‘app_type’ => ‘WEB’,‘app_debugger’ => $OFF ; $thisApp->buffer_debugging; $thisApp->debug“This is $thisApp->app_name application”; $thisApp->run; $thisApp->dump_debuginfo; ?> The logout.
Trang 1} else {
$this->debug(“User failed authentication.”);
$this->display_login();
$_SESSION[“SESSION_ATTEMPTS”] =
$this->getSessionField(“SESSION_ATTEMPTS”) + 1;
} } }
function warn() {
global $WARNING_URL;
$this->debug(“Came to warn the user $WARNING_URL”);
header(“Location: $WARNING_URL”);
}
function display_login() {
global $TEMPLATE_DIR;
global $LOGIN_TEMPLATE;
global $MAX_ATTEMPTS;
global $REL_TEMPLATE_DIR;
global $email, $url;
global $PHP_SELF,
$FORGOTTEN_PASSWORD_APP;
$url = $this->getRequestField(‘url’);
if ($this->getSessionField(“SESSION_ATTEMPTS”) > $MAX_ATTEMPTS) {
$this->warn();
}
$this->debug(“Display login dialog box”);
$template = new Template($TEMPLATE_DIR);
$template->set_file(‘fh’, $LOGIN_TEMPLATE);
$template->set_block(‘fh’, “mainBlock”);
$template->set_var(‘SELF_PATH’, $PHP_SELF);
$template->set_var(‘ATTEMPT’,
$this->getSessionField(“SESSION_ATTEMPTS”));
Continued
Trang 2Listing 5-7 (Continued)
$template->set_var(‘TODAY’, date(“M-d-Y h:i:s a”));
$template->set_var(‘TODAY_TS’, time());
$template->set_var(‘USERNAME’, $email);
$template->set_var(‘REDIRECT_URL’, $url);
$template->set_var(‘FORGOTTEN_PASSWORD_APP’, $FORGOTTEN_PASSWORD_APP);
$template->parse(“fh”, “mainBlock”);
$template->set_var(‘BASE_URL’, sprintf(“%s”,$this->base_url));
$template->pparse(“output”, “fh”);
return 1;
}
function is_authenticated() {
return (!empty($_SESSION[“SESSION_USERNAME”])) ? TRUE : FALSE;
}
function authenticate($user = null, $passwd = null) {
$authObj = new Authentication($user, $passwd, $this->app_db_url);
if ($authObj->authenticate()) {
$uid = $authObj->getUID();
$this->debug(“Setting user id to $uid”);
$this->setUID($uid);
return TRUE;
}
return FALSE;
}
}
global $AUTH_DB_URL;
$thisApp = new loginApp(
array(
‘app_name’ => $APPLICATION_NAME,
‘app_version’ => ‘1.0.0’,
‘app_type’ => ‘WEB’,
‘app_db_url’ => $AUTH_DB_URL,
‘app_auto_authorize’ => FALSE,
‘app_auto_chk_session’ => FALSE,
Trang 3‘app_type’ => ‘WEB’,
‘app_debugger’ => $OFF )
);
$thisApp->buffer_debugging();
$thisApp->debug(“This is $thisApp->app_name application”);
$thisApp->run();
$thisApp->dump_debuginfo();
?>
The logout.php application calls the is_authenticated() method of the class.PHPApplication.phpobject and, if the user is authenticated, it calls its own logout method This method calls the session_unset()and session_destroy() methods, which are part of PHP’s built-in session management API The ses-sion_unset()method simply makes the session variables as if they were never set before The effect of session_unset() in our login scenario is that session vari-ables such as SESSION_USERNAMEand SESSION_ATTEMPTS are unset Similarly, the session_destroy() method removes the entire session (file or database record) from the session storage The full effect is that the user loses her session and will need a new login session to work with applications that require the central login facility.
The logout.php application uses the logout.conf file shown in Listing 5-8.
This configuration file is very similar to the login.conf and requires no further explanation except that the $HOME_URLis a new entry This variable sets the URL, which is used to redirect the logged out user to a central page Typically this URL would be set to the home page of the intranet or Internet site.
Listing 5-8: logout.conf
<?php
// login.conf //extract($_GET);
//extract($_POST);
// Turn on all error reporting error_reporting(E_ALL);
// If you have installed framewirk directory in // a different directory than
// %DocumentRoot%/framework, change the setting below
Continued
Trang 4Listing 5-8 (Continued)
$APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] ‘/framework’;
$PEAR =$_SERVER[‘DOCUMENT_ROOT’] ‘/pear’;
$PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework // classes in these directories
ini_set( ‘include_path’, ‘:’
$PEAR ‘:’
$PHPLIB ‘:’
$APP_FRAMEWORK_DIR ‘:’ ini_get(‘include_path’));
$PHP_SELF = $_SERVER[“PHP_SELF”];
$LOGIN_TEMPLATE = ‘login.html’;
$APPLICATION_NAME = ‘LOGIN’;
$DEFAULT_LANGUAGE = ‘US’;
$AUTH_DB_URL = ‘mysql://root:foobar@localhost/auth’;
$ACTIVITY_LOG_TBL = ‘ACTIVITY’;
$AUTH_DB_TBL = ‘users’;
$MIN_USERNAME_SIZE= 3;
$MIN_PASSWORD_SIZE= 3;
$MAX_ATTEMPTS = 250;
$FORGOTTEN_PASSWORD_APP =
‘/user_mngr/apps/user_mngr_forgotten_pwd.php’;
$APP_MENU = ‘/’;
$TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’]
‘/login/templates’;
$REL_TEMPLATE_DIR = ‘/login/templates/’;
$WARNING_URL = $TEMPLATE_DIR ‘/warning.html’;
require_once “login.errors”;
require_once “login.messages”;
require_once ‘DB.php’;
require_once $APP_FRAMEWORK_DIR ‘/’ ‘constants.php’;
Trang 5require_once $APP_FRAMEWORK_DIR ‘/’ $APPLICATION_CLASS;
require_once $APP_FRAMEWORK_DIR ‘/’ $ERROR_HANDLER_CLASS;
require_once $APP_FRAMEWORK_DIR ‘/’ $AUTHENTICATION_CLASS;
require_once $APP_FRAMEWORK_DIR ‘/’ $DBI_CLASS;
require_once $APP_FRAMEWORK_DIR ‘/’ $USER_CLASS;
require_once $TEMPLATE_CLASS;
?>
The logout application also has a logout.errorsfile, shown in Listing 5-9, and logout.messagesfile, shown in Listing 5-10.
Listing 5-9: logout.errors
<?php
// Errors for Logout application
$ERRORS[‘US’][‘MISSING_CODE’] = “No error message found”;
$ERRORS[‘US’][‘INVALID_DATA’] = “Invalid data.”;
?>
The logout messages are displayed using the alert() method found in the class.PHPApplication.phpobject.
Listing 5-10: logout.messages
<?php
// Messages for logout applications
$MESSAGES[‘US’][‘LOGOUT_SUCCESSFUL’] = “You are logged out.”;
$MESSAGES[‘US’][‘LOGOUT_FAILURE’] = “You are not logged in.”;
$MESSAGES[‘US’][‘LOGOUT_NOT_LOGGED_IN’] = “You are not logged in.”;
?>
Now let’s test our central login and logout applications.