perm"=>"Example_Perm"));
$perm->check("admin");

echo "inloggad";

// $auth= unauth($nobody=false);
// $auth = logout();

page_close();
?>

I get the user/pass dialog, and if i enter an user that doesnt have admin i get the

Permission denied
Your session 344e8c2385b4106154faaaf5c07f0abd has been authenticated with a user id of 6943ed4b9358bd176277c5212e3d43bb and a user name of j2.
To access this page, the following permissions are required: admin.
I won't let you access this page, because you have these permissions: .

However, from this point on, reloading the page gives me the above dialog, i am never asked to re-auth.  (running IE5, set to "check page on every load")

1. How do i return to the login screen if the above happens?

2. How do i log a user out? Neither $auth= unauth($nobody=false); or  $auth = logout(); Seems to work.

(yes, i know they are commented out in the above code, im trying to fix the auth dialog thing first)

LVL 12
j2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

maxkirCommented:
There is "exit()' call in
$perm->check("admin");
function.
To logout user when he don't have permissions, try the following code:

class Example_Perm{

  // a lot of stuff ...
 
  function perm_invalid($does_have, $must_have) {
    global $auth;
    $auth->logout();
    printf("Access denied.\n");
  }

};

Hope, this helps.
0
j2Author Commented:
how do i implement your example?
0
maxkirCommented:
Edit your local.inc file and find definition of your Example_Perm class
(I take name of class from your line
page_open(
                   array("sess"=>"CS_Session",
                   "auth"=>"Example_Auth",
                   "perm"=>"Example_Perm"));

Then just add function I suggested to it's definition (it will override default function)
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

j2Author Commented:
No difference, i am still not given a chance to "revalidate".
0
j2Author Commented:
Ok, So, is there any way to atleast put a "re-logon" link/button on the "access denied" page then? :)
0
maxkirCommented:
What was the result of inserting this function to Example_Perm class ?
function perm_invalid($does_have, $must_have) {
                   
                    $GLOBALS["auth"]->logout();
                     Header("Location: /");
                     printf("Access denied.\n");
}

What about the "logout" link, I use something like that for my logout.php3:
<?
    page_open(....);
    $auth->logout();
    Header("Location: /");

    page_close();
?>
0
j2Author Commented:
"What was the result of inserting this function to Example_Perm class ?"

No change whatsoever.

"What about the "logout" link, I use something like that for my logout.php3:"

Whats the easiest way to link that to the access denied entry?
0
maxkirCommented:
"No change whatsoever. "
You mean that wrong permission message was the same as in your first original message ? Then something wrong, because you must simply get
"Access denied" message. Make sure there is only one function perm_invalid
in your Example_Perm class, so you replaced original version with mine one.

To insert link to this page (if you use my function) use the following code:

function perm_invalid($does_have, $must_have) {
    $GLOBALS["auth"]->logout();
    Header("Location: /login.php3");
    printf("Access denied. Please <A HREF='/logout.php3'>relogin</A>\n");
}
0
j2Author Commented:
I got this from a person on the phplib mailinglist. Does it make any sense?

i have found that msie 5.01 won't stop caching things when it gets both
  content-control: no-cache
and
  pragma: no-cache
so i changed session.inc by commenting out the pragma: line... msie 5.01
seems to have responded well to that.  havn't had a chance to test it in
msie 4 or below yet.  

regarding your question #1, i quit using $perm->check() and went to my own
code in each page, using have_perm()... this allows me to generate a login
form and display a nicer message related to the page they're accessing.  

for logging out, i'm using $auth->login_if($again);  i seem to recall
something on here about not using that exact construct, but i probably
hacked the actual phplib code to get around that as i made several changes
to the phplib code to adjust the login system...

0
maxkirCommented:
Well, your problem is solved ?
0
j2Author Commented:
I am not sure yet. I am on a buisness trip and have not had a chance to test it , just thought i would share what i have learned. However, if this should be the answer, the points are still yours, since you have given me a better insight in how the auth mechanism works.

Cheers.
0
maxkirCommented:
I suggested not to replace have_perm function, but perm_invalid().
The code for check() function is as follows:

  function check($p) {
    global $auth;

    if (! $this->have_perm($p)) {
      if (! isset($auth->auth["perm"]) ) {
        $auth->auth["perm"] = "";
      }
      $this->perm_invalid($auth->auth["perm"], $p);
      exit();
    }
  }

  So, it calls perm_invalid function on failure. What I suggested:
 replace code of perm_invalid() and make all necessary stuff like user logout and/or inserting logout link there.

What about login_if() function - I haven't understood that you're using authentication with "guest" feature. In this case, calling login_if() function is
the correct way to force user to login again.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
j2Author Commented:
The cache problem seem to have been the major issue.. Now when i get a "permission denied" i can use the logout link and get a new "login dialog" However, your code has been very helpful, so here are the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.