[phplib] help: authentification that works with cookies but not GET From: westd <email protected>
Date: 07/12/00

HELP!

I set up a page that uses AUTH to authenticate a user. Sounds
simple, but I can't for the life of me get it to work when SESSION
$mode is "get", or when $fallback_mode is "get" and I disable
cookies. It works fine with cookies. What happens is that the
variable $login that I attempt to register in auth_validatelogin()
is not being remembered. The page I'm trying to access starts
thus:

page_open(array("sess" => "Example_Session", "auth" => "My_Challenge_Auth"));
page_close();

Selected stuff from my local.inc is thus:
class Example_Session extends Session {
...
  var $mode = "get"; #works when = "cookie"
...
}

class My_Challenge_Auth extends Auth {
  var $classname = "My_Challenge_Auth";

  var $lifetime = 1;

  var $magic = "nocatsatall"; ## Challenge seed
  var $database_class = "DB_Example";
  var $database_table = "p3mail_users";

  function auth_loginform() {
    global $sess;
    global $challenge;
    
    $challenge = md5(uniqid($this->magic));
    $sess->register("challenge");
    
    include("login.php3");
  }
  
  function auth_validatelogin() {
    global $username, $password, $challenge, $response;
    global $sess

    $this->db->query(sprintf("select id,password ".
                                "from %s where username = '%s'",
                          $this->database_table,
                          addslashes($username)));

    while($this->db->next_record()) {
      $uid = $this->db->f("id");
      $pass = $this->db->f("password");
    }
    $exspected_response = md5("$username:$pass:$challenge");

    if(isset($username)) {
      $this->auth["uname"]=$username;
}

    ## True when JS is disabled
    if ($response == "") {
      if ($password != $pass) {
        return false;
      } else {
        $login = base64_encode("userid=".$uid."&usern=$username");#just
the format the rest of my scripts wants the info in, this is
the variable that is not set
        $sess->register("login");
        return $uid;
      }
    }
    
    ## Response is set, JS is enabled
    if ($exspected_response != $response) {
      return false;
    } else {
        $login = base64_encode("userid=".$uid."&usern=$username");
        $sess->register("login");
              return $uid;
    }
  }
}

Finally, login.php3 contains the following form:

<form method="post" action="<?php print $this->url() ?>" name=login>
<!-- for some reason if I change the method here to GET, then
instead of $login just not being remembered, login.php3 is redisplayed
-->
<input type="text" name="username" value="<?php print (isset($this->auth["uname"])
? $this->auth["uname"] : "" ) ?>">
<input type="password" name="password">
<input type="hidden" name="challenge" value="<?php print $challenge
?>">
<input type="hidden" name="response" value="">
<input onClick="doChallengeResponse(); return false;" type="submit"
name="submitbtn" value="Login now">

Please help, I've been pulling my hair out all day!

Dave

-----
Sent using MailStart.com ( http://MailStart.Com/welcome.html )
The FREE way to access your mailbox via any web browser, anywhere!

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>