Hi,
I am trying to write a app that will control user access to a intranet site. The site is written in PHP and perl and resides on a Apache Webserver.
Right, the app will extract the users unique information (DN) from the users PKI certificate, check against a text file for the users name. If they appear then they have access.
Firstly the site has a lot of PHP pages. I would like to verify only once that the user has access and they would then have access to all pages of the site. Is this possible as I do not want to check each each time a user accesses a different page? If so how?
Thanks
PHP Authentication Query
Moderator: General Moderators
Re: PHP Authentication Query
Use session. Still you have to check on each page that user have the access (e.g. for the specific session variable), because user can type directly the URL of any page... You can do this however in a file, which is included by all pages, so the code will be in only one place.
Re: PHP Authentication Query
Ok thanks for that. One last query. If I include the php script to validate users on each PHP page, the statement will be something like this:
<?php
include("validateUser.php");
?>
...
Within the validateUser.php script, if the users fails or passess authentication, how will it continue? (apologies if this seems a bit basic but trying to get my head around how this should work)? I mean, would the script be like 'If User Ok then continue else go to error page?
I would have thought the PHP pages would have to change to have some validation within them?
e.g.
If validateUser.php == false then error
else
display php page contents
Thanks
<?php
include("validateUser.php");
?>
...
Within the validateUser.php script, if the users fails or passess authentication, how will it continue? (apologies if this seems a bit basic but trying to get my head around how this should work)? I mean, would the script be like 'If User Ok then continue else go to error page?
I would have thought the PHP pages would have to change to have some validation within them?
e.g.
If validateUser.php == false then error
else
display php page contents
Thanks
Re: PHP Authentication Query
if validation fails:
Code: Select all
header('Location: /login.php'); // redirect user
exit; // stop execution of the scriptRe: PHP Authentication Query
Header redirects should contain absolute urls, not relative.Darhazer wrote:if validation fails:Code: Select all
header('Location: /login.php'); // redirect user exit; // stop execution of the script
Re: PHP Authentication Query
Thanks all.
Script has been completed. Will post when I have time.
Uggers
Script has been completed. Will post when I have time.
Uggers