Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

phplib customized login form

0 views
Skip to first unread message

Tobias Gorsleben

unread,
Mar 30, 2003, 5:24:37 PM3/30/03
to
Hi,
I would be very happy if someone can help me with PHPLIB and a customized
authentication login form! I'm a phplib-beginner and sticking in a problem.
How can I use a template (!!!) login form and not the provided
'loginform.ihtml' for the authentication process?? Would be nice, if someone
can post a step by step description and/or eventually source code.
I have attached some lines of my code. The "My_Auth" class is inherited from
the phplib Auth class. I tried to insert a template thing of a login form in
the method auth_loginform(). Excecuting the "login.php", it shows on the
screen quite correct, but if I try to login I get the same login screen. How
do I realize/include the script for a successful login and showing the error
messages in the <!-- error_block --> of the template html-file if
necessary??

Any help appreciated!
Thanx,
Tobias

Here is an excerpt of the config file "local4.inc" with my Auth class:
(with challenge response and md5 passwort encryption)
///////////////////////////////////////
class My_Auth extends Auth {
var $classname = "My_Auth";
var $lifetime = 15;
var $database_class = "My_Database";
var $database_table = "auth_user_md5";
var $magic = "something"; ## Challenge seed
var $nobody = true;
var $cancel_login = "cancel";
var $mode = "log";

function auth_loginform() {
global $sess, $challenge, $_PHPLIB, $PHP_SELF;

$challenge = md5(uniqid($this->magic));
$sess->register("challenge");
## include($_PHPLIB["tpldir"] . "login.tpl.html");
// was the old provided form
$tpl = new Template();
$tpl->set_root($_PHPLIB["tpldir"]);
$tpl->set_file("form", "login.tpl.html");
$tpl->set_var(array(
"TITLE" => "Login Seite",
"HEADLINE" => "Bitte einloggen",
"ACTION_URL" => $PHP_SELF,
"PHP_SELF" => $PHP_SELF,
"CHALLENGE" => $challenge,));

if (isset($this->auth["uname"])) {
$tpl->set_var('USERNAME',
$this->auth["uname"]);
} else {
$tpl->set_var('USERNAME',"");
$this->auth["error"] = "";
}
if (isset($this->auth["error"])) {
$tpl->set_var('ERROR',
$this->auth["error"]);
} else {
$tpl->set_var('ERROR', "");
}

$tpl->pparse('OUT', "form");
}

function auth_validatelogin() {
global $HTTP_POST_VARS, $challenge;
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

# the login form will save the username
if(isset($username)) {
$this->auth["uname"] = $username;
} else if ($this->nobody){ ## provides for
"default login cancel"
$uid = $this->auth["uid"] = "nobody";
return $uid;
}

if ($username == "" || $password == "" ||
strstr($username,"'")) {
return false;
}

# assume the check is going to fail
$uid = false;

$md5_pw_net = md5("$username:$password");
$this->db->query(sprintf("SELECT user_id, perms, password ".
"FROM %s WHERE username = '%s'",
$this->database_table,

addslashes($HTTP_POST_VARS["username"])));
if ($this->db->num_rows() == 0) {
return false;
}

while($this->db->next_record()) {
$uid = $this->db->f("user_id");
$perm = $this->db->f("perms");
$pass = $this->db->f("password"); ## Password is stored as a md5
hash
}
$expected_response = md5("$HTTP_POST_VARS[username]:$pass:$challenge");

## True when JS is disabled
if ($HTTP_POST_VARS["response"] == "") {
if (md5($HTTP_POST_VARS["password"]) != $pass) { ## md5 hash for
non-JavaScript browsers
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}
}

## Response is set, JS is enabled
if($expected_response != $HTTP_POST_VARS["response"]) {
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}

$this->auth["error"] = "Either your username or password are
invalid.<br>Please try again.";
return false;
}


function auth_preauth() {
global $HTTP_POST_VARS;

if($HTTP_POST_VARS["username"]) {
$this->auth["uname"] = $HTTP_POST_VARS["username"];
$this->mode = "log";
} return false;
}
}
////////////////////////////////////


I use in "login.php" the following:
/////////////////////////////////////
<?php
page_open(array("sess" => "My_Session", "auth" => "My_Auth", "perm" =>
"My_Perm", "user" => "My_User"));

$HTTP_SERVER_VARS["QUERY_STRING"] = ereg_replace("(^|&)again=yes(&|$)",
"\\1", $HTTP_SERVER_VARS["QUERY_STRING"]);
$auth->login_if($again);

........... (don't know)

page_close();
?>
///////////////////////////////////


This is my current template file:
///////////////////////////////////
<!-- start login.tpl.html -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>{TITLE}</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript" src="JScripts/md5.js"></script>
<script language="javascript">
<!--
function doChallengeResponse() {
str = document.login.username.value + ":" +
MD5(document.login.password.value) + ":" +
document.login.challenge.value;
document.login.response.value = MD5(str);
document.login.password.value = "";
document.logintrue.username.value = document.login.username.value;
document.logintrue.response.value = MD5(str);
document.logintrue.submit();
return false;
}
// -->
</script>
</head>

<body bgcolor="#F9DBA4">
<table width="80%" height="100%" border="1" align="center" cellpadding="0"
cellspacing="0">
<tr>
<td height="5" bgcolor="#FCC478">&nbsp;</td>
</tr>
<tr>
<td height="20">
<div align="center"><br>
{TITLE}<br>
<br>
</div></td>
</tr>
<tr>
<td valign="top">
<h3 align="center">&nbsp;</h3>
<h3 align="center">{HEADLINE}</h3>
<form name="login" action="{ACTION_URL}"
method="post" onSubmit="doChallengeResponse()">
<table border="0" cellspacing="0"
cellpadding="4" align="center">
<tr>
<td
class="descr">Username:</td>
<td><input
type="text" name="username" value="{USERNAME}" size="32" maxlength="32"
/></td>
</tr>
<tr>
<td
class="descr">Password:</td>
<td><input
type="password" name="password" value="" size="32" maxlength="32" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>

<input type="submit" name="submit" value="Login now" />

<input type="submit" name="cancel" value="Cancel Login" />
</td>
</tr>
<tr>
<td
class="descr"><input type=checkbox name=setcookie></td>
<td
class="descr">Remember me? ( Stay logged in from this computer)</td>
</tr>
<tr>
<td
class="descr"><input type=checkbox name=lostpw></td>
<td
class="descr">Oops, I lost my password.<br /> Send an email with a link
that allows me to change my password</td>
</tr>
</table>
<input type="hidden" name="challenge"
value="{CHALLENGE}" />
<input type="hidden" name="response"
value="" />
</form>

<form name="logintrue"
action="{PHP_SELF}" method=post>
<input type="hidden" name="username"
value="">
<input type="hidden" name="challenge"
value="{CHALLENGE}">
<input type="hidden" name="response"
value="">
</form>
</td>
</tr>
<!-- BEGIN error_block -->
<tr>
<td height="20"><div align="center">{ERROR}</div></td>
</tr>
<!-- END error_block -->
</table>
<script language="JavaScript">
<!--
// Activate the appropriate input form field.
if (document.login.username.value == '') {
document.login.username.focus();
} else {
document.login.password.focus();
}
// -->
</script>
</body>
</html>
<!-- end login.tpl.html -->
///////////////////////////////////


0 new messages