RE: [PHP-DB] Authenticating through a php script
One reason you might be having difficulty is if the remote host does the basic authentication procedure of checking that the username/password is being submitted from a specific host or script (in which case it will see that you're attempting to submit the information from somewhere else and won't allow it). Have you verified with the owners of the remote application that what you are trying to do is not prevented? -mo I am afraid I am not communicating what I am trying to do. I have multiple databases that my library purchases. FirstSearch, Ebscohost, etc. These company's have there own authentication systems that I have no control over. A lot of them give user names and passwords that can access their secure database; however I will not give out this information to students. I want to design a system that will log the students on directly without them ever seeing the log in screen. A) Does this make sense in what I am trying to do? B) How can I do it? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Authenticating through a php script
Sorry if this was already answered ... I think what Dave intends to do is give your students some kind of authentication (you can use a generic account), then have PHP connect to the database without the student ever seeing the login information (besides the script that is doing the basic authentication). Now, if PHP can connect to the types of databases your system would need to use is a different story ... you would probably have to ask the vendor about that. Regards, Matthew Moldvan --- System Administrator Trilogy International, Inc http://www.trilogyintl.com/ecommerce/ --- -Original Message- From: Jeremy Peterson [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 4:54 PM To: David Smith Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Authenticating through a php script Dave, I am afraid I am not communicating what I am trying to do. I have multiple databases that my library purchases. FirstSearch, Ebscohost, etc. These company's have there own authentication systems that I have no control over. A lot of them give user names and passwords that can access their secure database; however I will not give out this information to students. I want to design a system that will log the students on directly without them ever seeing the log in screen. A) Does this make sense in what I am trying to do? B) How can I do it? Jeremy At 12:38 PM 1/9/2003 -0700, David Smith wrote: I haven't looked over all your code in detail, but the problem you describe seems to be best solved using PHP Sessions. Sessions store data between browser refreshes. You could store whether a user has been authenticated via LDAP, and then on a subsequent page, you can reference that information to determine how to proceed. Here's the doc: http://www.php.net/manual/en/ref.session.php --Dave On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote: David, I have ldap working, my problem is the second half of my question. The problem script workflow: 1. Authenticate on LDAP (Resolved) 2. Connect to different authenticated site for the user (Not sure where to go now.) My guess was to send the post information to where the form action points to. Having done this, all I get is a blank page. I guess if PHP sends the post information then the client will be out of the authentication loop. There must be a better way. But I don't think I have enough information to know how to proceed. Somehow I have to get the browser to send the http post rather than PHP. Is this possible. Jeremy P.S. The script I am using right now incorporates Chris Alsop's class: !-- CLASS START -- ?php ## Archive:c_http.class ## Description:Basic http class functions (only post right now) ## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz) ## Property Of:Everyone ## Date Created: 07/01/2001 ## Mod History:07/01/2001 Chris Alsop - Initial Coding ## == class c_http { ## DECLARE CLASS VARIABLES var $QUERY_STRING; var $TARGET_DOMAIN; var $TARGET_FILE; var $RESPONSE; ## END CLASS VARIABLE DECLARATION - ## FUNCTION: c_http() ## ARGS: $psQueryString : String ## $psTargetDomain : String ## $psTargetFile : String ## function c_http($psQueryString, $psTargetDomain,$psTargetFile) { $this-QUERY_STRING = $psQueryString; $this-TARGET_DOMAIN = $psTargetDomain; $this-TARGET_FILE = $psTargetFile; } ## END FUNCTION: c_http() * ## FUNCTION: post() ## ARGS: None ## RETURNS: Boolean ## function post() { $qs = $this-QUERY_STRING; $domain = $this-TARGET_DOMAIN; $thefile = $this-TARGET_FILE; if(!$fp = fsockopen($domain,80)) { print Socket not openbr; return false; exit(); } $postData = POST http://$domain/$thefile HTTP/1.0\r\n; $postData .= Content-type: application/x-www-form-urlencoded\r\n; $postData .= Content-length: .strlen($qs).\r\n\r\n; $postData .= $qs; if(!fputs($fp,$postData)) { return false; exit(); } $data = ; while(!feof($fp)) $data .= fgets($fp,32000
