php - Session Management with Sharp UMS -

-

i new mvc style of programming. have management script able integrate user credentials browser application. user information such username, email, name, etc. documentation system provides clear explanation generating information. have done in following script works fine, return "auth_no_session" because have no way of allowing user log in information , issue:

user information (user_cred.php)

include_once("includes.php");  $auth = new tauthentication();     $accept_roles = array('plugin'); $auth_result  = $auth->validatesession($accept_roles);  if ($auth_result->auth_code == auth_no_session) {     header('access-control-allow-origin: *');     echo "auth_no_session";     // means no session found, therefore page being accessed anonymously. } elseif ($auth_result->auth_code == auth_okay) {     header('access-control-allow-origin: *');     echo "auth_okay";     // means there session , user owns required roles access content. } elseif ($auth_result->auth_code == auth_insufficient_roles) {     header('access-control-allow-origin: *');     echo "auth_insufficient_roles";     // means session exists, user not own required roles access content. } else {     // no code here }

the browser application retrieve user data user_cred.php file listen above. works fine far requesting information php file. problem faced getting users information, , way user log account. other wise nothing given.

browser application

<!doctype html> <html> <head> <script type="text/javascript"> function loadxmldoc() { if (window.xmlhttprequest)   {// code ie7+, firefox, chrome, opera, safari   xmlhttp=new xmlhttprequest();   } else   {// code ie6, ie5   xmlhttp=new activexobject("microsoft.xmlhttp");   } xmlhttp.onreadystatechange=function()   {   if (xmlhttp.readystate==4 && xmlhttp.status==200)     {     document.getelementbyid("mydiv").innerhtml=xmlhttp.responsetext;     }   } xmlhttp.open("get","user_cred.php",true); xmlhttp.send(); } </script> </head> <body>  <h2>using xmlhttprequest object</h2> <div id="mydiv"></div> <button type="button" onclick="loadxmldoc()">change content</button>  </body> </html>

in management system there view file has following login form. users , access website. have main index file has login code. limited knowledge have looked @ , believe these 2 files me script users can log in browser application , user credentials. thought add code the index.php file user_cred.php file can add url http://website.com/user_cred.php?username=admin&pass=test&signin=login in javascript httprequest , user info way

login view

<form action="<?php echo $_server["php_self"]; ?>" method="post">     <ul>         <li class="listitem">             <div class="row">                 <label>username:</label>                 <input class="textbox" type="text" name="username" value="" maxlength="80"/>             </div>             <div class="row">                 <label>password:</label>                 <input class="textbox" type="password" name="password" value="" maxlength="80"/>             </div>         </li>         <li class="listitem">             <div class="row">                 <input class="form-button" type="submit" name="signin" value="signin"/>                 <a class="loginoptions indentmore" href="signup.php">signup</a>                 <a class="loginoptions" href="resetpassword.php">forgot password?</a>             </div>         </li>     </ul> </form>

index.php

include_once("includes.php");  class tsignincontroller extends tabstractcontroller {      public function run($allowedroles = null)     {         $this->allowedroles = $allowedroles;         $this->execute();     }      protected function execute()      {         $this->auth_result = parent::validatesession(null);          if ($this->auth_result->auth_code == auth_okay)         {             $this->gotoaftersigninpage($this->auth_result->roles);         }         else if (!$this->getuseraction())         {             $this->loadview("signin");         }         else         {             $this->signin();                 }     }      protected function signin()     {         $input   = $this->getuserinput();         $model   = $this->loadmodel("users");         $account = $model->getuser($input["username"], $input["password"]);          if ($account == null || sizeof($account) == 0)          {             $data = array("error" => "could not sign in");             $this->loadview("signin", $data);             return;         }           if ($account["disabled"] == 1 || $account["admin_disabled"] == 1)          {             $data = array("error" => ($account["admin_disabled"] == 0) ? "this account disabled." : "this account been locked admin. please contact site admin!");             $this->loadview("signin", $data);             return;         }           $this->createnewsession($account);         $this->gotoaftersigninpage($account["roles"]);     }      protected function createnewsession($account) {         $model     = $this->loadmodel("sessions");         $sessionid = crypt($account["username"] . date('now'));          $_session['sessionid'] = $sessionid;         $model->createnewsession($sessionid, $account["id"]);     }      public function gotoaftersigninpage($roles)     {         foreach($roles $role)         {             if ($this->utils->stringsequal($role["name"], "admin", false))             {                 $this->redirect(site_url . "/admin/dashboard.php");                 return;             }         }          $this->redirect(site_url . "/user/userprofile.php");     }      protected function getuseraction()     {         if ($this->post("signin"))             return "signin";         else                  return null;                 }      protected function getuserinput()     {         return array(             "username" => $this->post("username"),             "password" => $this->post("password")         );     } }  $controller = new tsignincontroller(); $controller->run();

in conclusion seeking cam make php script user_cred.php allows users access credentials within browser application. mvc , php knowledge greatful.

the description of mvc, provided sharpums, quite dreadful. , effort required source of sharpums makes me think not opensource project .. oh well.

there can 2 reasons why $auth_result->auth_code === auth_no_session true:

  • $_session['sessionid'] empty

  • the session id no found in database:

    from: sharpums/_application/models/session.php

    select      s.userid,      s.id,      s.started_on,      (          date_add(              s.started_on,               interval $this->sessionlength second         ) < now()     ) expired  sessions s  s.id = '$sessionid'

basically, bot reasons track index.php. guess, method never executed:

protected function createnewsession($account) {     $model     = $this->loadmodel("sessions");     $sessionid = crypt($account["username"] . date('now'));      $_session['sessionid'] = $sessionid;     $model->createnewsession($sessionid, $account["id"]); }

you should try find out, @ point signin() method gets terminated.

side notes

free advice: do not use sharpums basis application or research in mvc whole because of following reasons:

  • to ensure single db connection tdatabase uses global state hold connection
  • it tightly bound ancient mysql_* api, in process of deprecation
  • the tabstractmodel not abstract, , creates new db instance in constructor
  • design issues: core classes depends on models (which outside core)
  • tutilities class huge dumping ground (see 2.1 adopter pattern)
  • passwords stored simple md5 hashes ..heard linkedin incident?
  • weak protection against sql injections: utilizes preg_* , addslashes() functions

Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more