COOKIE/GET problem. Was: [PHPLIB] login form on every page From: Ronny Hanssen (ronnyh <email protected>)
Date: 11/18/99

Hi,

Your proposal works very fine indeed, thanx a lot.
However, I found one problem after having used it for a while. If the
user hasn't enabled cookies he will never be expired. With cookies
enabled he gets thrown out like he is supposed to. I can only guess that
the cookie itself has expired, whereas the expiry in the session hasn't.

I did some testing and found that the expiry (auth["exp"]) is never
changed after it is set to 0x7fffffff while authenticating the user as
"nobody".

I added two lines of code (and deleted one), as shown inline in David's
code later down (look for the /*ADD*/ and /*DEL*/ sections), and it now
seems like it works without *having* to use cookies.
The two lines added just updates the expiry and refresh variables,
whereas the deleted line is (in my example at least) already executed in
auth_validatelogin(). I think my auth_validatelogin() is the same as the
distributed one, but check your own before removing the line from
login_if(). 

--
Ronny Hanssen

David Tiselius wrote:
> 
(...)
> 
> I'm not sure if I've understod your problem, or if this is any help,
> but...
> 
> I'm currently working on a similar thing (having a login-section on each
> page, unless the visitor is already logged in of course), and it seems
> to work the way I want.
> I just made a new subclass to challenge_auth for this (ie I still use
> Example_session and have never touched start_page()) and the changes are
> all in the login_if() function.
> That way the user can log out but the session i still "alive" (and
> that's where the $GLOBALS array's kept - isn't it?).
> 
> My login_if() in the subclass to challenge_auth looks like this:
> 
>   function login_if($attempt) {
>       global $sess, $username, $password;
> 
>       $challenge = md5(uniqid($this->magic));
>       $sess->register("challenge");
> 
>     if ($attempt && ( "nobody" == $this->auth["uid"])) {
>       $uid = false;
>       $uid = $this->auth_validatelogin();
>     }
> 
>     if($uid) {
>       $this->auth["uid"] = $uid;
/*ADD*/ $this->auth["exp"] = time() + (60 * $this->lifetime);
/*ADD*/ $this->auth["refresh"] = time() + (60 * this->refresh);
/*DEL*/ $this->auth["uname"] = $username; 
>     }
>     return $challenge;
> }
> 
(...)
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.