[phplib] Session works only one times From: A. Grubert (agrubert <email protected>)
Date: 12/26/00

Hey folks,

i got a problem with my phplib (7.02b). The phplib-example for testing
the database works fine. I can see my entries and metadata. Problems
exists only with the sessions-part.

My local.inc is realy unchanged, it is the original one (see end of this
email). I only changed the entries to connect to my database at
Schlund&Partner (mysql).

If I open this simple page, the Browser wish to set a cookie
Example_Session (I can see it in the database table) and then the page
with the counter (1) is shown. If I reload the page, the counter is
incremented to 2 (not always), but if I reload the counter again it
don't increments.
I can't fix this problem !!! The problem occured only on my
Schlund&Partner webspace, on my local system it works fine.
 
<?php
  include("../gc_db/inc_phplib.php3"); // in this include I
call prepend.inc
                                                  // usefull to test on local or www-system
                                                  // with different pathes to PHPLib
  page_open(array("sess" => "Example_Session")); // it ask me for
accepting the cookie
  if (!isset($s)) $s=0;
  $sess->register("s");
  $s++;
 ?>
<html>
  <head><title>PHP3 test page</title></head>
  <body bgcolor="#ffffff">
    <a href="<?php $sess->purl("test_003.php3")?>">Load</a> this simple
page again.<br>
    <h1>Per Session Data: </h1>
    <?php print($s); ?>
  </body></html>
<?php page_close(); ?>

----- my local.inc ---------
<?php
/*
 * Session Management for PHP3
 *
 * Copyright (c) 1998,1999 SH Online Dienst GmbH
 * Boris Erdmann, Kristian Koehntopp
 *
 * $Id: local.inc,v 1.23 1999/08/25 11:40:48 kk Exp $
 *
 */

class DB_Example extends DB_Sql {
  var $Host = "----";
  var $Database = "----";
  var $User = "----";
  var $Password = "----";
}

class Example_CT_Sql extends CT_Sql {
  var $database_class = "DB_Example"; ## Which database to
connect...
  var $database_table = "active_sessions"; ## and find our session data
in this table.
}

class Example_Session extends Session {
  var $classname = "Example_Session";

  var $cookiename = ""; ## defaults to classname
  var $magic = "Hocuspocus"; ## ID seed
  var $mode = "cookie"; ## We propagate session IDs
with cookies
  var $fallback_mode = "get";
  var $lifetime = 0; ## 0 = do session cookies,
else minutes
  var $that_class = "Example_CT_Sql"; ## name of data storage
container
  var $gc_probability = 5;
}

class Example_User extends User {
  var $classname = "Example_User";

  var $magic = "Abracadabra"; ## ID seed
  var $that_class = "Example_CT_Sql"; ## data storage container
}

class Example_Auth extends Auth {
  var $classname = "Example_Auth";

  var $lifetime = 15;

  var $database_class = "DB_Example";
  var $database_table = "auth_user";
  
  function auth_loginform() {
    global $sess;
    global $_PHPLIB;

    include($_PHPLIB["libdir"] . "loginform.ihtml");
  }
  
  function auth_validatelogin() {
    global $username, $password;

    if(isset($username)) {
      $this->auth["uname"]=$username; ## This provides access for
"loginform.ihtml"
    }
    
    
    $uid = false;
    
    $this->db->query(sprintf("select user_id, perms ".
                             " from %s ".
                             " where username = '%s' ".
                             " and password = '%s'",
                          $this->database_table,
                          addslashes($username),
                          addslashes($password)));

    while($this->db->next_record()) {
      $uid = $this->db->f("user_id");
      $this->auth["perm"] = $this->db->f("perms");
    }
    return $uid;
  }
}

class Example_Default_Auth extends Example_Auth {
  var $classname = "Example_Default_Auth";
  
  var $nobody = true;
}

class Example_Challenge_Auth extends Auth {
  var $classname = "Example_Challenge_Auth";

  var $lifetime = 1;

  var $magic = "Simsalabim"; ## Challenge seed
  var $database_class = "DB_Example";
  var $database_table = "auth_user";

  function auth_loginform() {
    global $sess;
    global $challenge;
    global $_PHPLIB;
    
    $challenge = md5(uniqid($this->magic));
    $sess->register("challenge");
    
    include($_PHPLIB["libdir"] . "crloginform.ihtml");
  }
  
  function auth_validatelogin() {
    global $username, $password, $challenge, $response;

    if(isset($username)) {
      $this->auth["uname"]=$username; ## This provides access for
"loginform.ihtml"
    }
    $this->db->query(sprintf("select user_id,perms,password ".
                "from %s where username = '%s'",
                          $this->database_table,
                          addslashes($username)));

    while($this->db->next_record()) {
      $uid = $this->db->f("user_id");
      $perm = $this->db->f("perms");
      $pass = $this->db->f("password");
    }
    $exspected_response = md5("$username:$pass:$challenge");

    ## True when JS is disabled
    if ($response == "") {
      if ($password != $pass) {
        return false;
      } else {
        $this->auth["perm"] = $perm;
        return $uid;
      }
    }
    
    ## Response is set, JS is enabled
    if ($exspected_response != $response) {
      return false;
    } else {
      $this->auth["perm"] = $perm;
      return $uid;
    }
  }
}

##
## Example_Challenge_Crypt_Auth: Keep passwords in md5 hashes rather
## than cleartext in database
## Author: Jim Zajkowski <jim <email protected>>

class Example_Challenge_Crypt_Auth extends Auth {
  var $classname = "Example_Challenge_Crypt_Auth";

  var $lifetime = 1;

  var $magic = "Frobozzica"; ## Challenge seed
  var $database_class = "DB_Example";
  var $database_table = "auth_user_md5";

  function auth_loginform() {
    global $sess;
    global $challenge;
    
    $challenge = md5(uniqid($this->magic));
    $sess->register("challenge");
    
    include("crcloginform.ihtml");
  }
  
  function auth_validatelogin() {
    global $username, $password, $challenge, $response;

    $this->auth["uname"]=$username; ## This provides access for
"loginform.ihtml"
    
    $this->db->query(sprintf("select user_id,perms,password ".
                "from %s where username = '%s'",
                          $this->database_table,
                          addslashes($username)));

    while($this->db->next_record()) {
      $uid = $this->db->f("user_id");
      $perm = $this->db->f("perms");
      $pass = $this->db->f("password"); ## Password is stored as a
md5 hash
    }
    $exspected_response = md5("$username:$pass:$challenge");

    ## True when JS is disabled
    if ($response == "") {
      if (md5($password) != $pass) { ## md5 hash for
non-JavaScript browsers
        return false;
      } else {
        $this->auth["perm"] = $perm;
        return $uid;
      }
    }
    
    ## Response is set, JS is enabled
    if ($exspected_response != $response) {
      return false;
    } else {
      $this->auth["perm"] = $perm;
      return $uid;
    }
  }
}

class Example_Perm extends Perm {
  var $classname = "Example_Perm";
  
  var $permissions = array(
                            "user" => 1,
                            "author" => 2,
                            "editor" => 4,
                            "supervisor" => 8,
                            "admin" => 16
                          );

  function perm_invalid($does_have, $must_have) {
    global $perm, $auth, $sess;
    global $_PHPLIB;
    
    include($_PHPLIB["libdir"] . "perminvalid.ihtml");
  }
}
?>

 
Gruß
  Armin

----- http://www.armin-grubert.vu.de ------
Dipl.-Geol. A. Grubert Oppenheimer Straße 28
Tel.: 06737 - 809076 55278 Köngernheim
--------- agrubert <email protected> --------

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>