[MRBS-general] Cookie-based authentication scheme
Brought to you by:
jberanek
From: LARVOIRE,JEAN-FRANCOIS (HP-France,ex1) <jea...@hp...> - 2003-09-29 18:34:01
|
Hello, I noticed there was an unused, cookie-based, authentication script in = the base directory, called auth_cookie_ext.inc. For my project to host a resource booking system at an ISP, I needed something like that. So I rewrote it to make it as general as possible, and here's the = result: Attached is a new auth_cookie.inc. It's selected by setting $auth["type"] =3D "cookie" in config.inc.php. It needs a few additions to the vocabulary file. I've attached the = english version. Finally, I've added a logon/logoff box at the right of the top banner. This requires a minor change to the functions.inc file. How things work: The logon screen will automatically appear at the first attempt to make = a priviledged request. (reservation; admin; etc) The user name and password, if validated, are stored in cookies on the client machine. The cookies are sent afterwards automatically with all further = requests, avoiding the need to prompt for the name and password again. Pressing on the "log off" button in the top banner erases the cookies. I plan to add a timeout for the cookie validity soon. There's a running version online at http://jf.larvoire.free.fr/ashpgvl/voiles/ Sorry, it's in french, and deals with paragliders reservations, not = meeting rooms :-) But the look and feel will be familiar. Currently the user "database" is built in config.inc.php. For this experiment I've declared two users: alice (password "a") and = bob (password "b"). There's also an administrator: administrator (password "secret"). Ideally I'd like to have users and password in an SQL table, and have = an html screen to manage that list. Voila! Any comment is welcome. Jean-Fran=E7ois |