RE: [PHP-DB] Authenticating through a php script
One reason you might be having difficulty is if the remote host does the basic authentication procedure of checking that the username/password is being submitted from a specific host or script (in which case it will see that you're attempting to submit the information from somewhere else and won't allow it). Have you verified with the owners of the remote application that what you are trying to do is not prevented? -mo I am afraid I am not communicating what I am trying to do. I have multiple databases that my library purchases. FirstSearch, Ebscohost, etc. These company's have there own authentication systems that I have no control over. A lot of them give user names and passwords that can access their secure database; however I will not give out this information to students. I want to design a system that will log the students on directly without them ever seeing the log in screen. A) Does this make sense in what I am trying to do? B) How can I do it? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Authenticating through a php script
Sorry if this was already answered ...
I think what Dave intends to do is give your students some kind of
authentication (you can use a generic account), then have PHP connect to the
database without the student ever seeing the login information (besides the
script that is doing the basic authentication).
Now, if PHP can connect to the types of databases your system would need to
use is a different story ... you would probably have to ask the vendor about
that.
Regards,
Matthew Moldvan
---
System Administrator
Trilogy International, Inc
http://www.trilogyintl.com/ecommerce/
---
-Original Message-
From: Jeremy Peterson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 4:54 PM
To: David Smith
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Authenticating through a php script
Dave,
I am afraid I am not communicating what I am trying to do.
I have multiple databases that my library purchases. FirstSearch,
Ebscohost, etc. These company's have there own authentication systems that
I have no control over. A lot of them give user names and passwords that
can access their secure database; however I will not give out this
information to students. I want to design a system that will log the
students on directly without them ever seeing the log in screen.
A) Does this make sense in what I am trying to do?
B) How can I do it?
Jeremy
At 12:38 PM 1/9/2003 -0700, David Smith wrote:
I haven't looked over all your code in detail, but the problem you
describe seems to be best solved using PHP Sessions. Sessions store data
between browser refreshes. You could store whether a user has been
authenticated via LDAP, and then on a subsequent page, you can reference
that information to determine how to proceed.
Here's the doc: http://www.php.net/manual/en/ref.session.php
--Dave
On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote:
David,
I have ldap working, my problem is the second half of my question.
The problem script workflow:
1. Authenticate on LDAP (Resolved)
2. Connect to different authenticated site for the user (Not sure
where to
go now.)
My guess was to send the post information to where the form action
points
to. Having done this, all I get is a blank page. I guess if PHP sends
the post information then the client will be out of the authentication
loop. There must be a better way. But I don't think I have enough
information to know how to proceed.
Somehow I have to get the browser to send the http post rather than
PHP. Is this possible.
Jeremy
P.S.
The script I am using right now incorporates Chris Alsop's class:
!-- CLASS START --
?php
## Archive:c_http.class
## Description:Basic http class functions (only post right now)
## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz)
## Property Of:Everyone
## Date Created: 07/01/2001
## Mod History:07/01/2001 Chris Alsop - Initial Coding
##
==
class c_http {
## DECLARE CLASS VARIABLES
var $QUERY_STRING;
var $TARGET_DOMAIN;
var $TARGET_FILE;
var $RESPONSE;
## END CLASS VARIABLE DECLARATION -
## FUNCTION: c_http()
## ARGS: $psQueryString : String
## $psTargetDomain : String
## $psTargetFile : String
##
function c_http($psQueryString,
$psTargetDomain,$psTargetFile) {
$this-QUERY_STRING = $psQueryString;
$this-TARGET_DOMAIN = $psTargetDomain;
$this-TARGET_FILE = $psTargetFile;
}
## END FUNCTION: c_http() *
## FUNCTION: post()
## ARGS: None
## RETURNS: Boolean
##
function post() {
$qs = $this-QUERY_STRING;
$domain = $this-TARGET_DOMAIN;
$thefile = $this-TARGET_FILE;
if(!$fp = fsockopen($domain,80)) {
print Socket not openbr;
return false;
exit();
}
$postData = POST http://$domain/$thefile HTTP/1.0\r\n;
$postData .= Content-type:
application/x-www-form-urlencoded\r\n;
$postData .= Content-length: .strlen($qs).\r\n\r\n;
$postData .= $qs;
if(!fputs($fp,$postData)) {
return false;
exit();
}
$data = ;
while(!feof($fp)) $data .= fgets($fp,32000
Re: [PHP-DB] Authenticating through a php script
Jeremy,
LDAP authentication happens in two stages: connect and bind. The connect
stage is just establishing a connection with the LDAP server
(ldap_connect()). No username or password is necesary in this stage.
