Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need simple authentication script that works on IIS & apache

Status
Not open for further replies.
Kurt111780

Kurt111780

Technical User
Nov 20, 2003
235
GB
Hello,

I need a simple way to authenticate users. If authenticated they can access certain pages. I would like it to work on IIS and apache. Does anyone know of a good tutorial or a place to start for this?

Thanks, Kurt

It's only easy when you know how.
 
Sort by date Sort by votes
no (at least mostly no). cookies are clientside and unless you change them they typically just store the session id ( altho they can store just about anything you want). the server stores the session info against the id (usually serialised) either in a db or the filesystem, depending how you set it up.

i would not store the pwd in the session unless there was good reason to do so.

i posted a complete (but untested) beginners logon script for another user a few days ago. logincode.no3.co.uk if you want to review it. it is cross-browswer and cross-server of course but it is also written with begiiners in mind to make it easy to grasp what is going on (not saying you're a beginner of course!)
 
Upvote 0 Downvote
Hello,

Is it safe to do the following:

on the login page,
Code: 
$_SESSION['loggedOn'] = "yes";

on secure pages,
Code: 
session_start();
if (empty($_SESSION['loggedOn']))
{
		echo "<meta http-equiv='refresh' content='0; url=logon.php'>\n";
 		die("");
}

If not how do I make sure users a logged in on secure pages?

Thanks,
Kurt

It's only easy when you know how.
 
Upvote 0 Downvote
that's alright.

but if the relevant session variable is empty then destroy the session first. i would also send a header to redirect the browser rather than use the meta tag.

i am assuming you are dealing with timeouts etc and avoiding the resending of login credentials issue somewhere else.

 
Upvote 0 Downvote
I must be doing something wrong. This isn't ending the session
Code: 
if ($_GET['exit'] == "true")
{
	unset($_SESSION['mySession']) ;
	if ($_SESSION['mySession']) session_destroy();
	echo "<meta http-equiv='refresh' content='0; url=login.php'>\n";
 	die("");
}

Am I supposed to have this on each page im using session variables

Code: 
session_name("mySession");
session_start();

It's only easy when you know how.
 
Upvote 0 Downvote
just make sure that each page starts with
Code: 
session_start();
 
Upvote 0 Downvote
ok, I did that but I still don't understand why i can't end the session.

I removed the if statement and have this on the page and the session does not end.

Code: 
	unset($_SESSION['mySession']) ;
	if ($_SESSION['mySession']) session_destroy();

It's only easy when you know how.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
490
EdLentz
EdLentz
PeDa
  • Locked
  • Question
Basic Authentication fails to authenicate
Replies
0
Views
213
PeDa
PeDa
sugram
  • Locked
  • Question
how start a second shell script
Replies
0
Views
149
sugram
sugram
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
486
feherke
feherke
ravicoder
  • Locked
  • Question
Populating a span based on input field
Replies
0
Views
175
ravicoder
ravicoder

Part and Inventory Search

Sponsor

Back
Top