Single page session auth

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
BassPlayer
Forum Newbie
Posts: 12
Joined: Sun Aug 24, 2003 10:18 pm

Single page session auth

Post by BassPlayer »

Hello,

I currently have a script that uses cookies to auth people by db upon every page load. Sounds bad but it was my first auth scheme and it seems to work. I want to move to sessions. My requirements are:

The auth process should be in a fuction for easy calling

Since there is no single entry point to the my system, no other scripts should be required

The three modes of operation I want are: no auth, authed, auth with the session saved in a cookie.

That being said I have cobbled something together for you to tear apart. I'm not sure if this is the right way to go about it but what the heck, here goes:

Code: Select all

<?php

include 'libroster.php';

if (empty($_SESSION&#1111;'auth']) && !isset($_POST&#1111;'auth']) && empty($_COOKIE&#1111;'ROSTERSID'])) &#123;

    $options&#1111;'script'] = "session_test.php";
    $options&#1111;'method'] = "post";
    $options&#1111;'show_email_password_form'] = "yes";
    $options&#1111;'show_email_password_name_field'] = "yes";
    $options&#1111;'email_password_script'] = "user_edit.php";
    $options&#1111;'email_password_op'] = "emailpassword";
    $options&#1111;'sort'] = "";
    $options&#1111;'search'] = "";
    $options&#1111;'return'] = "$roster_config&#1111;roster_url]/session_test.php";
    $options&#1111;'op'] = "";
    $options&#1111;'key'] = "";
    $options&#1111;'username'] = "";
    print_login_form($roster_config, $options);

&#125; elseif (empty($_SESSION&#1111;'auth']) && isset($_POST&#1111;'auth']) && $_POST&#1111;'auth'] == "no" && empty($_COOKIE&#1111;'ROSTERSID'])) &#123;

    connect_db ($roster_config);
    $query = "SELECT * FROM personel WHERE name = '$_POST&#1111;name]'";
    $result = mysql_query($query);
    $return_val = "0";
    $row = mysql_fetch_array($result);
    if ($row&#1111;'password'] == $_POST&#1111;'password'] and $row&#1111;'name'] == $_POST&#1111;'name']) &#123;
        session_start();
        $_SESSION&#1111;'auth'] = "yes";
        $_SESSION&#1111;'name'] = $row&#1111;'name'];
        $_SESSION&#1111;'level'] = $row&#1111;'accesslevel'];
        $sid=session_id();
        if (isset($_POST&#1111;'remember']) && $_POST&#1111;'remember'] == "on") &#123;
            $update = "UPDATE personel SET sid = '$sid' WHERE name = '$_POST&#1111;name]'";
            mysql_query($update);
            $sid=session_id();
            setcookie("ROSTERSID", $sid);
        &#125;

    &#125;

&#125; elseif (empty($_SESSION&#1111;'auth']) && !empty($_COOKIE&#1111;'ROSTERSID'])) &#123;

    connect_db ($roster_config);
    $sql="SELECT * FROM personel WHERE sid = '$_COOKIE&#1111;ROSTERSID]'";
    $result=mysql_query($sql) or die ('<h3>Error:</h3>'.mysql_error());
    if ($row=mysql_fetch_assoc($result)) &#123;
        session_id($_COOKIE&#1111;'ROSTERSID']);
        session_start();
        echo "Welcome back $_SESSION&#1111;name]<br>";
    &#125;

&#125;
?>
Any help would be appreciated.

Thanks
BP
BassPlayer
Forum Newbie
Posts: 12
Joined: Sun Aug 24, 2003 10:18 pm

Post by BassPlayer »

Wow, not even an "it sucks". mmm
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

I have something just like that somewhere stored away...
BassPlayer wrote:Wow, not even an "it sucks". mmm
...but that comment (made the same day posting the original message) made me think that you were in such a hurry, that you probably allready found the solution elsewhere.
BassPlayer
Forum Newbie
Posts: 12
Joined: Sun Aug 24, 2003 10:18 pm

Post by BassPlayer »

I just figured someone would let me know if I've made any glaring mistakes. There must not be any, which I doubt, or people were not interested gong through yest more code. No worries. I'll implement it in my existing system, see what happens and post back how it works out.
Post Reply