RE: [phplib] Amazon.com-type login From: Brian Popp (bpopp <email protected>)
Date: 01/08/01

Paul, I think I am doing what you are talking about on my website
(www.bpopp.net). Feel free to register if you want to see an example of what
I'm talking about here.

My main index page has a page_open () with a SilentAuth class
(daSilentAuth). Somewhere on the index page I also have a username,
password, and a 'auto_login' checkbox (when checked $auto_login="ON"). The
action of that form points to a php file called login.php that looks like:

// ************** start login.php ******************

page_open ( array("sess" => "daSession", "user" => "daUser", "auth" =>
"daAuth", "perm" => "daPerm" ) );

$auth->login_if ( $auth->auth["uid"] == "nobody" );

if ($auto_login == "ON" && $auth->auth["uid"] != "nobody")
{
        setcookie ( "auto_login", $auth->auth["uid"], time()+ (3600 * 24 *
30 * 6) );
}

page_close();

header ( "location: index.php" );
exit;

// ************** end login.php ******************

Then you just need an auth_preauth () function (in your SilentAuth class) to
check for a set cookie, and then return a valid user_id if one is found. I
am storing the user_id as a cookie, which may or may not be the way to go?
(It's better than storing username and password though!). I also check
$HTTP_COOKIE_VARS["auto_login"] as opposed to just $auto_login. This ensures
that the value is, in-fact, coming from the cookie and not being passed as a
GET parameter (granted, a cookie wouldn't be too hard to hack).

By the way, instead of just automatically returning the contents of the
cookie, I go ahead and check it against the user database. This is probably
a good idea just in case you ever want to revoke someone's access.

If you (or anyone) wants code, I'd be happy to send you some.. just don't
hack me!

-----Original Message-----
From: Paul Smith [mailto:paul <email protected>]
Sent: Monday, January 08, 2001 2:25 PM
To: Phplib <email protected> Netuse. De
Subject: [phplib] Amazon.com-type login

I've asked this before in some form, but it was before the holidays and in
the middle of trying to wrap up other development, so I never got around to
digesting it. So let me pose it again, especially now that I know a bit
more:
 
I'm trying to create an Amazon.com-style login system. I.e., You're
remembered when you return (through a cookie) if you're a registered,
logged-in user; if you're new, you're asked to register, but not forced to
for browsing, so no login page until necessary.
 
Now, I understand the general issues: default auth for setting new users to
"nobody", and I know I need to set a long-term cookie with the UID that
refers to the auth_user table. What I need advice on is where in the flow of
PHPLib do I set the cookie and look for a cookie, and also what I need to
modify in local.inc (and elsewhere?) to make this happen.
 
Thanks up front.
 
Paul
  

---
Paul Smith | InfoTech Designer
Center for Neighborhood Technology
www.cnt.org | paul <email protected>
773.278.4800 x138

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>