Failing to retain login with PEAR Auth package
Posted: Sun Mar 27, 2011 7:57 am
Hi all!
I am currently trying to get the PEAR Auth package running for my site. I started with attempting to just test the package on a stand-alone basis, without incorporating it into the site proper. I adapted the example provided with the package and ran it on my local XAMPP installation. I have attached the complete code of my test file (index.php).
I am succeeding at calling the login form, logging in, and showing the screen confirming the login. I am testing whether a valid login exists using "if ($a->getAuth())". When I reload the index page after a successful login, however, I am thrown back to the Log in page (thus, getAuth() returning false). Instead, I would expect the script to recognize a valid login and still show the same output as before.
I also noticed that between states, the content of the session file is always the following: "_authsession|a:0:{}". Could anything be going wrong there? What content should the session file have anyway?
I have not been able to track down my mistake(s) so far. Can anyone help?
TIA
codejak
For those who might go through the trouble of testing this, here's the MySQL script for generating the database and a user [text]dude:dude[/text]:
[text]CREATE TABLE `auth` (
`username` varchar(50) NOT NULL DEFAULT '',
`password` varchar(32) NOT NULL DEFAULT '',
PRIMARY KEY (`username`),
KEY `password` (`password`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `auth` (`username`, `password`) VALUES
('dude', '13b73edae8443990be1aa8f1a483bc27');[/text]
I am currently trying to get the PEAR Auth package running for my site. I started with attempting to just test the package on a stand-alone basis, without incorporating it into the site proper. I adapted the example provided with the package and ran it on my local XAMPP installation. I have attached the complete code of my test file (index.php).
I am succeeding at calling the login form, logging in, and showing the screen confirming the login. I am testing whether a valid login exists using "if ($a->getAuth())". When I reload the index page after a successful login, however, I am thrown back to the Log in page (thus, getAuth() returning false). Instead, I would expect the script to recognize a valid login and still show the same output as before.
I also noticed that between states, the content of the session file is always the following: "_authsession|a:0:{}". Could anything be going wrong there? What content should the session file have anyway?
I have not been able to track down my mistake(s) so far. Can anyone help?
TIA
codejak
Code: Select all
<?php
session_start();
require_once "Auth.php";
// ini_set('session.use_trans_sid', 1);
// Takes three arguments: last attempted username, the authorization
// status, and the Auth object.
// We won't use them in this simple demonstration -- but you can use them
// to do neat things.
function loginFunction($username = null, $status = null, &$auth = null)
{
/*
* Change the HTML output so that it fits to your
* application.
*/
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
echo "<label for=\"username\">User</label>";
echo "<input type=\"text\" name=\"username\">";
echo "<label for=\"password\">Password</label>";
echo "<input type=\"password\" name=\"password\">";
echo "<input type=\"submit\">";
echo "</form>";
}
if ( isset($_GET['logstep']) && $_GET['logstep'] == "login" ) {
$optional = true;
} else {
$optional = false;
}
$options = array(
'dsn' => "mysql://auth:auth@localhost/auth",
);
$a = new Auth("DB", $options, "loginFunction", $optional);
$a->start();
if ( isset($_GET['logstep']) && $_GET['logstep'] == "logout" )
{
$a->logout();
}
if ($a->getAuth())
{
echo "Welcome to the site!";
echo "<p>Session ID: ".session_id()."</p>";
echo "<p><a href=\"".$_SERVER['PHP_SELF']."\">Reload this page</a></p>";
echo "<p><a href=\"".$_SERVER['PHP_SELF']."?logstep=logout\">Log out</a></p>";
} else
{
echo "<p><a href=\"".$_SERVER['PHP_SELF']."?logstep=login\">Log in</a></p>";
echo "<p>Session ID: ".session_id()."</p>";
}
?>
[text]CREATE TABLE `auth` (
`username` varchar(50) NOT NULL DEFAULT '',
`password` varchar(32) NOT NULL DEFAULT '',
PRIMARY KEY (`username`),
KEY `password` (`password`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `auth` (`username`, `password`) VALUES
('dude', '13b73edae8443990be1aa8f1a483bc27');[/text]