PHP Authentication Query

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
uggers2k
Forum Newbie
Posts: 5
Joined: Sat Aug 29, 2009 7:12 am

PHP Authentication Query

Post by uggers2k »

Hi,

I am trying to write a app that will control user access to a intranet site. The site is written in PHP and perl and resides on a Apache Webserver.

Right, the app will extract the users unique information (DN) from the users PKI certificate, check against a text file for the users name. If they appear then they have access.

Firstly the site has a lot of PHP pages. I would like to verify only once that the user has access and they would then have access to all pages of the site. Is this possible as I do not want to check each each time a user accesses a different page? If so how?

Thanks
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: PHP Authentication Query

Post by Darhazer »

Use session. Still you have to check on each page that user have the access (e.g. for the specific session variable), because user can type directly the URL of any page... You can do this however in a file, which is included by all pages, so the code will be in only one place.
uggers2k
Forum Newbie
Posts: 5
Joined: Sat Aug 29, 2009 7:12 am

Re: PHP Authentication Query

Post by uggers2k »

Ok thanks for that. One last query. If I include the php script to validate users on each PHP page, the statement will be something like this:

<?php
include("validateUser.php");
?>
...

Within the validateUser.php script, if the users fails or passess authentication, how will it continue? (apologies if this seems a bit basic but trying to get my head around how this should work)? I mean, would the script be like 'If User Ok then continue else go to error page?
I would have thought the PHP pages would have to change to have some validation within them?

e.g.

If validateUser.php == false then error
else
display php page contents

Thanks
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: PHP Authentication Query

Post by Darhazer »

if validation fails:

Code: Select all

header('Location: /login.php'); // redirect user
exit; // stop execution of the script
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: PHP Authentication Query

Post by Benjamin »

Darhazer wrote:if validation fails:

Code: Select all

header('Location: /login.php'); // redirect user
exit; // stop execution of the script
Header redirects should contain absolute urls, not relative.
uggers2k
Forum Newbie
Posts: 5
Joined: Sat Aug 29, 2009 7:12 am

Re: PHP Authentication Query

Post by uggers2k »

Thanks all.

Script has been completed. Will post when I have time.

Uggers
Post Reply