1. Trang chủ
  2. » Công Nghệ Thông Tin

Secure PHP Development- P35 ppt

5 196 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 83,76 KB

Nội dung

$this->debug(“Redirect user to caller application at url = $url.”); } else { $this->debug(“User failed authentication.”); $this->display_login(); $_SESSION[“SESSION_ATTEMPTS”] = $this->getSessionField(“SESSION_ATTEMPTS”) + 1; } } } function warn() { global $WARNING_URL; $this->debug(“Came to warn the user $WARNING_URL”); header(“Location: $WARNING_URL”); } function display_login() { global $TEMPLATE_DIR; global $LOGIN_TEMPLATE; global $MAX_ATTEMPTS; global $REL_TEMPLATE_DIR; global $email, $url; global $PHP_SELF, $FORGOTTEN_PASSWORD_APP; $url = $this->getRequestField(‘url’); if ($this->getSessionField(“SESSION_ATTEMPTS”) > $MAX_ATTEMPTS) { $this->warn(); } $this->debug(“Display login dialog box”); $template = new Template($TEMPLATE_DIR); $template->set_file(‘fh’, $LOGIN_TEMPLATE); $template->set_block(‘fh’, “mainBlock”); $template->set_var(‘SELF_PATH’, $PHP_SELF); $template->set_var(‘ATTEMPT’, $this->getSessionField(“SESSION_ATTEMPTS”)); Continued Chapter 5: Central Authentication System 141 08 549669 ch05.qxd 4/4/03 9:24 AM Page 141 Listing 5-7 (Continued) $template->set_var(‘TODAY’, date(“M-d-Y h:i:s a”)); $template->set_var(‘TODAY_TS’, time()); $template->set_var(‘USERNAME’, $email); $template->set_var(‘REDIRECT_URL’, $url); $template->set_var(‘FORGOTTEN_PASSWORD_APP’, $FORGOTTEN_PASSWORD_APP); $template->parse(“fh”, “mainBlock”); $template->set_var(‘BASE_URL’, sprintf(“%s”,$this->base_url)); $template->pparse(“output”, “fh”); return 1; } function is_authenticated() { return (!empty($_SESSION[“SESSION_USERNAME”])) ? TRUE : FALSE; } function authenticate($user = null, $passwd = null) { $authObj = new Authentication($user, $passwd, $this->app_db_url); if ($authObj->authenticate()) { $uid = $authObj->getUID(); $this->debug(“Setting user id to $uid”); $this->setUID($uid); return TRUE; } return FALSE; } } global $AUTH_DB_URL; $thisApp = new loginApp( array( ‘app_name’ => $APPLICATION_NAME, ‘app_version’ => ‘1.0.0’, ‘app_type’ => ‘WEB’, ‘app_db_url’ => $AUTH_DB_URL, ‘app_auto_authorize’ => FALSE, ‘app_auto_chk_session’ => FALSE, 142 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 142 ‘app_auto_connect’ => TRUE, ‘app_type’ => ‘WEB’, ‘app_debugger’ => $OFF ) ); $thisApp->buffer_debugging(); $thisApp->debug(“This is $thisApp->app_name application”); $thisApp->run(); $thisApp->dump_debuginfo(); ?> The logout.php application calls the is_authenticated() method of the class.PHPApplication.php object and, if the user is authenticated, it calls its own logout method. This method calls the session_unset() and session_destroy() methods, which are part of PHP’s built-in session management API. The ses- sion_unset() method simply makes the session variables as if they were never set before. The effect of session_unset() in our login scenario is that session vari- ables such as SESSION_USERNAME and SESSION_ATTEMPTS are unset. Similarly, the session_destroy() method removes the entire session (file or database record) from the session storage. The full effect is that the user loses her session and will need a new login session to work with applications that require the central login facility. The logout.php application uses the logout.conf file shown in Listing 5-8. This configuration file is very similar to the login.conf and requires no further explanation except that the $HOME_URL is a new