This is my implementation of $_SESSION support for authentication. It fixes a bunch...

For the record I am developing with php4.2.3 and session.auto_start off, and using php_ini_set didn't seem to work
I did notice that I can connect to 2 servers from the same browser in different tabs, the session info crosses over. I think this might be avoidable by explicitly naming sessions though, will need to look

diff --git a/libraries/lib.inc.php b/libraries/lib.inc.php
index 7f76efabb707049f05a4487e745a32b18ddd0e06..7158bc5825189774b6ff466fd97e5aae3897a0f2 100644 (file)
--- a/libraries/lib.inc.php
+++ b/libraries/lib.inc.php
@@ -3,13 +3,18 @@
        /**\r
         * Function library read in upon startup\r
         *\r
-        * $Id: lib.inc.php,v 1.2 2002/09/23 06:11:39 chriskl Exp $\r
+        * $Id: lib.inc.php,v 1.3 2002/10/23 21:59:14 xzilla Exp $\r
         */\r
 \r
        // Create Misc class references\r
        include_once('../classes/Misc.php');\r
        $misc = new Misc();\r
 \r
+       session_start();\r
+       //session_register('webdbServerID');\r
+       //session_register('webdbUsername');\r
+       //session_register('webdbPassword');\r
+\r
        // Do basic PHP configuration checks\r
        if (ini_get('magic_quotes_gpc')) {\r
                $misc->stripVar($_GET);\r
@@ -27,32 +32,38 @@
                $webdbServerID = $_POST['formServer'];\r
                $webdbUsername = $_POST['formUsername'];\r
                $webdbPassword = $_POST['formPassword'];\r
-               setCookie('webdbServerID', $webdbServerID);\r
-               setCookie('webdbUsername', $webdbUsername);\r
-               setCookie('webdbPassword', $webdbPassword);\r
-               $_COOKIE['webdbServerID'] = $webdbServerID;\r
-               $_COOKIE['webdbUsername'] = $webdbUsername;\r
-               $_COOKIE['webdbPassword'] = $webdbPassword;\r
+\r
+               $_SESSION['webdbServerID'] = $webdbServerID;\r
+               $_SESSION['webdbUsername'] = $webdbUsername;\r
+               $_SESSION['webdbPassword'] = $webdbPassword;\r
+\r
+               //setCookie('webdbServerID', $webdbServerID);\r
+               //setCookie('webdbUsername', $webdbUsername);\r
+               //setCookie('webdbPassword', $webdbPassword);\r
+               //$_COOKIE['webdbServerID'] = $webdbServerID;\r
+               //$_COOKIE['webdbUsername'] = $webdbUsername;\r
+               //$_COOKIE['webdbPassword'] = $webdbPassword;\r
        }\r
                \r
        // If the logged in settings aren't present, put up the login screen\r
-       if (!isset($_COOKIE['webdbUsername']) || \r
-                       !isset($_COOKIE['webdbPassword']) || \r
-                       !isset($_COOKIE['webdbServerID']) || \r
-                       !isset($confServers[$_COOKIE['webdbServerID']])) {\r
+       if (!isset($_SESSION['webdbUsername'])  \r
+                       ||      !isset($_SESSION['webdbPassword'])  \r
+                       ||      !isset($_SESSION['webdbServerID'])  \r
+                       ||      !isset($confServers[$_SESSION['webdbServerID']])\r
+       ){\r
                include($appBase . '/login.php');\r
                exit;\r
        }\r
        \r
        // Create data accessor object, if valid\r
-       if (isset($_COOKIE['webdbServerID']) && isset($confServers[$_COOKIE['webdbServerID']])) {\r
-               $_type = $confServers[$_COOKIE['webdbServerID']]['type'];\r
-               include_once('../classes/database/' . $_type . '.php');\r
-               $data = new $_type(     $confServers[$_COOKIE['webdbServerID']]['host'],\r
-                                                                       $confServers[$_COOKIE['webdbServerID']]['port'],\r
-                                                                       $confServers[$_COOKIE['webdbServerID']]['default'],\r
-                                                                       $_COOKIE['webdbUsername'],\r
-                                                                       $_COOKIE['webdbPassword']);\r
+       if (isset($_SESSION['webdbServerID']) && isset($confServers[$_SESSION['webdbServerID']])) {\r
+               $_type = $confServers[$_SESSION['webdbServerID']]['type'];\r
+               require_once('../classes/database/' . $_type . '.php');\r
+               $data = new $_type(     $confServers[$_SESSION['webdbServerID']]['host'],\r
+                                                                       $confServers[$_SESSION['webdbServerID']]['port'],\r
+                                                                       $confServers[$_SESSION['webdbServerID']]['default'],\r
+                                                                       $_SESSION['webdbUsername'],\r
+                                                                       $_SESSION['webdbPassword']);\r
        }\r
        \r
        // Check that the database functions are loaded\r
@@ -62,14 +73,14 @@
        }       \r
 \r
        // Create local (database-specific) data accessor object, if valid\r
-       if (isset($_COOKIE['webdbServerID']) && isset($confServers[$_COOKIE['webdbServerID']]) && isset($_REQUEST['database'])) {\r
-               $_type = $confServers[$_COOKIE['webdbServerID']]['type'];\r
-               include_once('../classes/database/' . $_type . '.php');\r
-               $localData = new $_type(        $confServers[$_COOKIE['webdbServerID']]['host'],\r
-                                                                                       $confServers[$_COOKIE['webdbServerID']]['port'],\r
+       if (isset($_SESSION['webdbServerID']) && isset($confServers[$_SESSION['webdbServerID']]) && isset($_REQUEST['database'])) {\r
+               $_type = $confServers[$_SESSION['webdbServerID']]['type'];\r
+               require_once('../classes/database/' . $_type . '.php');\r
+               $localData = new $_type(        $confServers[$_SESSION['webdbServerID']]['host'],\r
+                                                                                       $confServers[$_SESSION['webdbServerID']]['port'],\r
                                                                                        $_REQUEST['database'],\r
-                                                                                       $_COOKIE['webdbUsername'],\r
-                                                                                       $_COOKIE['webdbPassword']);\r
+                                                                                       $_SESSION['webdbUsername'],\r
+                                                                                       $_SESSION['webdbPassword']);\r
        }\r
 \r
        // Theme\r
@@ -77,4 +88,4 @@
        include("../themes/{$guiTheme}/global.css");\r
        echo "\n-->\n</style>\n";\r
        \r
-?>
\ No newline at end of file
+?>\r