Re: [PHP-DB] Authenticating through a php script
Jeremy, LDAP authentication happens in two stages: connect and bind. The connect stage is just establishing a connection with the LDAP server (ldap_connect()). No username or password is necesary in this stage. Once your connection is established, you attempt a bind (ldap_bind())to verify a username/password on the LDAP server. Here's some PHP code that will do it or you: ?php $ldap_server = example.com; // change to your LDAP server host name $ldap_port = 389; // might be different for your server $pw = yourpassword; // change to your password $dn = cn=dave,ou=people,dc=example,dc=com; // change to the dn you want to authenticate $connect_result = ldap_connect( $ldap_server, $ldap_port ); // Did we connect? if( ! $connect_result ) { echo Could not connect to '$server_name' on port '$server_port'; } $bind_result = ldap_bind( $connect_result, $admin_dn, $admin_pw ); // Did we bind? if( ! $bind_result ) { echo Bad username/password; } else { echo Correct username/password!; } ? Here's some good documentation on the topic: http://www.php.net/manual/en/ref.ldap.php Let us know how it goes. --Dave On Thu, 2003-01-09 at 10:01, Jeremy Peterson wrote: I am working on a script that will authenticate on a central system my company has devised for us to use (LDAP) and then authenticate them to other sites that I want them to access (Online Databases and other electronic resources I do not control but pay lots of money for all students to access). I have seen this done on a product produced by Epixtech called RPA (Remote Patron Authentication). This is an authentication system that avoids using a proxy server. It basically handles the authentication (LDAP) and sends the appropriate information to the other secure source (Online Database, Electronic Resources, or my online catalog's patron information.) Typically there are multiple ways it will authenticate for the user to other resources. URL referer, ip authentication, fill in an user/password form for the user. I just can't get the user/password portion to work on a protected site. My tests of sending post information to another one of my scripts works fine. But it doesn't work as of yet. I have worked a bit with scripts that send post information through sendToHost function (fsockopen and fputs). But nothing is really working here. Does anyone know how I should go about this? All suggestions will be great! Thanks a bunch, Jeremy -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Authenticating through a php script
David, I have ldap working, my problem is the second half of my question. The problem script workflow: 1. Authenticate on LDAP (Resolved) 2. Connect to different authenticated site for the user (Not sure where to go now.) My guess was to send the post information to where the form action points to. Having done this, all I get is a blank page. I guess if PHP sends the post information then the client will be out of the authentication loop. There must be a better way. But I don't think I have enough information to know how to proceed. Somehow I have to get the browser to send the http post rather than PHP. Is this possible. Jeremy P.S. The script I am using right now incorporates Chris Alsop's class: !-- CLASS START -- ?php ## Archive:c_http.class ## Description:Basic http class functions (only post right now) ## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz) ## Property Of:Everyone ## Date Created: 07/01/2001 ## Mod History:07/01/2001 Chris Alsop - Initial Coding ## == class c_http { ## DECLARE CLASS VARIABLES var $QUERY_STRING; var $TARGET_DOMAIN; var $TARGET_FILE; var $RESPONSE; ## END CLASS VARIABLE DECLARATION - ## FUNCTION: c_http() ## ARGS: $psQueryString : String ## $psTargetDomain : String ## $psTargetFile : String ## function c_http($psQueryString, $psTargetDomain,$psTargetFile) { $this-QUERY_STRING = $psQueryString; $this-TARGET_DOMAIN = $psTargetDomain; $this-TARGET_FILE = $psTargetFile; } ## END FUNCTION: c_http() * ## FUNCTION: post() ## ARGS: None ## RETURNS: Boolean ## function post() { $qs = $this-QUERY_STRING; $domain = $this-TARGET_DOMAIN; $thefile = $this-TARGET_FILE; if(!$fp = fsockopen($domain,80)) { print Socket not openbr; return false; exit(); } $postData = POST http://$domain/$thefile HTTP/1.0\r\n; $postData .