entry. This variable sets the URL, which is used to redirect the logged out user to a central page. Typically this URL would be set to the home page of the intranet or Internet site. Listing 5-8: logout.conf <?php // login.conf //extract($_GET); //extract($_POST); // Turn on all error reporting error_reporting(E_ALL); // If you have installed framewirk directory in // a different directory than // %DocumentRoot%/framework, change the setting below. Continued Chapter 5: Central Authentication System 143 08 549669 ch05.qxd 4/4/03 9:24 AM Page 143 Listing 5-8 (Continued) $APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’; $PEAR =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’; $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework // classes in these directories ini_set( ‘include_path’, ‘:’ . $PEAR . ‘:’ . $PHPLIB . ‘:’ . $APP_FRAMEWORK_DIR . ‘:’ . ini_get(‘include_path’)); $PHP_SELF = $_SERVER[“PHP_SELF”]; $LOGIN_TEMPLATE = ‘login.html’; $APPLICATION_NAME = ‘LOGIN’; $DEFAULT_LANGUAGE = ‘US’; $AUTH_DB_URL = ‘mysql://root:foobar@localhost/auth’; $ACTIVITY_LOG_TBL = ‘ACTIVITY’; $AUTH_DB_TBL = ‘users’; $MIN_USERNAME_SIZE= 3; $MIN_PASSWORD_SIZE= 3; $MAX_ATTEMPTS = 250; $FORGOTTEN_PASSWORD_APP = ‘/user_mngr/apps/user_mngr_forgotten_pwd.php’; $APP_MENU = ‘/’; $TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/login/templates’; $REL_TEMPLATE_DIR = ‘/login/templates/’; $WARNING_URL = $TEMPLATE_DIR . ‘/warning.html’; require_once “login.errors”; require_once “login.messages”; require_once ‘DB.php’; require_once $APP_FRAMEWORK_DIR . ‘/’ . ‘constants.php’; 144 Part II: Developing Intranet Solutions 08 549669 ch05.qxd 4/4/03 9:24 AM Page 144 require_once $APP_FRAMEWORK_DIR . ‘/’ . $DEBUGGER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $APPLICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $ERROR_HANDLER_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $AUTHENTICATION_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $DBI_CLASS; require_once $APP_FRAMEWORK_DIR . ‘/’ . $USER_CLASS; require_once $TEMPLATE_CLASS; ?> The logout application also has a logout.errors file, shown in Listing 5-9, and logout.messages file, shown in Listing 5-10. Listing 5-9: logout.errors <?php // Errors for Logout application $ERRORS[‘US’][‘MISSING_CODE’] = “No error message found”; $ERRORS[‘US’][‘INVALID_DATA’] = “Invalid data.”; ?> The logout messages are displayed using the alert() method found in the class.PHPApplication.php object. Listing 5-10: logout.messages <?php // Messages for logout applications $MESSAGES[‘US’][‘LOGOUT_SUCCESSFUL’] = “You are logged out.”; $MESSAGES[‘US’][‘LOGOUT_FAILURE’] = “You are not logged in.”; $MESSAGES[‘US’][‘LOGOUT_NOT_LOGGED_IN’] = “You are not logged in.”; ?> Now let’s test our central login and logout applications. Chapter 5: Central Authentication System 145 08 549669 ch05.qxd 4/4/03 9:24 AM Page 145 . =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’; $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework //. application”); $thisApp->run(); $thisApp->dump_debuginfo(); ?> The logout .php application calls the is_authenticated() method of the class.PHPApplication .php object and, if the user is authenticated, it calls its. directories ini_set( ‘include_path’, ‘:’ . $PEAR . ‘:’ . $PHPLIB . ‘:’ . $APP_FRAMEWORK_DIR . ‘:’ . ini_get(‘include_path’)); $PHP_ SELF = $_SERVER[ PHP_ SELF”]; $LOGIN_TEMPLATE = ‘login.html’; $APPLICATION_NAME

Ngày đăng: 07/07/2014, 07:20

TỪ KHÓA LIÊN QUAN