Use phplib for session management and authentication

Introduction: This is a detailed page for session management and authentication using phplib. It introduces PHP, related knowledge, skills, experience, and some PHP source code.

Class = 'pingjiaf' frameborder = '0' src = 'HTTP: // biancheng.dnbc?info/pingjia.php? Id = 324417 'rolling = 'no'>

Phplib can also do many other things, such as database classes. This articleArticleJust a brief introduction to phplib. There are many classes and functions not available
Mentioned. You can go to the http://phplib.netuse.de to get more help documentation

Test environment: Standard Environment

First of all, we need to describe the fact that the current status of the customer needs to be saved in the Web page design.ProgramSuch as online shopping.
As a programmer, you must always face the status parameters passed between each home page. The customer's identity authentication, the choices he has made, and his current status
Wait, the Web homepage will not save the status information for you. You must handle these parameters carefully, which brings us too much inconvenience.
Http: // URL? Var1 = x1 & var2 = x2 It is too dangerous to transmit parameters between the home page, especially when variables contain user registration information
Sniff, how can we solve this problem?

Phplib solves this problem. It is an extension on php3 and provides many class libraries so that programmers can easily create an interaction.
Web site, phplib's most basic functions include user authentication, session management, permission and database abstraction.

You must install php3 on your server before installing phplib. phplib can run in CGI Mode or Apache additional module mode. Php3
Versions must be later than 3.0.5. Earlier versions of php3 can be supported by the -- enable-foce-CGI-redirect parameter during compilation, as shown in figure
If this is not done, security issues may occur. In the php3 configuration, track_vars needs to be set to enabled. A database is also required,
Phplib supports MySQL, Oracle, ODBC, PostgreSQL, and Sybase.

Step 1: The phplib class library needs to be initialized according to the system. You can modify the local. inc file, which contains some basic parameters.
You can modify it based on your machine.

Let's explain how phplib works. Every page using phplib must first find the required class library file to run phplib,
You can set the auto_prepend variable in php3.ini. The phplib distribution package contains a prepend. php3 file
After auto_prepend is specified as prepend. php3, the pages will automatically contain the phplib class library. We can also add the directory where the phplib class library is located
Include variable to find these files. Of course, the most benzene method is to specify the absolute path, which is not a good idea!

Step 2: you must use the page_open function to initialize each page that uses phplib. This will tell phplib that you will
Use status to save. A typical page_open example includes authentication, session, and permission:

<? PHP
Page_open (Array ("sess" => "cms_session", "auth" => "cms_auth", "perm" => "cms_perm "));
?>

Array variables (sess, auth, Perm) are used to initialize some state storage objects. Note: The phplib built-in name must be used.
(Sess, auth, Perm), these built-in names are defined in local. ini, And the page_open function must be before the page content is output to the browser.
Called. (If you will not use authentication in the future, you can not initialize sess.) The php3 script should end with page_close (), which will
Write the status data back to the database. If you forget it, it will...

Because phplib uses cookies to save status information, the page_open () function must be called before the page content is output to the browser.
The page content can be any HTML information or empty rows. If you find the error "oops-setcookie called after
Header has been sent ", which indicates what is output to the browser before page_open (). Pay special attention to empty rows because it is very difficult to find
The typical error is <? And?> Empty lines are output between tags. You should check whether empty lines are included in the local. INC and prepend. php3 files.
This is also a very error-prone place.

PHP uses a more complex architecture than the basic authentication method, which ensures security.

For example, if you want to restrict access to a page, page_open is first used to call "auth" => "auth_class" to initialize
After the authentication status object, the status will be saved. Then, when the customer visits another page, the authentication system will first check whether the user's identity is
No. It has been certified.

Let's explain that when a user visits the page for the first time, his identity is not authenticated, phplib will call a registration window (not
In Windows), you can design the registration window style by yourself. When a user enters his username and password and presses the submit button,
Identity Authentication started, and the subsequent situation was somewhat complicated. Let's explain it slowly ......

