Home > Backend Development > PHP Tutorial > Using PHPLIB for Session Management and Authentication_PHP Tutorial

Using PHPLIB for Session Management and Authentication_PHP Tutorial

WBOY
Release: 2016-07-13 17:09:03
Original
783 people have browsed it

PHPLIB can also do many other things, such as database classes. This article is just a brief introduction to PHPLIB. There are many classes and functions that are not mentioned. You can go to http://phplib.netuse.de to get more help documents

Test environment: standard environment

First of all, it is necessary to explain the fact that it is extremely inconvenient to use Web pages to design programs that need to save the current status of customers, such as online shopping. As a programmer, you must always face the status parameters passed between various homepages. The customer's identity authentication, the choices he has made, his current status, etc., the Web homepage will not save this status information for you. You must handle these parameters carefully yourself, which brings us too much inconvenience. It is too dangerous to use http://url?var1=x1&var2=x2 to transfer parameters between homepages, especially when the variables contain user registration information and can easily be sniffed. So, how do we solve this problem?

PHPLIB solves this problem. It is an extension on PHP3 and provides many class libraries so that programmers can easily build an interactive Web site. The most basic functions of PHPLIB include user authentication, session management, permissions and database of abstraction.

Before installing PHPLIB, you must install php3 on your server. PHPLIB can run in Cgi mode or apache add-on module mode. The version of PHP3 must be above 3.0.5. Earlier versions of PHP3 can be supported by using the parameter --enable-foce-cgi-redirect when compiling. If not, security issues will occur. In the configuration of PHP3, track_vars needs to be set to enabled. At the same time, a database is required. PHPLIB supports MySQL, Oracle, ODBC, PostgreSQL, and Sybase.

In the first step, the PHPLIB class library needs to be initialized according to the system. You can modify the local.inc file, which contains some basic parameters. You can modify it according to the conditions of your own machine.

Let’s explain how PHPLIB works. Every page that uses PHPLIB must first find the necessary class library files to run PHPLIB. We can set the auto_prepend variable in php3.ini to support it. The PHPLIB distribution package contains a prepend.php3 file. After specifying auto_prepend as prepend.php3, each page will automatically include the PHPLIB class library. We can also add the directory where the PHPLIB class library is located to the include variable so that these files can be found. Of course, the easiest way is to specify the absolute path. , this is not a good idea!

In the second step, in every page using PHPLIB, you must use the function page_open to initialize it. This tells PHPLIB that you will need to save state now or in the future. A typical page_open example includes authentication, session, and permissions:


page_open(array( "sess" => "Cms_Session", "auth" => "Cms_Auth", "perm" => "Cms_Perm"));

?>

Array variables (sess, auth, perm) are used to initialize some state saving objects. Note: PHPLIB built-in names (sess, auth, perm) must be used. These built-in names are defined by you in local.ini. The page_open function must be in Called before page content is output to the browser. (If you will not use authentication in the future, you don’t need to initialize sess). The php3 script should end with page_close(), which will write the relevant status data back to the database. If you forget, it will, haha Ha ha. . .

Because PHPLIB uses Cookies to save state information, the page_open() function must be called before the page content is output to the browser. The page content here can be any HTML information or blank lines. If you find the error "Oops - SetCookie called after header has been sent", this indicates what was output to the browser before page_open(). You should pay special attention to the blank line, because it is very difficult to find. Typical errors are output between the < ? and ?> tags If a blank line is found, you should check whether the local.inc and prepend.php3 files contain blank lines. This is also a very easy place to go wrong.

PHP uses a more complex architecture than the basic authentication method, which provides better security guarantees.

For example, for a page you want to restrict access to, you will first use page_open to call "auth" => "auth_class". After initializing the authentication status object, the status will be saved, and then when the customer visits other pages , the authentication system will first detect whether the user's identity has been authenticated.

Let us explain, when a user visits the page for the first time and his identity is not authenticated, PHPLIB will call a registration window (not a pop-up window in WINDOWS). You can design the style of the registration window yourself. When the user enters After entering his username and password and pressing the submit button, the identity authentication process begins. The subsequent situation is a bit complicated. Let us explain slowly...

There are two situations here. If the user's browser is not compatible with JavaScript, the authentication work is like asking a suspect. The username and password are sent to the server and compared with the data stored there. If the user's browser is compatible with JavaScript, this will be more troublesome. PHPLIB will first put a seed string used for encryption in the client page, called "challenge". When the user submits the page, the user's The name, password, and challenge string will be encrypted using md5 encryption to generate an encrypted string, and the encrypted string and user name will be submitted to the server. When the server receives the username and encrypted string, it performs an md5 operation based on the username and password in the database and the obtained seed, and compares the generated string with the string submitted by the user. If they match, the user If the identity is correct, the user is allowed to have subsequent access. The advantage of this method is that the user does not need to submit a password, which makes the authentication more secure.

Session management

In fact, Session management is very close to identity authentication. When a user's identity authentication is passed, the user's session begins. If the user's browser supports cookies, a session ID will be created and placed in the cookie. This unique The ID is randomly generated by PHP3 and then used a random seed

The string has been md5 encrypted, and the cookie here should be called a session cookie, because this cookie will not be written to the user's hard drive. When a session is completed, the cookie will also be completed. If the user's browser does not support cookies, then the session ID will be put into the URL chain. Because it is encrypted, it is useless to steal it. The session ID stores user-related information, such as the user has been authenticated, authentication expiration time, user permissions, and other information you may need for our convenience.

Session is actually the process of a user session. Session management is not just used to track user registration. In fact, it can also be used without authentication. You can use it to store any information you want to store. This information can be distributed in the pages that the user subsequently visits. It comes in handy, of course, provided those pages use PHPLIB. The method is very simple. After registering a variable, you can use it in subsequent pages until the session ends. Method:


register( "variable_name"); ?>

Note that the variable_name here is not the variable value, but the variable name. You can specify the variable name first and then assign the value. You can change the value of a variable on a certain page, and the changed value will be obtained when the variable is accessed on subsequent pages. The types of variables are diverse and can be a string, a number, an array, or even an object. To illustrate with an example:


$sess->register( "first");

if (check($firstname)) {

$first = $firstname;

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629777.htmlTechArticlePHPLIB can also do many other things, such as database classes. This article is just a brief introduction to PHPLIB. There are many classes and functions that are not mentioned. You can go to http://phplib.netuse.de...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template