Re: [phplib] Transparent authentication From: Philip Strnad (philip <email protected>)
Date: 12/12/00

Paul,

Another way to do this is as follows:

- When a user logs in successfully set a cookie that contains the user's
MD5 user id that you store in your users table ($auth->database_table).
The cookie will is used when the user comes back to the site.

- Add some code to setup.inc that looks for the cookie. setup.inc is
executed when a session is created, which makes it ideal for this
scenario. If a user hits your site and has the cookie, then your code
in setup.inc can look up the value contained in the cookie (presumably
the MD5 user id) in $auth->database_table. If you have a record in
$auth->database_table then you can set $auth->auth["uname"] to the
user's username (which you get from the db) and $auth->auth["uid"] to
the user's MD5 user id.

Sample setup.inc:

global $auth;
if (isset($your_cookie)) {
  mysql_query("select username from $auth->database_table where
               userid = '$your_cookie'");
  # if a row is returned:
  $auth->auth["uid"] = $your_cookie;
  $auth->auth["uname"] = $username_from_db;
}

At this point the user will be "authenticated," although the
authentication didn't occur through the loginform.

Note that you have to set sess::auto_init to the name of your auto init
file (usually setup.inc).

If you get this to work, please let me know. It used to work perfectly
on one of my sites, but lately it's been causing problems, which are
probably related to the site and the way it's setup.

Philip

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>