= Content-type: application/x-www-form-urlencoded\r\n; $postData .= Content-length: .strlen($qs).\r\n\r\n; $postData .= $qs; if(!fputs($fp,$postData)) { return false; exit(); } $data = ; while(!feof($fp)) $data .= fgets($fp,32000); $pos = 0; for($i=0; $i2000; $i++) { if(strtoupper(substr($data,$i,4)) == \r\n\r\n) { $pos = $i+4; $i = 2000; } } $data = substr($data,$pos); $base = base href ; $base = $base . =; $base = $base . 'http://$domain/' ; $base = $base . ; if (eregi(body,$data)) { $data = eregi_replace(body,$base.BODY,$data); } else { $data = $base . $data; } $this-RESPONSE = $data; fclose($fp); return true; } ## END FUNCTION: post() *** } ? !-- CLASS END -- !-- Test Script -- ?php /*Form information I am trying to send to- example only form name=MyForm action=login.php method=post Please log into MyMBI ID INPUT TYPE=text NAME=meuser SIZE=15 PasswordINPUT TYPE=password NAME=password SIZE=15 INPUT TYPE=submit VALUE=Sign inBR /FORM */ //setting up the varibles // print hi test 1p; $post_info = meuser=***password=**; $oHttp = new c_http($post_info,my.mbinet.net,/login.php); if(!$oHttp-post()) { echo error; } echo $oHttp-RESPONSE; // first arg is the query string you want to post. it must be urlencoded. if you want the current querystring you can use $QUERY_STRING. the second arg is the domain and the third is the file (or script) that is getting posted to. ? At 10:28 AM 1/9/2003 -0700, David Smith wrote: Jeremy, LDAP authentication happens in two stages: connect and bind. The connect stage is just establishing a connection with the LDAP server (ldap_connect()). No username or password is necesary in this stage. Once your connection is established, you attempt a bind (ldap_bind())to verify a username/password on the LDAP server. Here's some PHP code that will do it or you: ?php $ldap_server = example.com; // change to your LDAP server host name $ldap_port = 389; // might be different for your server $pw = yourpassword; // change to your password $dn =
Re: [PHP-DB] Authenticating through a php script
I haven't looked over all your code in detail, but the problem you describe seems to be best solved using PHP Sessions. Sessions store data between browser refreshes. You could store whether a user has been authenticated via LDAP, and then on a subsequent page, you can reference that information to determine how to proceed. Here's the doc: http://www.php.net/manual/en/ref.session.php --Dave On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote: David, I have ldap working, my problem is the second half of my question. The problem script workflow: 1. Authenticate on LDAP (Resolved) 2. Connect to different authenticated site for the user (Not sure where to go now.) My guess was to send the post information to where the form action points to. Having done this, all I get is a blank page. I guess if PHP sends the post information then the client will be out of the authentication loop. There must be a better way. But I don't think I have enough information to know how to proceed. Somehow I have to get the browser to send the http post rather than PHP. Is this possible. Jeremy P.S. The script I am using right now incorporates Chris Alsop's class: !-- CLASS START -- ?php ## Archive:c_http.class ## Description:Basic http class functions (only post right now) ## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz) ## Property Of:Everyone ## Date Created: 07/01/2001 ## Mod History:07/01/2001 Chris Alsop - Initial Coding ## == class c_http { ## DECLARE CLASS VARIABLES var $QUERY_STRING; var $TARGET_DOMAIN; var $TARGET_FILE; var $RESPONSE; ## END CLASS VARIABLE DECLARATION - ## FUNCTION: c_http() ## ARGS: $psQueryString : String ## $psTargetDomain : String ## $psTargetFile : String ## function c_http($psQueryString, $psTargetDomain,$psTargetFile) { $this-QUERY_STRING = $psQueryString; $this-TARGET_DOMAIN = $psTargetDomain; $this-TARGET_FILE = $psTargetFile; } ## END FUNCTION: c_http() * ## FUNCTION: post() ## ARGS: None ## RETURNS: Boolean ## function post() { $qs = $this-QUERY_STRING; $domain = $this-TARGET_DOMAIN; $thefile = $this-TARGET_FILE; if(!$fp = fsockopen($domain,80)) { print Socket not openbr; return false; exit(); } $postData = POST http://$domain/$thefile HTTP/1.0\r\n; $postData .= Content-type: application/x-www-form-urlencoded\r\n; $postData .= Content-length: .strlen($qs).\r\n\r\n; $postData .= $qs; if(!fputs($fp,$postData)) { return false; exit(); } $data = ; while(!feof($fp)) $data .= fgets($fp,32000); $pos = 0; for($i=0; $i2000; $i++) { if(strtoupper(substr($data,$i,4)) == \r\n\r\n) { $pos = $i+4; $i = 2000; } } $data = substr($data,$pos); $base = base href ; $base = $base . =; $base = $base . 