Thread: [Phplib-users] Basic authentication
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users
|
From: Chris J. <ch...@ch...> - 2002-01-30 22:16:03
|
Has anybody modified PHPLIB to use HTTP basic authentication (i.e. "realms") instead of the default standalone login page stuff? I know it's fairly trivial, but no point in reinventing the wheel if someone else has already done it. Thanks, ..chris |
|
From: Tarique S. <ta...@sa...> - 2002-01-31 10:26:53
|
On Wed, 30 Jan 2002, Chris Johnson wrote: > Has anybody modified PHPLIB to use HTTP basic authentication (i.e. "realms") > instead of the default standalone login page stuff? Err ... If you read the manual you must have noted that in-line authentication of PHPlib was written the over come the short commings of Basic HTTP authentication Care to explain why you want to turn the wheel back? Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
|
From: nathan r. h. <dst...@ds...> - 2002-01-31 14:01:12
|
On Thu, 31 Jan 2002, Tarique Sani <ta...@sa...> wrote:
> On Wed, 30 Jan 2002, Chris Johnson wrote:
>
> > Has anybody modified PHPLIB to use HTTP basic authentication (i.e. "realms")
> > instead of the default standalone login page stuff?
>
> Err ... If you read the manual you must have noted that in-line
> authentication of PHPlib was written the over come the short commings of
> Basic HTTP authentication
>
> Care to explain why you want to turn the wheel back?
>
You can sort of simulate HTTP basic auth by creting a script that looks
like:
<?php
// This is the acces modifier script
include("prepend.inc");
page_open(array("sess"=>"someSess", "auth"=>"someAuth"));
// If you want some perms stuff here, feel free to use it.
page_close();
?>
and making the following change in your httpd.conf (of course, you're
using apache, right :)
<Directory /path/to/someDir/>
php_value auto_prepend_file "/path/to/access_modifier.php"
</Directory>
This will force the phplib login mechanism into loading every time
anything in that directoy is hit (you can also use this in a File
directive or a vhost directive.. :). Instead of using the standard system
dialog from the browser, it will use the settings set in the "someAuth"
subclass of the Auth object, thus having the same net effect as HHTP basic
auth, but with finer granularity. You'll need to setup the standard
phplib ath stuff
-n (Been offline for a while I know.. problems with old hosting
provider)
|
|
From: Chris J. <ch...@ch...> - 2002-02-01 03:38:37
|
Well, I read that bit of the documentation so long ago, that I'd completely forgotten all those points. What I'm really trying to accomplish is 2 things: 1) Get the user name in the combined web server log. (I use apache, and have not had any luck with other methods.) This is lower priority. 2) Provide a method for users linking in from another site to have a "single signon" capability -- that is, they logged in at the other site, and the URL needs to contain the information that they logged in with. As you know, the standard URL form is something like: [protocol]://[username]:[password]@host.domain.name:[port]/document_path So, uh, the username/password portion seemed like an obvious place to put that information, and HTTP Basic Authentication would work with minimal work. But having re-read the Auth section of the PHPLIB docs, there are a couple of drawbacks I don't think I want to live with: 1) No "log out" -- well, it could be kludged by forcing a login to a different realm, but that would be crude. 2) No expire. These users are accessing private data, so I'd better be sure that people can't just wander by and use their PC's while they are out of the office, etc. 3) Not per page. Not too much of a problem, since all of my Perm levels are per directory at the moment, but could be a nuisance in the future. So, I'm open to suggestions on how to solve my 2 problems at the top instead of hacking Basic Auth into PHPLIB. Any ideas? Thanks, ..chris ----- Original Message ----- From: "Tarique Sani <ta...@sa...>" <ro...@sa...> On Wed, 30 Jan 2002, Chris Johnson wrote: > Has anybody modified PHPLIB to use HTTP basic authentication (i.e. "realms") > instead of the default standalone login page stuff? Err ... If you read the manual you must have noted that in-line authentication of PHPlib was written the over come the short commings of Basic HTTP authentication Care to explain why you want to turn the wheel back? Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
|
From: Lindsay H. <fm...@fm...> - 2002-02-01 04:40:05
|
Thus spake Chris Johnson on Thu, Jan 31, 2002 at 09:38:30PM CST
>
> 2) Provide a method for users linking in from another site to have a
> "single signon" capability -- that is, they logged in at the other site, and
> the URL needs to contain the information that they logged in with. As you
> know, the standard URL form is something like:
>
> [protocol]://[username]:[password]@host.domain.name:[port]/document_path
There are only some protocols (called "schemes" in RFCs) which support
this format, I believe. AFAIK HTTP isn't one of them. An HTTP request in
this format will simply drop the "@" symbol and everything in front of it.
