Solved

Store user name and login?

Posted on 2000-03-17
18
163 Views
Last Modified: 2010-03-05
I want my users to be able to login and when they are successful they are led to a screen where they can select different options.  When they select one of these options they will all go to a script but how can the script know who is clicking the link?
0
Comment
Question by:treyjeff
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 30 total points
ID: 2630017
you can use a hidden from variable to do that.
However, you will have to submit the form (via a post or get) to keep track of the username.

the better alternative would be to set a cookie with the username to track the users journey through your site.

0
 
LVL 1

Author Comment

by:treyjeff
ID: 2630552
So if someone doesn't have cookies enabled, what then should I do?
0
 

Expert Comment

by:srollins
ID: 2630602
The Apache web server uses .htaccess files and htpasswd to create user/password data. You might try to read up on these. Once a user is logged in, you can access their login via an environment variable called ENV{REMOTE_USER}. The way it works is, you put the .htaccess file in the directory you want protected. When a web client tries to access this directory, he is forced to enter a password. This authentication is remembered for the duration of the browser session.
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2631268
So htaccess will store their login and password in ENV{REMOTE_USER} for the entire visit?  How would I do something like if entered_password = passwordinfile then

?
0
 

Expert Comment

by:srollins
ID: 2634152
Once the ENV{REMOTE_USER} is read in, it can then be stored along with the options that are selected in a database. The script can then query the database for ENV{REMOTE_USER} to get the options that were entered. Example:
1. Get UserID via htaccess into ENV{REMOTE_USER} then open page to get options. Then 'insert ENV{REMOTE_USER},options into table'. 2. The script uses 'select options from table where userid='ENV{REMOTE_USER}'.
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2634450
Because what I want to do is this:

1)User logs in
2)User gets to a page which is "their" page.  This page has some things customized like their name which is stored in a database.  I query the db based on their login and password.
3)Links on the side lead to other options that will be personalized based on the user info.

So it can be passed?  Like how can I insert ENV{REMOTE_USER} into variable?  Can both login and password be extracted?
0
 
LVL 1

Expert Comment

by:klamerus
ID: 2634668
ENV{REMOTE_USER} has neither username or password, it has their login, in their environment, but that may not be the same as YOUR login.  Either way, it does not include a password.

The best you can do is to save this information (perhaps when they do the YOUR login) into a file or DB and use the ENV{REMOTE_USER} as a lookup value.
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2636120
So cookies it is! :)  Is it not possible to store more than one piece of information in a cookie?  We were only taught one thing (like one cookie for login, one for password, one for color option).
0
 
LVL 1

Expert Comment

by:klamerus
ID: 2638652
You can use several cookies OR store the username and password in a single cookie (just put them together).  Cookies can be "arrays" of values.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 84

Expert Comment

by:ozo
ID: 2638661
Or have the cookie, (or hidden variable, or $ENV{REMOTE_USER}) point to a record stored in a database on your server.
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2639747
Here was my plan, to have them login on the main screen and if it matches a login/pasword combination in the database then it would store a cookie.  For these links, I would have them reference the cookies.  Sound pretty normal or no?
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2639749
Also, I'd use the remote user but I have no idea what the code for something like that would be.
0
 
LVL 1

Expert Comment

by:klamerus
ID: 2639933
Your approach should work out fine.
0
 

Expert Comment

by:srollins
ID: 2640342
klamerus, when i use htaccess the username that i enter in the little dialog box gets stored in the ENV{REMOTE_USER} and that authentication lasts the entire session. This username is used to store user variables in my servers database.  I'm not sure what you mean when you say:

 "ENV{REMOTE_USER} has neither username or password, it has their login, in their environment, but that may not be the same as YOUR login"

I tested this on a large intranet application. I can log in as any other user if I have their password and it sets ENV{REMOTE_USER} to whoever i log in as.

0
 

Expert Comment

by:srollins
ID: 2640359
This is all done without cookies.
0
 
LVL 1

Author Comment

by:treyjeff
ID: 2640360
What does that store then guys?  Does it only store the login information (username)?
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2640392
a suggestion, based on professional exp, NEVER store any direct user info on a cookie (encrypted or not). This direct user info includes username/password, user id or ANYTHING using which one can gain access to that users profile/info.

it should always be a combination of cookie value & some matching value on the server that should be the key to allowing the user to unlock access to his/her pages.

Even then encrypt the cookie. you can use the encrypt function in PERL to get a basic encryption.

my .02 cents
0
 

Expert Comment

by:srollins
ID: 2640482
treyjeff,
The ENV{REMOTE_USER} only stores the ID that the user loggs in with. The password is stored on your server in either a flat file or dbm file, whichever you choose.

You can use these Perl modules to add, change, delete users, or allow them to change their password.

HTTPD::UserAdmin
HTTPD::Authen()

Another feature of this is that it allows the browser to remember his password the next time he tries to log in to a new session. This is not very secure but is convenient because the user only has to press OKAY. I guess it's as secure as cookies. If you leave your station unattended and someone else uses your browser to access your personalized site, they are doing it as you.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now