Once your connection is established, you attempt a bind (ldap_bind())to
verify a username/password on the LDAP server. Here's some PHP code that
will do it or you:
?php
$ldap_server = example.com; // change to your LDAP server host name
$ldap_port = 389; // might be different for your server
$pw = yourpassword; // change to your password
$dn = cn=dave,ou=people,dc=example,dc=com; // change to the dn you want to
authenticate
$connect_result = ldap_connect( $ldap_server, $ldap_port );
// Did we connect?
if( ! $connect_result )
{
echo Could not connect to '$server_name' on port '$server_port';
}
$bind_result = ldap_bind( $connect_result, $admin_dn, $admin_pw );
// Did we bind?
if( ! $bind_result )
{
echo Bad username/password;
}
else
{
echo Correct username/password!;
}
?
Here's some good documentation on the topic:
http://www.php.net/manual/en/ref.ldap.php
Let us know how it goes.
--Dave
On Thu, 2003-01-09 at 10:01, Jeremy Peterson wrote:
I am working on a script that will authenticate on a central system my
company has devised for us to use (LDAP) and then authenticate them to
other sites that I want them to access (Online Databases and other
electronic resources I do not control but pay lots of money for all
students to access).
I have seen this done on a product produced by Epixtech called RPA
(Remote Patron Authentication). This is an authentication system that
avoids using a proxy server. It basically handles the authentication
(LDAP) and sends the appropriate information to the other secure
source (Online Database, Electronic Resources, or my online catalog's
patron information.) Typically there are multiple ways it will
authenticate for the user to other resources. URL referer, ip
authentication, fill in an user/password form for the user. I just
can't get the user/password portion to work on a protected site. My tests
of sending post information to another one of my scripts works fine. But
it doesn't work as of yet.
I have worked a bit with scripts that send post information through
sendToHost function (fsockopen and fputs). But nothing is really
working here. Does anyone know how I should go about this? All
suggestions will be great!
Thanks a bunch,
Jeremy
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Authenticating through a php script
David,
I have ldap working, my problem is the second half of my question.
The problem script workflow:
1. Authenticate on LDAP (Resolved)
2. Connect to different authenticated site for the user (Not sure where to
go now.)
My guess was to send the post information to where the form action points
to. Having done this, all I get is a blank page. I guess if PHP sends
the post information then the client will be out of the authentication
loop. There must be a better way. But I don't think I have enough
information to know how to proceed.
Somehow I have to get the browser to send the http post rather than
PHP. Is this possible.
Jeremy
P.S.
