Re: [phplib] Amazon.com-type login From: Philip Strnad (philip <email protected>)
Date: 01/08/01

Paul, another way to do this is described here (in a post I made a while
ago):

http://marc.theaimsgroup.com/?l=phplib&m=97668810304158&w=2

Note that it now works perfectly, whereas before I had some issues that
turned out to be non PHPLIB related.

Philip

Brian Popp wrote:
>
> Paul, I think I am doing what you are talking about on my website
> (www.bpopp.net). Feel free to register if you want to see an example of what
> I'm talking about here.
>
> My main index page has a page_open () with a SilentAuth class
> (daSilentAuth). Somewhere on the index page I also have a username,
> password, and a 'auto_login' checkbox (when checked $auto_login="ON"). The
> action of that form points to a php file called login.php that looks like:
>
> // ************** start login.php ******************
>
> page_open ( array("sess" => "daSession", "user" => "daUser", "auth" =>
> "daAuth", "perm" => "daPerm" ) );
>
> $auth->login_if ( $auth->auth["uid"] == "nobody" );
>
> if ($auto_login == "ON" && $auth->auth["uid"] != "nobody")
> {
> setcookie ( "auto_login", $auth->auth["uid"], time()+ (3600 * 24 *
> 30 * 6) );
> }
>
> page_close();
>
> header ( "location: index.php" );
> exit;
>
> // ************** end login.php ******************
>
> Then you just need an auth_preauth () function (in your SilentAuth class) to
> check for a set cookie, and then return a valid user_id if one is found. I
> am storing the user_id as a cookie, which may or may not be the way to go?
> (It's better than storing username and password though!). I also check
> $HTTP_COOKIE_VARS["auto_login"] as opposed to just $auto_login. This ensures
> that the value is, in-fact, coming from the cookie and not being passed as a
> GET parameter (granted, a cookie wouldn't be too hard to hack).
>
> By the way, instead of just automatically returning the contents of the
> cookie, I go ahead and check it against the user database. This is probably
> a good idea just in case you ever want to revoke someone's access.
>
> If you (or anyone) wants code, I'd be happy to send you some.. just don't
> hack me!
>
> -----Original Message-----
> From: Paul Smith [mailto:paul <email protected>]
> Sent: Monday, January 08, 2001 2:25 PM
> To: Phplib <email protected> Netuse. De
> Subject: [phplib] Amazon.com-type login
>
> I've asked this before in some form, but it was before the holidays and in
> the middle of trying to wrap up other development, so I never got around to
> digesting it. So let me pose it again, especially now that I know a bit
> more:
>
> I'm trying to create an Amazon.com-style login system. I.e., You're
> remembered when you return (through a cookie) if you're a registered,
> logged-in user; if you're new, you're asked to register, but not forced to
> for browsing, so no login page until necessary.
>
> Now, I understand the general issues: default auth for setting new users to
> "nobody", and I know I need to set a long-term cookie with the UID that
> refers to the auth_user table. What I need advice on is where in the flow of
> PHPLib do I set the cookie and look for a cookie, and also what I need to
> modify in local.inc (and elsewhere?) to make this happen.
>
> Thanks up front.
>
> Paul
>
> ---
> Paul Smith | InfoTech Designer
> Center for Neighborhood Technology
> www.cnt.org | paul <email protected>
> 773.278.4800 x138
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>