need alt. Session auth. (.htaccess php_value)

Re: need alt. Session auth. (.htaccess php_value)

awebguynow wrote:
[color=blue]
> My shared-host doesn't allow php_value directives in .htaccess
>
> I was using an "auto_prepend_f ile" on my local development machine,
> that helped me implement a Session based authentication system.
>
> Host said: "PHP is running as SuEXEC-CGI for security reasons"
> and auto_prepend_fi le can only be put in php.ini ( system wide, out
> of my control )
>
> Now I'm back to Square 0. I'd prefer not to get stuck rewriting my
> code-base.
> Any other alternatives & suggestions on implementing Session based
> authentication ?[/color]

Hi,

Well, I guess you have to rewrite your code so it handles the authentication
in SESSIONS.
It doesn't have to be a lot of work.
I always approach this simple. Try something along the following lines:

Above every PHP-file that needs some authentication:
<?
// session_start() ; // I use auto-start, so this is up to you.
require_once('i ncludes/someFunctions.p hp');
checkedIfLogged In();
// or
checkIfIsAdmin( );
?>

the someFunctions.p hp file contains a simple routine like:
function checkIfLoggedIn (){
if (isset($_SESSIO N["userid"])){
// OK, continue
} else {
// not ok, session over or illegal attempt
header('login.p hp?comment='.ur lencode('Your session is over. Please login
again'));
exit;
}
}

same for checkIfIsAdmin( ), only that checks another value in SESSION, like
$_SESSION["admin"] == "Y".

You probably have your own sets of expected session-vars.

I give you this example because it is usable everywhere where sessions are
supported. If you set it up like this, you never need to worry about
safemode, or auto_prepend_fi le, etc, because you simple include it
everywhere where needed with appropriate functionscalls.

Hope this helps.

Regards,
Erwin Moller