PHPBuilder - Session Management and Authentication with PHPLIB

RSS Twitter

Session Management and Authentication with PHPLIB

by: Chad Cunningham
July 30, 2000

Let's face it, web pages aren't designed for interaction with users. At one time or another, you've probably found yourself needing to know what user you are dealing with, and some information about that user. But how do you do it on the web? There are many ways, but most of them are either error prone, or serious security risks. Passing around form data from page to page can easily be sniffed, and even more easily forged. What is a webmaster to do?
The simple answer is PHPLIB. PHPLIB is a set of PHP classes that are designed to make is easier to develop web based applications - things that need interaction. This is provided by many classes, the most essential being authentication, session management, permissions, and database abstraction.

What You'll Need

To use phplib, you need php installed on your server. Unlike basic authentication, phplib works with either the cgi or the module. You will probably need at least version 3.0.5 of php. Earlier cgi versions may work if you compiled them with --enable-foce-cgi-redirect option. Otherwise, you will get nothing but security errors. PHP also needs to be configured with track_vars enabled. You will also need a database. PHPLIB currently supports MySQL, Orace, ODBC, PostgreSQL, and Sybase.

How it Works

First and foremost, the classes need to be configured for your system. The only file that has to be modified is the file included in the distribution. It is filled in with a sample setup which can be used almost as is, or can be modified as you want. Before setting it up though, it's a good idea to understand what is going on.
Each page that uses PHPLIB must first import all of the needed files. You can do this with php's auto_prepend feature if you have access to your php.ini and you want the files included on EVERY page. If not, you can specify an include directory in the php.ini, or just use the absolute path to require the PHPLIB files. A sample file called prepend.php3 is included in the distribution, which can be required at the top of each file to include all of the other needed files.
At the top of each phplib page, you must make a call to the page_open function. This initializes the features that you plan on using, more on this later. A typical page_open call that gives authentication, session, and permission capabilities looks like:


(array("sess" => "Cms_Session""auth" => "Cms_Auth""perm" => "Cms_Perm"));

The keys of the array (sess, auth, perm) are the variable names you will use to address the objects, and must be the standard variable names phplib uses (sess, auth, perm...). The values are the names of the classes you create in your The page_open call must be before any output to the browser, and you only need to put in the features that you are going to use (if you're not using authentication on the page, just leave that part out). The script must end with a call to the page_close() function, which writes all changes back to the database. If you forget the page_close() call, you may find some things not working quite as expected...
Because phplib uses cookies to store information, your page_open() call must be issued before ANY output is sent to the browser. Output can be anything from html to blank lines. If you find yourself getting errors which say something along the lines of "Oops - SetCookie called after header has been sent" this means that there was some output before the page_open was called. The typical culprits, and the hardest to find, are blank lines outside of the <? and ?> tags in the included files. Check your or prepend.php3 for blank lines at the end with vi, or another editor which will show you these.

Next Page »

Comment and Contribute

Your comment has been submitted and is pending approval.

Chad Cunningham



(Maximum characters: 1200). You have characters left.