diff --git a/public_html/browser.php b/public_html/browser.php
index 20fe141a89904663ef134146a57fd7a44dbc2a8c..aea5ca74bb7d4d9f819079c1fa66192da4d22b45 100644 (file)
--- a/public_html/browser.php
+++ b/public_html/browser.php
@@ -3,7 +3,7 @@
        /**
         * Main object browser
         *
-        * $Id: browser.php,v 1.10 2002/10/15 20:39:40 xzilla Exp $
+        * $Id: browser.php,v 1.11 2002/10/23 21:59:13 xzilla Exp $
         */
 
        // Include application functions
@@ -23,7 +23,7 @@
        // Construct expanding tree
    $tree = new Tree ('class.tree');
    $tree->set_frame ('detail');
-   $root  = $tree->open_tree ('<a href=\"all_db.php\" target=\"detail\">'. htmlspecialchars($confServers[$_COOKIE['webdbServerID']]['desc']) .'</a>', '');
+   $root  = $tree->open_tree ('<a href=\"all_db.php\" target=\"detail\">'. htmlspecialchars($confServers[$_SESSION['webdbServerID']]['desc']) .'</a>', '');
 
        $databases = &$data->getDatabases();
        while (!$databases->EOF) {

diff --git a/public_html/logout.php b/public_html/logout.php
new file mode 100644 (file)
index 0000000..d463e1b
--- /dev/null
+++ b/public_html/logout.php
@@ -0,0 +1,8 @@
+<?php
+
+session_start();
+unset($_SESSION);
+session_destroy();
+
+header('Location:index.php');
+?>

diff --git a/public_html/topbar.php b/public_html/topbar.php
index 0dd5baa5eeac79877ebcf29563e50051b1168290..577fc79b4589c3fc5e57d946828003ed5c19f30b 100755 (executable)
--- a/public_html/topbar.php
+++ b/public_html/topbar.php
@@ -3,7 +3,7 @@
        /**\r
         * Top menu for WebDB\r
         *\r
-        * $Id: topbar.php,v 1.6 2002/10/02 05:05:20 xzilla Exp $\r
+        * $Id: topbar.php,v 1.7 2002/10/23 21:59:13 xzilla Exp $\r
         */\r
 \r
        // Include application functions\r
@@ -19,16 +19,16 @@
 <table width="100%" border="0" cellspacing="0" cellpadding="0">\r
        <tr> \r
                <td width="211" rowspan="2"><img src="images/themes/<?= $guiTheme ?>/title.gif" width="211" height="50" alt="<?= htmlspecialchars($appName) ?>" /></td>\r
-               <td width="69%"><?= $confServers[$_COOKIE['webdbServerID']]['type'] ?> running on \r
-               <?= htmlspecialchars($confServers[$_COOKIE['webdbServerID']]['host']) ?>:<?= $confServers[$_COOKIE['webdbServerID']]['port'] ?>\r
-               -- You are logged in as user <b><?= htmlspecialchars($_COOKIE['webdbUsername']) ?></b>, \r
+               <td width="69%"><?= $confServers[$_SESSION['webdbServerID']]['type'] ?> running on \r
+               <?= htmlspecialchars($confServers[$_SESSION['webdbServerID']]['host']) ?>:<?= $confServers[$_SESSION['webdbServerID']]['port'] ?>\r
+               -- You are logged in as user <b><?= htmlspecialchars($_SESSION['webdbUsername']) ?></b>, \r
                        <?= date('jS M, Y g:iA') ?></td>\r
        </tr>\r
        <tr>\r
                <td>\r
                        <a class="toplink" href="users.php" target="detail">User Admin</a> | \r
                        <a class="toplink" href="groups.php" target="detail">Group Admin</a> | \r
-                       <a class="toplink" href="login.php?mode=logout" target="_parent">Logout</a>\r
+                       <a class="toplink" href="logout.php" target="_parent">Logout</a>\r
                </td>\r
        </tr>\r
 </table>\r