All the error messages that the login.php application generates are taken from the login.errors file shown in Listing 5-4. Listing 5-4: login.errors <?php // Errors for Login application $ERRORS[‘US’][‘MISSING_CODE’] = “No error message found”; $ERRORS[‘US’][‘INVALID_DATA’] = “Invalid data.”; ?> The login.php application displays the login menu using the login.ihtml file, which is shown in Listing 5-5. The $LOGIN_TEMPLATE is set to point to login.ihtml in the login.conf file. Listing 5-5: login.ihtml <html> <head><title>Login</title></head> <body> <! BEGIN mainBlock > <center> <form action=”{SELF_PATH}” method=”POST”> <table border=0 cellpadding=3 cellspacing=0 width=30%> <tr> <td bgcolor=”#cccccc” colspan=2>Login</td> </tr> <tr> <td>Email</td> <td><input type=text name=”email” value=”{USERNAME}” size=30 maxsize=50> </td> </tr> <tr> <td>Password</td> <td><input type=password name=”password” size=30 maxsize=50></td> </tr> <tr> <td align=center colspan=2> 136 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 136 <input type=submit value=”Login”> &nbsp; <input type=reset value=”Reset”> </td> </tr> </table> <input type=hidden name=”url” value=”{REDIRECT_URL}”> </form> <font size=2>Login attempt {ATTEMPT}.</font> </center> <! END mainBlock > </body> </html> The login.ihtml template has a set of template tag variables that are replaced by the login.php application. These template tag variables are explained in Table 5-2. TABLE 5-2 TEMPLATE TAG VARIABLES IN LOGIN TEMPLATE Template Tag Explanation {SELF_PATH} Set as a form action. The login application replaces this with the relative path to the login application itself. This allows the login menu form to be submitted to the login application itself. {USERNAME} Replaced with the username previously entered when the user failed to successfully authenticate the first time. This saves the user from having to type the username again and again when she doesn’t remember the password correctly. This is a user- friendly feature. {REDIRECT_URL} Set to the URL of the application that redirected the user to the login application. {ATTEMPT} Displays the number of login attempts the user has made. When the login attempts exceed the number of attempts set in the $MAX_ATTEMPTS variable in the login.conf file, the user is redirected to the $WARNING_URL page, which is shown in Listing 5-6. Chapter 5: Central Authentication System 137 08 549669 ch05.qxd 4/4/03 9:24 AM Page 137 Listing 5-6: warning.html <html> <head> <title>Invalid Login Attempts</title> </head> <body> <h1>Excessive Invalid Login Attempts</h1> <hr> You have attempted to login too many times. </body> </html> The warning page can be any page. For example, you can set $WARNING_URL to your privacy or network usage policy page to alert the user of your policies on resource usage. Creating the Central Logout Application The central logout application terminates the user session. A flowchart of such an application is shown in Figure 5-6. Figure 5-6: A flowchart for the logout application. Start Stop Yes No Is user already authenticated? Logout the user by terminating the session and redirect the user to the home URL. Show alert message stating that user is not logged in. 138 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 138 The logout application checks to see whether the user is logged in. If the user is not logged in, she is warned of her status. If the user is logged in, her session is ter- minated and the user is redirected to a home URL. Listing 5-7 implements this flow- chart in logout.php. Listing 5-7: logout.php <?php require_once “login.conf”; require_once “login.errors”; /* Session variables must be defined before session_start() method is called */ $count = 0; class loginApp extends PHPApplication { function run() { global $MIN_USERNAME_SIZE, $MIN_PASSWORD_SIZE, $MAX_ATTEMPTS; global $WARNING_URL, $APP_MENU; $email = $this->getRequestField(‘email’); $password = $this->getRequestField(‘password’) ; $url = $this->getRequestField(‘url’); $emailLen = strlen($email); $passwdLen = strlen($password); $this->debug(“Login attempts : “ . $this->getSessionField(‘SESSION_ATTEMPTS’)); if ($this->is_authenticated()) { // return to caller HTTP_REFERRER $this->debug(“User already authenticated.”); $this->debug(“Redirecting to $url.”); $url = (isset($url)) ? $url : $this->getServer(); header(“Location: $url”); Continued Chapter 5: Central Authentication System 139 08 549669 ch05.qxd 4/4/03 9:24 AM Page 139 Listing 5-7 (Continued) } else if (strlen($email) < $MIN_USERNAME_SIZE || strlen($password) < $MIN_PASSWORD_SIZE) { // display the login interface $this->debug(“Invalid Email or password.”); $this->display_login(); $_SESSION[“SESSION_ATTEMPTS”] = $this->getSessionField(“SESSION_ATTEMPTS”) + 1; } else { // Prepare the email with domain name if (!strpos($email, ‘’)) { $hostname = explode(‘.’, $_SERVER[‘SERVER_NAME’]); if (sizeof($hostname) > 1) { $email .= ‘’ . $hostname[1] . ‘.’ . $hostname[2]; } } // authenticate user $this->debug(“Authenticate user: $email with password $password”); if ($this->authenticate($email, $password)) { $this->debug(“User is successfully authenticated.”); $_SESSION[“SESSION_USERNAME”] = $email; $_SESSION[“SESSION_PASSWORD”] = $password; $_SESSION[“SESSION_USER_ID”] = $this->getUID(); if (empty($url)) { $url = $APP_MENU; } // Log user activity $thisUser = new User($this->dbi, $this->getUID()); $thisUser->logActivity(LOGIN); $this->debug(“Location $url”); header(“Location: $url”); 140 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 140 . is redirected to a home URL. Listing 5-7 implements this flow- chart in logout .php. Listing 5-7: logout .php < ?php require_once “login.conf”; require_once “login.errors”; /* Session variables. All the error messages that the login .php application generates are taken from the login.errors file shown in Listing 5-4. Listing 5-4: login.errors < ?php // Errors for Login application $ERRORS[‘US’][‘MISSING_CODE’]. > </body> </html> The login.ihtml template has a set of template tag variables that are replaced by the login .php application. These template tag variables are explained in Table 5-2. TABLE 5-2 TEMPLATE TAG