if ($authObj->authenticate()) { $uid = $authObj->getUID(); $this->debug(“Setting user id to $uid”); $this->setUID($uid); return TRUE; } return FALSE; } } global $AUTH_DB_URL; $thisApp = new loginApp( array( ‘app_name’ => $APPLICATION_NAME, ‘app_version’ => ‘1.0.0’, ‘app_type’ => ‘WEB’, ‘app_db_url’ => $AUTH_DB_URL, ‘app_auto_authorize’ => FALSE, ‘app_auto_chk_session’ => FALSE, ‘app_auto_connect’ => TRUE, ‘app_type’ => ‘WEB’, ‘app_debugger’ => $OFF ) ); $thisApp->buffer_debugging(); $thisApp->debug(“This is $thisApp->app_name application”); $thisApp->run(); $thisApp->dump_debuginfo(); ?> Figure 5-5 shows the flow diagram of login.php. When the login application is run, it goes through the following steps: 1. It determines if the user is already authenticated. It calls the is_authen- ticated() method to determine if the user has a session already. If the user has a session, the is_authenticated() method returns TRUE or else FALSE. 2. If the user is authenticated already, the user is redirected to the applica- tion that called the login application. Chapter 5: Central Authentication System 131 08 549669 ch05.qxd 4/4/03 9:24 AM Page 131 3. If the user is not already authenticated, the login.php application deter- mines whether the user supplied a username (e-mail address) and whether the password passes the minimum-size test. If either the username (e-mail address) or password does not pass the test, the login attempt is counted and the login menu or the warning page is displayed according to the allowed number of login attempts per login.conf file. Figure 5-5: A flow diagram of the login.php application. Start Stop No No No Yes Yes Yes Is user already authenticated? User supplied valid size email and password? Authentication Successful? Authenticate user using given username and password Create session and redirect user to the caller application Redirect user to the referring URL Count login attempts and display login menu or warning page 132 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 132 4. If the user credentials (username and password) passes the minimum-size test, the actual authentication is done using the user record stored in the authentication database via the authenticate() method found in the class.Authentication.php object. 5. If the authenticate() method returns TRUE, the user is valid and a ses- sion variable called SESSION_USERNAME is registered with the supplied username (e-mail address). 6. If the authenticate() method returns FALSE, the user login attempt is counted and the login menu or the warning page is displayed according to the allowed number of login attempts per login.conf file. Now that you know how login.php works, let’s take a look at what configura- tion it gets from login.conf as shown in Listing 5-3. Listing 5-3: login.conf <?php // login.conf // Turn on all error reporting error_reporting(E_ALL); // If you have installed framework directory in // a different directory than // %DocumentRoot%/framework, change the setting below. $APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’; $PEAR =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’; $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework // classes in these directories ini_set( ‘include_path’, ‘:’ . $PEAR . ‘:’ . $PHPLIB . ‘:’ . $APP_FRAMEWORK_DIR . ‘:’ . ini_get(‘include_path’)); $PHP_SELF = $_SERVER[“PHP_SELF”]; $LOGIN_TEMPLATE = ‘login.html’; $APPLICATION_NAME = ‘LOGIN’; $DEFAULT_LANGUAGE = ‘US’; Continued Chapter 5: Central Authentication System 133 08 549669 ch05.qxd 4/4/03 9:24 AM Page 133 Listing 5-3 (Continued) $AUTH_DB_URL = ‘mysql://root:foobar@localhost/auth’; $ACTIVITY_LOG_TBL = ‘ACTIVITY’; $AUTH_DB_TBL = ‘users’; $MIN_USERNAME_SIZE= 5; $MIN_PASSWORD_SIZE= 8; $MAX_ATTEMPTS = 5; $FORGOTTEN_PASSWORD_APP = ‘/user_mngr/apps/user_mngr_forgotten_pwd.php’; $APP_MENU = ‘/’; $TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/login/templates’; $REL_TEMPLATE_DIR = ‘/login/templates/’; $WARNING_URL = $TEMPLATE_DIR . ‘/warning.html’; require_once “login.errors”; require_once “login.messages”; require_once ‘DB.php’; require_once $APP_FRAMEWORK_DIR . ‘/’ . ‘constants.php’; require_once $APP_FRAMEWORK_DIR . ‘/’ . $DEBUGGER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $APPLICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $ERROR_HANDLER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $AUTHENTICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $DBI_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $USER_CLASS; require_once $TEMPLATE_CLASS; ?> The configuration details are explained in Table 5-1. TABLE 5-1 LOGIN.CONF EXPLANATIONS Variable Description $APP_FRAMEWORK_DIR Sets the framework directory to %DocumentRoot%framework. $TEMPLATE_DIR Sets /evoknow/intranet/php/login/templates (same as $APP_FRAMEWORK_DIR). 134 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 134 Variable Description $LOGIN_TEMPLATE Sets the name of the login menu file to login.ihtml. This file has to be stored in /evoknow/intranet/php/ login/templates/login.ihtml . $APPLICATION_NAME Sets the name of the application to LOGIN. $DEFAULT_LANGUAGE Sets the default language of the application to US. $AUTH_DB_TYPE Sets the database type to mysql. $AUTH_DB_HOST Sets the database server location to localhost. $AUTH_DB_NAME Sets the authentication database name to auth, which must have the table specified by $AUTH_DB_TBL fields. $AUTH_DB_TBL Sets the name of the user information table to users. $AUTH_DB_USERNAME Sets the username required to access the database. Since sensitive database information is stored in login.conf file make sure either store it outside the Web document tree or use Apache configuration that disallows Web visitors from retrieving .conf files. See Chapter 22 for details. $AUTH_DB_PASSWD Sets the password required to access the database. Since sensitive database information is stored in login.conf file make sure either store it outside the Web document tree or use Apache configuration that disallows Web visitors from retrieving .conf files. See Chapter 22 for details. $MIN_USERNAME_SIZE Sets the minimum username size to 5. Usernames smaller than five characters can be guessed too easily and therefore at least five character name is preferred. $MIN_PASSWORD_SIZE $MAX_ATTEMPTS Sets the maximum number of tries to 3. $WARNING_URL Sets the warning page URL to /php/login/templates/warning.html. $DEFAULT_DOMAIN Sets the default name to evoknow.com. $APP_MENU Sets the name of the application menu to /php/menu.php. If the login application was directly called, the successfully authenticated user is redirected to this menu. Chapter 5: Central Authentication System 135 08 549669 ch05.qxd 4/4/03 9:24 AM Page 135 . than // %DocumentRoot%/framework, change the setting below. $APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’; $PEAR =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’; $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’]. =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’; $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework // classes in these. directories ini_set( ‘include_path’, ‘:’ . $PEAR . ‘:’ . $PHPLIB . ‘:’ . $APP_FRAMEWORK_DIR . ‘:’ . ini_get(‘include_path’)); $PHP_ SELF = $_SERVER[ PHP_ SELF”]; $LOGIN_TEMPLATE = ‘login.html’; $APPLICATION_NAME