By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,677 Members | 1,890 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,677 IT Pros & Developers. It's quick & easy.

need alt. Session auth. (.htaccess php_value)

P: n/a
My shared-host doesn't allow php_value directives in .htaccess

I was using an "auto_prepend_file" on my local development machine,
that helped me implement a Session based authentication system.

Host said: "PHP is running as SuEXEC-CGI for security reasons"
and auto_prepend_file can only be put in php.ini ( system wide, out
of my control )

Now I'm back to Square 0. I'd prefer not to get stuck rewriting my
code-base.
Any other alternatives & suggestions on implementing Session based
authentication ?

May 24 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
awebguynow wrote:
My shared-host doesn't allow php_value directives in .htaccess

I was using an "auto_prepend_file" on my local development machine,
that helped me implement a Session based authentication system.

Host said: "PHP is running as SuEXEC-CGI for security reasons"
and auto_prepend_file can only be put in php.ini ( system wide, out
of my control )

Now I'm back to Square 0. I'd prefer not to get stuck rewriting my
code-base.
Any other alternatives & suggestions on implementing Session based
authentication ?


Hi,

Well, I guess you have to rewrite your code so it handles the authentication
in SESSIONS.
It doesn't have to be a lot of work.
I always approach this simple. Try something along the following lines:

Above every PHP-file that needs some authentication:
<?
// session_start(); // I use auto-start, so this is up to you.
require_once('includes/someFunctions.php');
checkedIfLoggedIn();
// or
checkIfIsAdmin();
?>

the someFunctions.php file contains a simple routine like:
function checkIfLoggedIn(){
if (isset($_SESSION["userid"])){
// OK, continue
} else {
// not ok, session over or illegal attempt
header('login.php?comment='.urlencode('Your session is over. Please login
again'));
exit;
}
}

same for checkIfIsAdmin(), only that checks another value in SESSION, like
$_SESSION["admin"] == "Y".

You probably have your own sets of expected session-vars.

I give you this example because it is usable everywhere where sessions are
supported. If you set it up like this, you never need to worry about
safemode, or auto_prepend_file, etc, because you simple include it
everywhere where needed with appropriate functionscalls.

Hope this helps.

Regards,
Erwin Moller

May 24 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.