|
|
Posted by Toby Inkster on 03/25/06 16:46
Noozer wrote:
> User opens a page. A session starts and they are asked to log in. They spend
> 30 minutes reading the page, then clicks a link. Since they were on the page
> for 20+ minutes their session ended. At that point they are asked to log in,
> and then taken to their chosen page as if never interrupted.
Reasonably easy, yes. This example is in PHP, but the same idea should
work for other languages. At the top of every page that requires
authorisation:
require_once "checkauth.php";
In checkauth.php, do this:
<?php
function check_is_logged_in ()
{
// Write this function yourself.
// Return TRUE if logged in.
// FALSE otherwise.
}
if (!check_is_logged_in())
{
$me = $_SERVER['REQUEST_URI'];
$script = "http://{$_SERVER['HTTP_HOST']}/login.php";
$url = "{$script}?referer=".urlencode($me);
header("HTTP/1.1 303 See Other");
header("Location: {$url}");
}
?>
In login.php, do this:
<?php
$error_msg = '';
$u = stripslashes($_POST['username']);
$p = stripslashes($_POST['password']);
$r = stripslashes($_POST['referer']);
function check_pass ($username, $password)
{
// Write this function yourself.
// Return TRUE if password is ok.
// FALSE otherwise.
}
if (isset($u))
{
if (check_pass($u, $p))
{
$url = "http://{$_SERVER['HTTP_HOST']}/{$r}";
header("HTTP/1.1 303 See Other");
header("Location: {$url}");
exit();
}
else
$error_msg = '<p>Password wrong.</p>';
}
?>
<!-- Embelish this login page yourself. -->
<?= $error_msg ?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<table>
<tr>
<th scope="row">Username:</th>
<td><input name="username"></td>
</tr>
<tr>
<th scope="row">Password:</th>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit">
<input type="hidden" name="referer"
value="<?=htmlspecialchars($r)?>">
</td>
</tr>
</table>
</form>
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Navigation:
[Reply to this message]
|