[Phplib-users] Form POST data not making it into auth_preauth()

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I have a secure https site running on Java Tomcat and I want to be able
to access an application built on PHP and PHPlib. I'm thinking I can
have a link that submits a form with the username/password as hidden
inputs. I've added the 'auth_preauth()' function (posted to phpbuilder
in 2000) to my extension of the 'Auth' class:

function auth_preauth() {
  global $do_preauth, $username, $password; 
  $uid = false; 
  if (isset($do_preauth)) { 
    $this->db->query(sprintf("select user_id, perms ". 
                          " from %s ". 
                          " where username = '%s' ". 
                          " and password = '%s'", 
                          $this->database_table, 
                          addslashes($username), 
                          addslashes($password))); 
    while($this->db->next_record()) { 
      $uid = $this->db->f("user_id"); 
      $this->auth["perm"] = $this->db->f("perms"); 
      $this->auth["uname"] = $username; 
    } 
  } 
 return $uid; 
}

The function is very similar to the 'auth_validatelogin()' function, but
is called earlier in the whole process - before 'auth_loginform()'. It
is supposed to allow someone to use their own login form, and to bypass
the default form.

If I hard code in the username and password, I get authenticatied and go
straight in.
If I use a GET request method in the form, I can get in, but then the
password is in the URL.
I can't get my form data into the variables via POST Method - which is
what I want to use.
The posting to phpbuilder doesn't say you need to do anything to get the
data into variables.

I've been dissecting the phplib files and find that 'page_open()' calls
a 'start()' funtion from the 'Session' class, then a 'start()' function
from the 'Auth' class (and another from the 'User' class). The Session
'start()' function makes a series of function calls itself:

  function start($sid = "") {
    $this->set_container();
    $this->set_tokenname();
    $this->put_headers();
    $this->release_token($sid);
    $this->get_id($sid);
    $this->thaw();
    $this->gc();
  }

I can echo back form data ($_POST['username']) up to point of the
'release_token()' function. After that the data is gone and I can't get
it back.

What do I have to do to get the form data into the 'auth_preauth()'
function?

Of course, if you can suggest other ways to pass credentials between
Tomcat container managed security and phplib, I'd be interested.

Thx,
Bob Van