?
Solved

PHPLIB auth.

Posted on 2000-01-27
13
Medium Priority
?
414 Views
Last Modified: 2012-06-27
IM just getting started with phplib and have created a simple code like below.

<?php
page_open(
      array("sess"=>"CS_Session",
      "auth"=>"Example_Auth",
      "perm"=>"Example_Perm"));
$perm->check("admin");

echo "inloggad";

// $auth= unauth($nobody=false);
// $auth = logout();

page_close();
?>

I get the user/pass dialog, and if i enter an user that doesnt have admin i get the

Permission denied
Your session 344e8c2385b4106154faaaf5c07f0abd has been authenticated with a user id of 6943ed4b9358bd176277c5212e3d43bb and a user name of j2.
To access this page, the following permissions are required: admin.
I won't let you access this page, because you have these permissions: .

However, from this point on, reloading the page gives me the above dialog, i am never asked to re-auth.  (running IE5, set to "check page on every load")

1. How do i return to the login screen if the above happens?

2. How do i log a user out? Neither $auth= unauth($nobody=false); or  $auth = logout(); Seems to work.

(yes, i know they are commented out in the above code, im trying to fix the auth dialog thing first)

0
Comment
Question by:j2
  • 7
  • 6
13 Comments
 
LVL 2

Expert Comment

by:maxkir
ID: 2392794
There is "exit()' call in
$perm->check("admin");
function.
To logout user when he don't have permissions, try the following code:

class Example_Perm{

  // a lot of stuff ...
 
  function perm_invalid($does_have, $must_have) {
    global $auth;
    $auth->logout();
    printf("Access denied.\n");
  }

};

Hope, this helps.
0
 
LVL 12

Author Comment

by:j2
ID: 2393072
how do i implement your example?
0
 
LVL 2

Expert Comment

by:maxkir
ID: 2393137
Edit your local.inc file and find definition of your Example_Perm class
(I take name of class from your line
page_open(
                   array("sess"=>"CS_Session",
                   "auth"=>"Example_Auth",
                   "perm"=>"Example_Perm"));

Then just add function I suggested to it's definition (it will override default function)
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
LVL 12

Author Comment

by:j2
ID: 2393981
No difference, i am still not given a chance to "revalidate".
0
 
LVL 12

Author Comment

by:j2
ID: 2394028
Ok, So, is there any way to atleast put a "re-logon" link/button on the "access denied" page then? :)
0
 
LVL 2

Expert Comment

by:maxkir
ID: 2394283
What was the result of inserting this function to Example_Perm class ?
function perm_invalid($does_have, $must_have) {
                   
                    $GLOBALS["auth"]->logout();
                     Header("Location: /");
                     printf("Access denied.\n");
}

What about the "logout" link, I use something like that for my logout.php3:
<?
    page_open(....);
    $auth->logout();
    Header("Location: /");

    page_close();
?>
0
 
LVL 12

Author Comment

by:j2
ID: 2394394
"What was the result of inserting this function to Example_Perm class ?"

No change whatsoever.

"What about the "logout" link, I use something like that for my logout.php3:"

Whats the easiest way to link that to the access denied entry?
0
 
LVL 2

Expert Comment

by:maxkir
ID: 2395792
"No change whatsoever. "
You mean that wrong permission message was the same as in your first original message ? Then something wrong, because you must simply get
"Access denied" message. Make sure there is only one function perm_invalid
in your Example_Perm class, so you replaced original version with mine one.

To insert link to this page (if you use my function) use the following code:

function perm_invalid($does_have, $must_have) {
    $GLOBALS["auth"]->logout();
    Header("Location: /login.php3");
    printf("Access denied. Please <A HREF='/logout.php3'>relogin</A>\n");
}
0
 
LVL 12

Author Comment

by:j2
ID: 2428201
I got this from a person on the phplib mailinglist. Does it make any sense?

i have found that msie 5.01 won't stop caching things when it gets both
  content-control: no-cache
and
  pragma: no-cache
so i changed session.inc by commenting out the pragma: line... msie 5.01
seems to have responded well to that.  havn't had a chance to test it in
msie 4 or below yet.  

regarding your question #1, i quit using $perm->check() and went to my own
code in each page, using have_perm()... this allows me to generate a login
form and display a nicer message related to the page they're accessing.  

for logging out, i'm using $auth->login_if($again);  i seem to recall
something on here about not using that exact construct, but i probably
hacked the actual phplib code to get around that as i made several changes
to the phplib code to adjust the login system...

0
 
LVL 2

Expert Comment

by:maxkir
ID: 2460544
Well, your problem is solved ?
0
 
LVL 12

Author Comment

by:j2
ID: 2460866
I am not sure yet. I am on a buisness trip and have not had a chance to test it , just thought i would share what i have learned. However, if this should be the answer, the points are still yours, since you have given me a better insight in how the auth mechanism works.

Cheers.
0
 
LVL 2

Accepted Solution

by:
maxkir earned 400 total points
ID: 2462042
I suggested not to replace have_perm function, but perm_invalid().
The code for check() function is as follows:

  function check($p) {
    global $auth;

    if (! $this->have_perm($p)) {
      if (! isset($auth->auth["perm"]) ) {
        $auth->auth["perm"] = "";
      }
      $this->perm_invalid($auth->auth["perm"], $p);
      exit();
    }
  }

  So, it calls perm_invalid function on failure. What I suggested:
 replace code of perm_invalid() and make all necessary stuff like user logout and/or inserting logout link there.

What about login_if() function - I haven't understood that you're using authentication with "guest" feature. In this case, calling login_if() function is
the correct way to force user to login again.
0
 
LVL 12

Author Comment

by:j2
ID: 2483427
The cache problem seem to have been the major issue.. Now when i get a "permission denied" i can use the logout link and get a new "login dialog" However, your code has been very helpful, so here are the points.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question