Authenticating

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Bonzol
Forum Newbie
Posts: 10
Joined: Mon Mar 20, 2006 8:44 pm

Authenticating

Post by Bonzol »

I have the code

validation page

Code: Select all

if('bob' == $_POST['user_name'] and 'milk' == $_POST['password']) 
{   
    header('Location: authenticated.php');  
} 
elseif('larry' == $_POST['user_name'] and 'juice' == $_POST['password']) 
{ 
  header('Location: http://forums.devnetwork.net'); 
}
exit;
Authentication page

Code: Select all

<?php 
session_start(); 
$_SESSION['authenticated'] = TRUE;
    header('Location: site.php');
?>
final site

Code: Select all

<?php 
if(!$_SESSION['authenticated']) 
{ 
    header('Location: http://www.telstra.com'); 
} 
else
{ 
    header('Location: http://www.google.com.au'); 
}

?>
Now,

All I want to do is make sure that the 'final site' functions cannot be access unless the user is authenticated, everything else works fine, except that the final site always thinks that the user is not authenticated. I know I'm not passing something correctly or something, can someone just give me a quick helping hand. When that page is access even with the correct login the end result will always link to 'http://www.telstra.com' instead of http://www.google.com.au, as I have put these links in for testing, just to see if it works. the correct result should link to google

thanx, a quick response would be most appreciated

thanx in advanced
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

try?

Code: Select all

<?php
session_start
if(!$_SESSION['authenticated']) 
{ 
    header('Location: http://www.telstra.com'); 
} 
else
{ 
    header('Location: http://www.google.com.au'); 
}

?>
also putting

Code: Select all

error_reporting('E_ALL')
may show a problem
Bonzol
Forum Newbie
Posts: 10
Joined: Mon Mar 20, 2006 8:44 pm

Post by Bonzol »

sweet, I think that worked


Can you please explain to me why moving the session start there made it work? what is the purpose of starting a session

thanx heaps
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

ahem

Code: Select all

error_reporting(E_ALL);
;)

As for Bonzol's problem, redirection with starting sessions can backfire (the session may not be created) due to a shortcircuit that happens with the redirection.

So long as the session is created prior to the redirection page it will be fine, but if it's not, session_write_close() should be used.

Remember to use full URL's 100% of the time with a redirection. Relative redirection is non-standard and will cause problems for clients that do not support anything but the standards.
Bonzol
Forum Newbie
Posts: 10
Joined: Mon Mar 20, 2006 8:44 pm

Post by Bonzol »

sweet, thanx guys

one last quick question,,

once someone has been authenticated,, how do I make it time out,, say after 10 mins, so after they time out they then have to log in again?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The artificial way is to store a last call variable in the session. Calculate the difference between that time and the when the script is called. When it happens, I trash the session, regenerate their ID and send them to the login screen.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Did anyone notice that you can be authenticated with the code above WITHOUT signing in, just by going to authenticated.php.
(#10850)
Bonzol
Forum Newbie
Posts: 10
Joined: Mon Mar 20, 2006 8:44 pm

Post by Bonzol »

is there anyway to fix that? I was assuming maybe It would be put in a secure folder on the webserver
Post Reply