'http://$domain/' ; $base = $base . ; if (eregi(body,$data)) { $data = eregi_replace(body,$base.BODY,$data); } else { $data = $base . $data; } $this-RESPONSE = $data; fclose($fp); return true; } ## END FUNCTION: post() *** } ? !-- CLASS END -- !-- Test Script -- ?php /*Form information I am trying to send to- example only form name=MyForm action=login.php method=post Please log into MyMBI ID INPUT TYPE=text NAME=meuser SIZE=15 PasswordINPUT TYPE=password NAME=password SIZE=15 INPUT TYPE=submit VALUE=Sign inBR /FORM */ //setting up the varibles // print hi test 1p; $post_info = meuser=***password=**; $oHttp = new c_http($post_info,my.mbinet.net,/login.php); if(!$oHttp-post()) { echo error; } echo $oHttp-RESPONSE; // first arg is the query string you want to post. it must be urlencoded. if you want the current querystring you can use $QUERY_STRING. the second arg is the domain and the third is the file (or script) that
Re: [PHP-DB] Authenticating through a php script
Dave, I am afraid I am not communicating what I am trying to do. I have multiple databases that my library purchases. FirstSearch, Ebscohost, etc. These company's have there own authentication systems that I have no control over. A lot of them give user names and passwords that can access their secure database; however I will not give out this information to students. I want to design a system that will log the students on directly without them ever seeing the log in screen. A) Does this make sense in what I am trying to do? B) How can I do it? Jeremy At 12:38 PM 1/9/2003 -0700, David Smith wrote: I haven't looked over all your code in detail, but the problem you describe seems to be best solved using PHP Sessions. Sessions store data between browser refreshes. You could store whether a user has been authenticated via LDAP, and then on a subsequent page, you can reference that information to determine how to proceed. Here's the doc: http://www.php.net/manual/en/ref.session.php --Dave On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote: David, I have ldap working, my problem is the second half of my question. The problem script workflow: 1. Authenticate on LDAP (Resolved) 2. Connect to different authenticated site for the user (Not sure where to go now.) My guess was to send the post information to where the form action points to. Having done this, all I get is a blank page. I guess if PHP sends the post information then the client will be out of the authentication loop. There must be a better way. But I don't think I have enough information to know how to proceed. Somehow I have to get the browser to send the http post rather than PHP. Is this possible. Jeremy P.S. The script I am using right now incorporates Chris Alsop's class: !-- CLASS START -- ?php ## Archive:c_http.class ## Description:Basic http class functions (only post right now) ## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz) ## Property Of:Everyone ## Date Created: 07/01/2001 ## Mod History:07/01/2001 Chris Alsop - Initial Coding ## == class c_http { ## DECLARE CLASS VARIABLES var $QUERY_STRING; var $TARGET_DOMAIN; var $TARGET_FILE; var $RESPONSE; ## END CLASS VARIABLE DECLARATION - ## FUNCTION: c_http() ## ARGS: $psQueryString : String ## $psTargetDomain : String ## $psTargetFile : String ## function c_http($psQueryString, $psTargetDomain,$psTargetFile) { $this-QUERY_STRING = $psQueryString; $this-TARGET_DOMAIN = $psTargetDomain; $this-TARGET_FILE = $psTargetFile; } ## END FUNCTION: c_http() * ## FUNCTION: post() ## ARGS: None ## RETURNS: Boolean ## function post() { $qs = $this-QUERY_STRING; $domain = $this-TARGET_DOMAIN; $thefile = $this-TARGET_FILE; if(!$fp = fsockopen($domain,80)) { print Socket not openbr; return false; exit(); } $postData = POST http://$domain/$thefile HTTP/1.0\r\n; $postData .= Content-type: application/x-www-form-urlencoded\r\n; $postData .= Content-length: .strlen($qs).\r\n\r\n; $postData .= $qs; if(!fputs($fp,$postData)) { return false; exit(); } $data = ; while(!feof($fp)) $data .= fgets($fp,32000); $pos = 0; for($i=0; $i2000; $i++) { if(strtoupper(substr($data,$i,4)) == \r\n\r\n) { $pos = $i+4; $i = 2000; } } $data = substr($data,$pos); $base = base href ; $base = $base . =; $base = $base . 'http://$domain/' ; $base = $base . ; if (eregi(body,$data)) { $data = eregi_replace(body,$base.BODY,$data); } else { $data = $base . $data; } $this-RESPONSE = $data; fclose($fp); return true; } ## END FUNCTION: post() *** } ? !-- CLASS END -- !-- Test Script -- ?php /*Form information I am trying to send to- example only form name=MyForm action=login.php method=post Please log into MyMBI ID INPUT