There are two cases: if the user's browser is not compatible with JavaScript, authentication is like asking the suspect, the user name and port
To be sent to the server and compared with the data stored there. If your browser is compatible with JavaScript, it will be a little complicated,
Phplib first adds a seed String called "challenge" to the client page. When a user submits the page
The user name, password, and challenge string of the instance are encrypted using the MD5 encryption method to generate an encrypted string.
To the server. After receiving the username and encrypted string, the server performs MD5 operation based on the username and password in the database and the obtained seed.
The generated string is compared with the string submitted by the user. If yes, the user's identity is correct and the user is allowed to perform subsequent operations.
Access. The advantage of this method is that the user does not need to submit a password, which makes authentication safer.

Session management
In fact, session management is very similar to identity authentication. When a user's identity authentication is passed, the user's session starts, as shown in figure
If your browser supports cookies, a session ID will be created and put into the cookie. The unique ID is randomly generated by php3 and then
Use random Seeds
The string is encrypted by MD5. The cookie here is called the session cookie, because the cookie is not written to the user's hard disk,
When a session is completed, the cookie is also completed. If the user's browser does not support cookies, the session ID will
Will be put into the URL chain, because it is encrypted, so it is useless to steal. Session ID stores user information, such as user authenticated and authenticated
Expiration time, user permissions, and other information you may need for your convenience.

A session is a user's session process. Session management is not just used to track user registration. In fact, it can also
For use without authentication, you can use it to store any information you want to store. This information can be used in subsequent pages accessed by users,
Of course, the premise is that those pages use phplib. The method is simple. After registering a variable, you can use it on the subsequent page until the session ends.
. Method:

<? PHP $ sess-> Register ("variable_name");?>

Note: Here, variable_name is not a variable value, but a variable name. You can specify a variable name before assigning a value. You can
To change the value of the variable. The changed value will be obtained when you access the variable on the subsequent page. Variable types are diverse. They can be a string or a number.
Word, an array, or even an object. For example:

<? PHP
$ Sess-> Register ("first ");
If (check ($ firstname )){
$ First = $ firstname;
}
?>

Note: This is important. You can register a variable and then assign values to it. This is very effective.
Variables are defined anywhere without being assigned values, and then assigned values on subsequent pages, so that variables can be defined in a centralized manner. You may have noticed that the above example
We do not simply assign values to variables, so we are safe to consider. You should not rashly put form data into variables. In the preceding example
Check and then assign values to the variables. This is a good habit. Everyone should pay attention to it.

After registering a variable, when the page finally calls the page_close () function, each session variable will be written back to the database. If you forget
If you call the page_close () function, the variable will not be written back to the database, and unknown consequences will occur. When the variable is used, you are not
You can call the following function to delete a variable:

<? PHP
$ Sess-> unregister ("variable_name ");
?>

Phplib 7.0 uses a storage structure that allows you to store session data to databases, shared memory, or LDAP.
Phplib uses database classes, which gives you more options.

Permission management
Permissions are inseparable from authentication. After a user's identity is confirmed, you can determine his or her level and permissions. Of course, you must
Call page_open to initialize the "perm" object. The command to check user permissions is as follows:

<? PHP
$ Perm-> check ("permission_level ");
?>

This command will check whether the user meets your specified level. The specified level should be defined in the local. inc file. You can define it by yourself.
Various levels. If the user is checked for a non-conformity level. Then the perm_invalid () function is automatically called. You can create your own perm_invalid
Function.

The following is another method for checking permissions in phplib:

<? PHP
$ Perm-> have_perm ("permission_level ");
?>

Have_perm is different from the check function. It only returns true or false, but does not exit the script, so that we can better control the program flow.

<? PHP
If ($ perm-> have_perm ("guest "))
{// Do something ;}
Elseif ($ perm-> have_perm ("admin "))
{// Do something else ;}
Else {// Yet something else ;}
?>

Reprinted: PhP technical network

Love J2EE follow Java Michael Jackson video station JSON online tools

Http://biancheng.dnbcw.info/php/324417.html pageno: 14