See RFC2616, which says...
3.2.2 http URL
The "http" scheme is used to locate network resources via the HTTP
protocol. This section defines the scheme-specific syntax and semantics for
http URLs.
http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
--
Lindsay Haisley | "Everything works | PGP public key
FMP Computer Services | if you let it" | available at
512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys>
http://www.fmp.com | |
|
|
From: rck <rc...@sw...> - 2002-02-01 10:21:05
|
Hello! I've been looking through the PHPlib-documentation, through the forums on sourcefourge and around the Internet (with google). But I was unable to find a example, on how to integrate PHPlib Templates, Tables, Forms and DB_Sql together. Like: A Template, that describes a Form, which is used for entering new data and altering existing data. But has no php in it, so it could be made completely by the screendesigner with his html wysiwyg-tool. And a php-file, which does the communication between the form and the database. But does no layout work at all (positions, colors, etc. would be defined by the template). And: Another Template, that is kind of a command-center. It would describe the mainpage of my webapplication. It would print out all records of a given select-statement. this select-statement would be filtered by some textfields (a bit like SQLQuery, but not as 'hardcoded' ;-)). Again, without any php. And again with a php-file, which does the communication between filter and database. The third thing is about OOH! Forms. Have I overseen something? I can't find a way to specify a style-class to a given form_element. Do I have to tweak it up my own? I guess, this stuff can't be solved before my deadline (in less than 4 hours), but maybe it will help me in further projects. Thanks a lot for keeping up the maillinglist and for PHPlib. It might have caused some work (it's not that easy to understand for me) but has solved problems already I haven't thought of before :-) yours sincerely, Ren=E9 C. Kiesler! |
|
From: Tarique S. <ta...@sa...> - 2002-02-01 08:43:00
|
On Thu, 31 Jan 2002, Chris Johnson wrote: > 2) Provide a method for users linking in from another site to have a > "single signon" capability -- that is, they logged in at the other site, and > the URL needs to contain the information that they logged in with. As you > know, the standard URL form is something like: There is an article on www.phpbuilder.com about cross domain cookies Be warned it is NOT really about cross domain cookies BUT a hack to make it appear so ;-) Hope this helps Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
|
From: Carl Y. <ca...@yo...> - 2002-02-01 17:21:25
|
What I would really like to see is the added feature of a "remember me" checkbox on the PHPLIB logon page so that users could have the option of not continually typing in their password everytime they visit my site. I'm sure I could figure out how to do with a little time and energy, but I'm sure that the phplib programmers could do it more securely than I would. Thanks, Carl Youngblood ----- Original Message ----- From: "Tarique Sani <ta...@sa...>" <ro...@sa...> To: "Chris Johnson" <ch...@ch...> Cc: "'phplib-users'" <php...@li...> Sent: Friday, February 01, 2002 1:27 AM Subject: Re: [Phplib-users] Basic authentication > On Thu, 31 Jan 2002, Chris Johnson wrote: > > > 2) Provide a method for users linking in from another site to have a > > "single signon" capability -- that is, they logged in at the other site, and > > the URL needs to contain the information that they logged in with. As you > > know, the standard URL form is something like: > > There is an article on www.phpbuilder.com about cross domain cookies > > Be warned it is NOT really about cross domain cookies BUT a hack to make > it appear so ;-) > > Hope this helps > > Tarique > > -- > ========================================================== > PHP Applications for E-Biz : http://www.sanisoft.com > > The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com > ========================================================== > > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Tarique S. <ta...@sa...> - 2002-02-01 17:31:47
|
On Fri, 1 Feb 2002, Carl Youngblood wrote: > What I would really like to see is the added feature of a "remember me" > checkbox on the PHPLIB logon page so that users could have the option of not > continually typing in their password everytime they visit my site. I'm sure There already is a way :-) Checkout pre_auth() in the auth class You just have to implement (read override) it whatever way you please Cheers Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X