Creating the Central Authentication Database Before you can use the login and logout applications, you need to create the central authentication database and then add a user to it.. The
Trang 1Creating the Central Authentication Database
Before you can use the login and logout applications, you need to create the central authentication database and then add a user to it The central authentication data-base information is stored in both login.conf and logout.conf files using the following configuration variables:
$AUTH_DB_TYPE = ‘mysql’;
$AUTH_DB_HOST = ‘localhost’;
$AUTH_DB_NAME = ‘auth’;
$AUTH_DB_TBL = ‘users’;
$AUTH_DB_USERNAME = ‘root’;
$AUTH_DB_PASSWD = ‘foobar’;
In our example, the database type is mysqland the database host name is local-host, which means we’re implementing the database on the same server as a MySQL database If you want to use a different database host or a different database server such
as Postgres or Oracle, you have to change these variables For our example, I assume that you’re using the given sample values for $AUTH_DB_TYPE, $AUTH_DB_HOST,
$AUTH_DB_NAME, and $AUTH_DB_TBL However, I strongly suggest that you use different
$AUTH_DB_USERNAMEand $AUTH_DB_PASSWDvalues for your database
Make sure that the user you specify in $AUTH_DB_USERNAME has the privi-lege to access ( select , insert , update , and delete ) $AUTH_DB_NAME
on $AUTH_DB_HOST You should test the user’s ability to access this data-base using your standard datadata-base-access tools For example, if you’re using MySQL, you can run the command-line MySQL client as mysql -u root -p -D auth to access the authentication database.
Assuming that you’re using the given settings, you can create a MySQL database called authusing the mysqladmin create auth command You’ll require appro-priate permission to run mysqladmin or equivalent commands to create the auth database Please consult your MySQL documentation for details
Now to create the $AUTH_DB_TBL(users) table you can run the users.sqlscript using mysql -u AUTH_DB_USERNAME -p -D AUTH_DB_NAME < auth.sql com-mand The auth.ddlscript is shown in Listing 5-11
Listing 5-11: auth.sql
# phpMyAdmin MySQL-Dump
# version 2.2.5
# http://phpwizard.net/phpMyAdmin/
Trang 2# http://phpmyadmin.sourceforge.net/ (download page)
#
# Host: localhost
# Generation Time: May 14, 2002 at 01:55 PM
# Server version: 3.23.35
# PHP Version: 4.1.0
# Database : `auth`
#
-#
# Table structure for table `users`
# CREATE TABLE users ( UID int(11) NOT NULL auto_increment, EMAIL varchar(32) NOT NULL default ‘’, PASSWORD varchar(128) NOT NULL default ‘’, ACTIVE tinyint(4) NOT NULL default ‘0’, TYPE tinyint(4) NOT NULL default ‘0’, PRIMARY KEY (UID),
UNIQUE KEY EMAIL (EMAIL) ) TYPE=MyISAM COMMENT=’User Authentication Table’;
The table created using this script is described in Table 5-3
T ABLE 5-3 THE USER TABLE FIELDS
UID This is the user ID field This is automatically generated
EMAIL This is the username field We use e-mail as the username in the
login because e-mail is easy to remember and always unique for each person in an organization
PASSWORD This is the encrypted password
ACTIVE This is the active (1 or 0) field If the value is 1, then the user is
active and can log in Otherwise, she cannot log in
TYPE The type of user is specified using this field The type can be a
number Currently, we assume that the number 9 is the highest-ranking user, such as the administrator
After this table is created, you can add a user, as explained in the following sec-tion, to test your login/logout applications
Trang 3Testing Central Login and Logout
To test the authentication system, you need to create users in the database (User management applications are discussed Chapter 6.)
To create a user using the MySQL command-line tool you can run commands such as the following:
mysql -u root -p -D auth;
Enter password: *****
mysql> insert into users (EMAIL, PASSWORD, ACTIVE, TYPE) values(‘admin@example.com’, ENCRYPT(‘mysecret’), 1, 9);
Here the first line tells mysql to connect you to the auth database using user-name root and a password which you have to enter when asked Of course if you are not using root account for this database, you should replace the username as appropriate
Next at the mysql prompt, you can enter an INSERT statement as shown Here the insert statement creates a user account called admin@example.com with pass-word mysecret You should change both the username and passpass-word to what you desire The ACTIVE field is set to 1 to turn on the user and TYPE field is set to 9 to make this user an administrator To create a regular user the TYPE field has to be set
to 1
The insert statement inserts a user named “admin@example.com” with a pass-word called “mysecret” and sets the user’s status to active The user type is set to 9, which is the highest-ranking user type If you want to create new users using this script, then you have to change the username and password and run the script to produce the insert statement
After the user is added in the database you can run the login application from a Web browser For example, Figure 5-7 shows the login application being called using the http://intranet.evoknow.com/php/login/login.phpURL
Figure 5-7: The login application menu.
Trang 4Enter the newly created username and password and log in If you cannot login, check to see if the user exists in the authentication database Also, if the user is not active, the user cannot log in You can check whether the active flag is working by toggling it using update statements such as follows from your MySQL database command line The following code shows a MySQL command-line session, which sets the active flag to 0 (ACTIVE = 0) and again activates the admin user (ACTIVE
= 1)
$ mysql -u AUTH_DB_USERNAME -p -D AUTH_DB_NAME mysql> update users set ACTIVE = 0 where USERNAME =
‘admin@example.com’;
mysql> exit;
$ mysql -u AUTH_DB_USERNAME -p -D AUTH_DB_NAME
mysql> update users set ACTIVE = 1 where USERNAME =
‘admin@example.com’;
mysql> exit;
You can test the logout application by simply calling it directly using the appro-priate URL For example, http://intranet.evoknow.com/php/logout/logout.php will log out a user session
Making Persistent Logins in Web Server Farms
Organizations with Web server farms will have to use site-wide persistent logins to ensure that users are not required to log in from one system to another Figure 5-8 shows a typical Web server farm
Figure 5-8: A typical Web server farm balances an organization’s server workload.
Web Server 1
Web Server 2
Load Balancer
Web Server 3
Web
Server n
Trang 5Web server farms are often used to increase scalability and redundancy for the application services the organization provides Such a farm usually implements all the applications in each server node so that any one of the servers can go down or become busy at any time but the user is directed to a server that is able to service the application request
In such an environment, the session data cannot be stored in local files in each server node Figure 5-9 shows what happens when file-based user sessions are used
in a Web server farm
Figure 5-9: Why file-based sessions are not persistent in Web server farms.
When a user logs into a system using a file-based session, the file is stored in a single server and, in the next request, the user might be sent to a different server due to load or server failure In such a case the next system will not have access to the session and will simply redirect the user to the login application to create a new login session This can annoy and inconvenience the user, so a central database-based session solution is needed, which is shown in Figure 5-10
To implement this solution, we need to define seven session management func-tions that PHP will use to implement sessions
The functions are session_open(), sess_close(), sess_read(), sess_write(), sess_destroy(), sess_gc(), and session_set_save_handler() The sess_open() function is called to start the session, the sess_close()function called when ses-sion is closed, the sess_read()function is called to read the session information, the sess_destroy() function is called when session is to be destroyed, the sess_gc()function is called when garbage collection needs to be done, and finally session_set_save_hander()is used to tell PHP the names of the other six session functions
Web Server 1
Web Server 2
Load Balancer
Any Request for Application X
User request for application X
Web Server 3
Web
Server n
Session File
Session File
Session File