I currently have a script that uses cookies to auth people by db upon every page load. Sounds bad but it was my first auth scheme and it seems to work. I want to move to sessions. My requirements are:
The auth process should be in a fuction for easy calling
Since there is no single entry point to the my system, no other scripts should be required
The three modes of operation I want are: no auth, authed, auth with the session saved in a cookie.
That being said I have cobbled something together for you to tear apart. I'm not sure if this is the right way to go about it but what the heck, here goes:
Code: Select all
<?php
include 'libroster.php';
if (empty($_SESSIONї'auth']) && !isset($_POSTї'auth']) && empty($_COOKIEї'ROSTERSID'])) {
$optionsї'script'] = "session_test.php";
$optionsї'method'] = "post";
$optionsї'show_email_password_form'] = "yes";
$optionsї'show_email_password_name_field'] = "yes";
$optionsї'email_password_script'] = "user_edit.php";
$optionsї'email_password_op'] = "emailpassword";
$optionsї'sort'] = "";
$optionsї'search'] = "";
$optionsї'return'] = "$roster_configїroster_url]/session_test.php";
$optionsї'op'] = "";
$optionsї'key'] = "";
$optionsї'username'] = "";
print_login_form($roster_config, $options);
} elseif (empty($_SESSIONї'auth']) && isset($_POSTї'auth']) && $_POSTї'auth'] == "no" && empty($_COOKIEї'ROSTERSID'])) {
connect_db ($roster_config);
$query = "SELECT * FROM personel WHERE name = '$_POSTїname]'";
$result = mysql_query($query);
$return_val = "0";
$row = mysql_fetch_array($result);
if ($rowї'password'] == $_POSTї'password'] and $rowї'name'] == $_POSTї'name']) {
session_start();
$_SESSIONї'auth'] = "yes";
$_SESSIONї'name'] = $rowї'name'];
$_SESSIONї'level'] = $rowї'accesslevel'];
$sid=session_id();
if (isset($_POSTї'remember']) && $_POSTї'remember'] == "on") {
$update = "UPDATE personel SET sid = '$sid' WHERE name = '$_POSTїname]'";
mysql_query($update);
$sid=session_id();
setcookie("ROSTERSID", $sid);
}
}
} elseif (empty($_SESSIONї'auth']) && !empty($_COOKIEї'ROSTERSID'])) {
connect_db ($roster_config);
$sql="SELECT * FROM personel WHERE sid = '$_COOKIEїROSTERSID]'";
$result=mysql_query($sql) or die ('<h3>Error:</h3>'.mysql_error());
if ($row=mysql_fetch_assoc($result)) {
session_id($_COOKIEї'ROSTERSID']);
session_start();
echo "Welcome back $_SESSIONїname]<br>";
}
}
?>Thanks
BP