User Friendly Admin

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Each page/script/task calls my Init function... Here is a piece from that function:

Code: Select all

// continue with existing session, or start a new one
    if (!isset($_SESSION)) {
        if (isset($session_name)) {
            session_name($session_name); // set the session name
        }
        session_start(); // open/reopen session
    } 
    
    // check if user is logged in
    $task_id = basename($_SERVER['PHP_SELF']);
    
    if (!in_array($task_id, array('cms_logon.php', 'help.php')) && (!isset($_SESSION['user_id']) || !isset($_SESSION['role_id'])))
    {
		  redirect('cms_logon.php');
    }
	  
   // check if user has authorization to access this task
   require_once('classes/cms_role_task_xref.class.inc');
   $rbac = new cms_role_task_xref;

   if (!in_array($task_id, array('cms_logon.php', 'help.php')) && (!isset($_SESSION['allowed'][$task_id]) || $_SESSION['allowed'][$task_id] != 'y'))
   {
      $role_id = $_SESSION['role_id'];
      $data = $rbac->getData("task_id='$task_id' AND role_id='$role_id'");
      if (count($data) <= 0)
      {
        redirect('cms_logon.php');
      }
      else
      {
        $_SESSION['allowed'][$task_id] = 'y';
      }
   }
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

So would that be using cookies?

I thought about doing cookies but that would mean creating a whole Session setup. I would do it if it was worth it, however the excess security would be pointless. Simple = good. HTTP Auth = simple = good. However; HTTP Auth that does not allow more then one page to be authenticated != good.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

My setup requires sessions.. (So that would imply cookies)

Another issue with HTTP auth is that you can't log out without closing your browser window.
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

My main concern is just to provide a basic login for this part of the web. I have another section that I may do cookies for but I really rather do HTTP and just try to fix what I have.
Post Reply