Thread: [Phplib-users] Reauthentication Woes
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users
|
From: T. R. <Te...@Te...> - 2003-08-14 17:27:26
|
First let me say that I am very impressed with PHPLib! I've been beating my head against my desk and going through the documentation and sourceforge archives looking for some help. When I log out, and log back in, my authentication is only valid for that first page view - I'm prompted to reauthenticate on the second secured page view. From that point on, the application works normally. I'm sure that made little sense, so I'll try to be more explicit: My logout script calls $sess->delete(); $auth->logout(); and then redirects the user to the secured home page - which naturally fails. $auth->auth_loginform() gets called and validLoginForm.ihtml draws a login form. The target of the login form is $this->url(). If the user enters their username/password the secured home page displays. I go ahead and logon, and the secured page comes up as expected. If I call up any other secured page, $auth sends the browser back to loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and HTTP_POST_VARS[password] are getting wiped out. Of course that's not the root of the problem, only "collateral damage". I'm guessing my UID is getting clobbered somewhere. Why it's happening is beyond me and I could really use some help here! ...now if I log on to this second call to loginform.ihtml, all is well! The session works as expected, secured pages work as they should, my different permission levels all work normally. Any suggestions and insight you'd like to share will be greatly appreciated! Terry R. |
|
From: Nathaniel P. <np...@te...> - 2003-08-14 17:44:51
|
Are you calling page_close() on the page where you first log in at? If you don't, that would produce exactly the behavior you describe, since page_close() saves all the authentication data into the current session. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: <php...@li...> Sent: Thursday, August 14, 2003 10:23 AM Subject: [Phplib-users] Reauthentication Woes [snip] > I go ahead and logon, and the secured page comes up as expected. > > If I call up any other secured page, $auth sends the browser back to > loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and > HTTP_POST_VARS[password] are getting wiped out. Of course that's not the > root of the problem, only "collateral damage". I'm guessing my UID is > getting clobbered somewhere. Why it's happening is beyond me and I could > really use some help here! > > ...now if I log on to this second call to loginform.ihtml, all is well! The > session works as expected, secured pages work as they should, my different > permission levels all work normally. > > Any suggestions and insight you'd like to share will be greatly appreciated! |
|
From: T. R. <Te...@Te...> - 2003-08-14 17:55:00
|
Thanks for the quick response Nathaniel! I grepped *.php for page_open and compared it to a grep for page_close. Everything that opens a page, closes it. While I was checking the PHP scripts, I also performed the same check on all my included files and they all checked out too. That was good suggesion though, anything else that comes to mind? Thanks! Terry -----Original Message----- From: Nathaniel Price [mailto:np...@te...] Sent: Thursday, August 14, 2003 1:41 PM To: T. Riedel; php...@li... Subject: Re: [Phplib-users] Reauthentication Woes Are you calling page_close() on the page where you first log in at? If you don't, that would produce exactly the behavior you describe, since page_close() saves all the authentication data into the current session. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: <php...@li...> Sent: Thursday, August 14, 2003 10:23 AM Subject: [Phplib-users] Reauthentication Woes [snip] > I go ahead and logon, and the secured page comes up as expected. > > If I call up any other secured page, $auth sends the browser back to > loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and > HTTP_POST_VARS[password] are getting wiped out. Of course that's not the > root of the problem, only "collateral damage". I'm guessing my UID is > getting clobbered somewhere. Why it's happening is beyond me and I could > really use some help here! > > ...now if I log on to this second call to loginform.ihtml, all is well! The > session works as expected, secured pages work as they should, my different > permission levels all work normally. > > Any suggestions and insight you'd like to share will be greatly appreciated! |
|
From: Nathaniel P. <np...@te...> - 2003-08-14 18:49:21
|
Hmm... based on your description of everything, it /should/ be working. A few thoughts come to mind: 1) Do you have any global variables with the name of $sess or $auth (and if you want to be super-careful, check for $perm and $user as well) in your scripts? PHPlib registers and uses these variables to store the session and authentication objects. If any script resets these variables, it will probably cause weirdness. 2) Are you using different subclasses of Auth on different pages? That might cause some hard to track down bugs, if each subclass handles anything significantly differently. 3) Which version of PHP and PHPlib do you use? If you aren't using the latest release (7.4-pre2) of PHPlib, and you have PHP set up with import_globals set to false, it won't work properly, although the symptoms don't match up exactly (you shouldn't be able to log in at all under these conditions). It is also possible that there might be a bug in the "stable" (7.2d) release that has been fixed in one of the later releases. You might post some more psuedo code from your app as well, since I can't really tell much from your description. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: "'Nathaniel Price'" <np...@te...>; <php...@li...> Sent: Thursday, August 14, 2003 10:45 AM Subject: RE: [Phplib-users] Reauthentication Woes > Thanks for the quick response Nathaniel! > > I grepped *.php for page_open and compared it to a grep for page_close. > Everything that opens a page, closes it. While I was checking the PHP > scripts, I also performed the same check on all my included files and they > all checked out too. > > That was good suggesion though, anything else that comes to mind? |
|
From: T. R. <Te...@Te...> - 2003-08-15 14:10:56
|
HAH! That's was it! I had one really old script that called "Example_Auth" instead of my customized auth class. Thanks for the help! ....now I can get back to work! -----Original Message----- From: Nathaniel Price [mailto:np...@te...] Sent: Thursday, August 14, 2003 2:22 PM To: T. Riedel; php...@li... Subject: Re: [Phplib-users] Reauthentication Woes Hmm... based on your description of everything, it /should/ be working. A few thoughts come to mind: 1) Do you have any global variables with the name of $sess or $auth (and if you want to be super-careful, check for $perm and $user as well) in your scripts? PHPlib registers and uses these variables to store the session and authentication objects. If any script resets these variables, it will probably cause weirdness. 2) Are you using different subclasses of Auth on different pages? That might cause some hard to track down bugs, if each subclass handles anything significantly differently. 3) Which version of PHP and PHPlib do you use? If you aren't using the latest release (7.4-pre2) of PHPlib, and you have PHP set up with import_globals set to false, it won't work properly, although the symptoms don't match up exactly (you shouldn't be able to log in at all under these conditions). It is also possible that there might be a bug in the "stable" (7.2d) release that has been fixed in one of the later releases. You might post some more psuedo code from your app as well, since I can't really tell much from your description. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: "'Nathaniel Price'" <np...@te...>; <php...@li...> Sent: Thursday, August 14, 2003 10:45 AM Subject: RE: [Phplib-users] Reauthentication Woes > Thanks for the quick response Nathaniel! > > I grepped *.php for page_open and compared it to a grep for page_close. > Everything that opens a page, closes it. While I was checking the PHP > scripts, I also performed the same check on all my included files and they > all checked out too. > > That was good suggesion though, anything else that comes to mind? |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X