|
Posted by Erwin Moller on 09/27/68 11:48
awebguynow wrote:
> My shared-host doesn't allow php_value directives in .htaccess
>
> I was using an "auto_prepend_file" on my local development machine,
> that helped me implement a Session based authentication system.
>
> Host said: "PHP is running as SuEXEC-CGI for security reasons"
> and auto_prepend_file can only be put in php.ini ( system wide, out
> of my control )
>
> Now I'm back to Square 0. I'd prefer not to get stuck rewriting my
> code-base.
> Any other alternatives & suggestions on implementing Session based
> authentication ?
Hi,
Well, I guess you have to rewrite your code so it handles the authentication
in SESSIONS.
It doesn't have to be a lot of work.
I always approach this simple. Try something along the following lines:
Above every PHP-file that needs some authentication:
<?
// session_start(); // I use auto-start, so this is up to you.
require_once('includes/someFunctions.php');
checkedIfLoggedIn();
// or
checkIfIsAdmin();
?>
the someFunctions.php file contains a simple routine like:
function checkIfLoggedIn(){
if (isset($_SESSION["userid"])){
// OK, continue
} else {
// not ok, session over or illegal attempt
header('login.php?comment='.urlencode('Your session is over. Please login
again'));
exit;
}
}
same for checkIfIsAdmin(), only that checks another value in SESSION, like
$_SESSION["admin"] == "Y".
You probably have your own sets of expected session-vars.
I give you this example because it is usable everywhere where sessions are
supported. If you set it up like this, you never need to worry about
safemode, or auto_prepend_file, etc, because you simple include it
everywhere where needed with appropriate functionscalls.
Hope this helps.
Regards,
Erwin Moller
[Back to original message]
|