jhames_marco Posted July 27, 2011 Share Posted July 27, 2011 Hi guys, I was wondering if you can help me with my problem. I am a newbie programmer using php, of course. I wanted to create a login page for an opensource program called MANTISBT. Only Cookies should be needed in order to authenticate the login. And the flow goes like this: There is a form that accepts the user's username --> After pressing the submit button, the scripts should use a query to authenticate if the user is registered in the database --> If so, another query will run to get the user's cookie and logs it on to the system.. "It's like cheating the system to let the user log-in using only his username". I hope you can help. Thanks i advance! [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 27, 2011 Share Posted July 27, 2011 Sounds good, however you're going to lose a certain percentage of your audience who do not have cookies enabled. Are you going to cater for these with a normal username/password validation? If so, surely you are just creating more work for yourself by coding 2 different ways to log in? Have you got any code at the moment? Where are you up to? or do you want someone to just write the code for you? Quote Link to comment Share on other sites More sharing options...
jhames_marco Posted July 27, 2011 Author Share Posted July 27, 2011 Thanks for the quick reply Nodral.. Well everyone of my end-user is notified to enable their cookies, so there's no problem at that side. I was planning to make the page (I named it register.php) a two-way form, whereas when the user enters his/her username, mantisbt will sign it up to the database and at the same time logs it in. It is too complicated because I can't set a default password for the system even though the login won't require one. Cookies are stored in the database, making it the best way to manipulate the two functions. Here's the code I made for the login (basically, the process that I would like to cheat): function auth_attempt_login( $p_username, $p_password, $p_perm_login = false ) { $t_user_id = user_get_id_by_name( $p_username ); $t_login_method = config_get( 'login_method' ); if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { $t_auto_create = true; } else if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) { $t_auto_create = true; } else { $t_auto_create = false; } if ( $t_auto_create ) { # attempt to create the user $t_cookie_string = user_create( $p_username, md5( $p_password ) ); if ( false === $t_cookie_string ) { # it didn't work return false; } # ok, we created the user, get the row again $t_user_id = user_get_id_by_name( $p_username ); if( false === $t_user_id ) { # uh oh, something must be really wrong # @@@ trigger an error here? return false; } } else { return false; } } # ok, we're good to login now # increment login count user_increment_login_count( $t_user_id ); # set the cookies auth_set_cookies( $t_user_id, $p_perm_login ); auth_set_tokens( $t_user_id ); return true; } -- If you have some suggestions, don't hesitate to tell me. Every opinion counts.. Thank you! Quote Link to comment Share on other sites More sharing options...
jhames_marco Posted July 27, 2011 Author Share Posted July 27, 2011 One more thing, if the script can't find the username in the database, it tries to create a new user with the same $_POST[''username]; value.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.