豬頭 (beezari) wrote,
豬頭
beezari

Single Sign-on on php

if you were wondering how to force your non-php apps to authenticate through the php app session thing, here's the story:

http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/ comes pretty handy. You can hook this thing to PHPSESSID cookie thing and then just drop .htaccess file into other folders that you want to control.

Your .htaccess file will look like this:

AuthType Cookie
AuthCookieSql on
AuthCookieSql_DBhost localhost
AuthCookieSql_DBuser bozouser
AuthCookieSql_DBpassword bozopassword
AuthCookieSql_DBname sessions
AuthCookieSql_DBtable site_sessions
AuthCookieSql_SessnameField sessname
AuthCookieSql_SessvalField sesskey
AuthCookieSql_UsernameField username
AuthCookieSql_CookieName PHPSESSID
AuthCookieSql_ExpiryField expiry
AuthCookieSql_RemoteIPField remoteip
AuthCookieSql_FailureURL "/login.php"
require valid-user

--/cut here/--

Then you'll need a DB:

CREATE table site_sessions (sessname varchar(32) NOT NULL, sesskey varchar(32) NOT NULL, expiry INTEGER(11) default 0, remoteip varchar(15) NOT NULL, username varchar(32) NOT NULL) ENGINE=MyiSAM DEFAULT CHARSET=latin1;

and sum php coden..

<?php
require_once 'adodb.php';

class SignOn {
function connect() {
... nuthin new..just connect to adodb thin'
}

# call this when your user is logged in shuukkushefully..
function login($user) {
SignOn::logout($user);
$cookie = $_COOKIE["PHPSESSID"];
$time = time() + 60 * 60; // one hour expiry time
$addr = $_SERVER["REMOTE_ADDR"];
$query = "INSERT INTO site_sessions VALUES('PHPSESSID', '$cookie', $time, '$addr', '$user')";
$db = SignOn::connect();
$db->Execute($query);
$db->Close();
}


# call this when your user is logged out shukkushefully..
function logout($user) {

$cookie = $_COOKIE["PHPSESSID"];
# there might be some crap here, if you don't ensure your cookies look "proper" before calling this.
# some sort of user input validation should be good here
$query = "DELETE from site_sessions where sesskey='$cookie'";

$db = SignOn::connect();
$db->Execute($query);
$db->Close();

}
# you'll need to update expiry time regulary (from your php app? or maybe hack apache mod
# otherwise sessions get expired
# use this function to update expire date from your php app
function update($user) {

$cookie = $_COOKIE["PHPSESSID"];
$time = time() + 60 * 60; // one hour expiry
$query = "UPDATE site_sessions set expiry=$time where username='$user' and sesskey = '$cookie'";
$db = SignOn::connect();
$db->Execute($query);
$db->Close();
}


}

blargh...
Subscribe

  • Ubuntu Custom CD: a quick and dirty way

    A few notes on my practical experience of building custom ubuntu disks. I work here with Ubuntu Precise (12.04). But any other Ubuntu distro should…

  • OpenVAS 4.x/5.x from SVN source

    Didn't see any around. so here are my notes. Build instructions for Debian and ubuntu. Assuming pcap, libc, gcc are already installed. build…

  • socket proxy in erlang

    Since I started spitting out some code here, here's another thing I've been playing recently. Erlang. For kicks, I decided to implement a socket…

  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments