Page 1 of 1

Failing to retain login with PEAR Auth package

Posted: Sun Mar 27, 2011 7:57 am
by codejak
Hi all!

I am currently trying to get the PEAR Auth package running for my site. I started with attempting to just test the package on a stand-alone basis, without incorporating it into the site proper. I adapted the example provided with the package and ran it on my local XAMPP installation. I have attached the complete code of my test file (index.php).

I am succeeding at calling the login form, logging in, and showing the screen confirming the login. I am testing whether a valid login exists using "if ($a->getAuth())". When I reload the index page after a successful login, however, I am thrown back to the Log in page (thus, getAuth() returning false). Instead, I would expect the script to recognize a valid login and still show the same output as before.

I also noticed that between states, the content of the session file is always the following: "_authsession|a:0:{}". Could anything be going wrong there? What content should the session file have anyway?

I have not been able to track down my mistake(s) so far. Can anyone help?

TIA

codejak

Code: Select all

<?php

session_start();

require_once "Auth.php";
// ini_set('session.use_trans_sid', 1);

// Takes three arguments: last attempted username, the authorization
// status, and the Auth object. 
// We won't use them in this simple demonstration -- but you can use them
// to do neat things.
function loginFunction($username = null, $status = null, &$auth = null)
{
    /*
     * Change the HTML output so that it fits to your
     * application.
     */
    echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
    echo "<label for=\"username\">User</label>";
    echo "<input type=\"text\" name=\"username\">";
    echo "<label for=\"password\">Password</label>";
    echo "<input type=\"password\" name=\"password\">";
    echo "<input type=\"submit\">";
    echo "</form>";
}

if ( isset($_GET['logstep']) && $_GET['logstep'] == "login" ) {
     $optional = true;
} else {
     $optional = false;
}

$options = array(
    'dsn' => "mysql://auth:auth@localhost/auth",
  );
$a = new Auth("DB", $options, "loginFunction", $optional);
$a->start();

if ( isset($_GET['logstep']) && $_GET['logstep'] == "logout" ) 
{
    $a->logout();
}

if ($a->getAuth()) 
{
    echo "Welcome to the site!";
    
    echo "<p>Session ID: ".session_id()."</p>";
    
    echo "<p><a href=\"".$_SERVER['PHP_SELF']."\">Reload this page</a></p>";
    echo "<p><a href=\"".$_SERVER['PHP_SELF']."?logstep=logout\">Log out</a></p>";
} else 
{
    echo "<p><a href=\"".$_SERVER['PHP_SELF']."?logstep=login\">Log in</a></p>";
    echo "<p>Session ID: ".session_id()."</p>";
}
?>

For those who might go through the trouble of testing this, here's the MySQL script for generating the database and a user [text]dude:dude[/text]:

[text]CREATE TABLE `auth` (
`username` varchar(50) NOT NULL DEFAULT '',
`password` varchar(32) NOT NULL DEFAULT '',
PRIMARY KEY (`username`),
KEY `password` (`password`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

INSERT INTO `auth` (`username`, `password`) VALUES
('dude', '13b73edae8443990be1aa8f1a483bc27');[/text]