The script I am using right now incorporates Chris Alsop's class:
!-- CLASS START --
?php
## Archive:c_http.class
## Description:Basic http class functions (only post right now)
## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz)
## Property Of:Everyone
## Date Created: 07/01/2001
## Mod History:07/01/2001 Chris Alsop - Initial Coding
##
==
class c_http {
## DECLARE CLASS VARIABLES
var $QUERY_STRING;
var $TARGET_DOMAIN;
var $TARGET_FILE;
var $RESPONSE;
## END CLASS VARIABLE DECLARATION -
## FUNCTION: c_http()
## ARGS: $psQueryString : String
## $psTargetDomain : String
## $psTargetFile : String
##
function c_http($psQueryString,
$psTargetDomain,$psTargetFile) {
$this-QUERY_STRING = $psQueryString;
$this-TARGET_DOMAIN = $psTargetDomain;
$this-TARGET_FILE = $psTargetFile;
}
## END FUNCTION: c_http() *
## FUNCTION: post()
## ARGS: None
## RETURNS: Boolean
##
function post() {
$qs = $this-QUERY_STRING;
$domain = $this-TARGET_DOMAIN;
$thefile = $this-TARGET_FILE;
if(!$fp = fsockopen($domain,80)) {
print Socket not openbr;
return false;
exit();
}
$postData = POST http://$domain/$thefile HTTP/1.0\r\n;
$postData .= Content-type:
application/x-www-form-urlencoded\r\n;
$postData .= Content-length: .strlen($qs).\r\n\r\n;
$postData .= $qs;
if(!fputs($fp,$postData)) {
return false;
exit();
}
$data = ;
while(!feof($fp)) $data .= fgets($fp,32000);
$pos = 0;
for($i=0; $i2000; $i++) {
if(strtoupper(substr($data,$i,4)) == \r\n\r\n) {
$pos = $i+4; $i = 2000;
}
}
$data = substr($data,$pos);
$base = base href ;
$base = $base . =;
$base = $base . 'http://$domain/' ;
$base = $base . ;
if (eregi(body,$data)) {
$data = eregi_replace(body,$base.BODY,$data);
} else {
$data = $base . $data;
}
$this-RESPONSE = $data;
fclose($fp);
return true;
}
## END FUNCTION: post() ***
}
?
!-- CLASS END --
!-- Test Script --
?php
/*Form information I am trying to send to- example only
form name=MyForm action=login.php method=post
Please log into MyMBI
ID INPUT TYPE=text NAME=meuser SIZE=15
PasswordINPUT TYPE=password NAME=password SIZE=15
INPUT TYPE=submit VALUE=Sign inBR
/FORM
*/
//setting up the varibles
// print hi test 1p;
$post_info = meuser=***password=**;
$oHttp = new c_http($post_info,my.mbinet.net,/login.php);
if(!$oHttp-post()) {
echo error;
}
echo $oHttp-RESPONSE;
// first arg is the query string you want to post. it must be urlencoded.
if you want the current querystring you can use $QUERY_STRING. the second
arg is the domain and the third is the file (or script) that is getting
posted to.
?
At 10:28 AM 1/9/2003 -0700, David Smith wrote:
Jeremy,
LDAP authentication happens in two stages: connect and bind. The connect
stage is just establishing a connection with the LDAP server
(ldap_connect()). No username or password is necesary in this stage.
Once your connection is established, you attempt a bind (ldap_bind())to
verify a username/password on the LDAP server. Here's some PHP code that
will do it or you:
?php
$ldap_server = example.com; // change to your LDAP server host name
$ldap_port = 389; // might be different for your server
$pw = yourpassword; // change to your password
$dn =
Re: [PHP-DB] Authenticating through a php script
I haven't looked over all your code in detail, but the problem you
describe seems to be best solved using PHP Sessions. Sessions store data
between browser refreshes. You could store whether a user has been
authenticated via LDAP, and then on a subsequent page, you can reference
that information to determine how to proceed.
Here's the doc: http://www.php.net/manual/en/ref.session.php
--Dave
On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote:
David,
I have ldap working, my problem is the second half of my question.
The problem script workflow:
1. Authenticate on LDAP (Resolved)
2. Connect to different authenticated site for the user (Not sure where to
go now.)
My guess was to send the post information to where the form action points
to. Having done this, all I get is a blank page. I guess if PHP sends
the post information then the client will be out of the authentication
loop. There must be a better way. But I don't think I have enough
information to know how to proceed.
Somehow I have to get the browser to send the http post rather than
PHP. Is this possible.
Jeremy
P.S.
The script I am using right now incorporates Chris Alsop's class:
!-- CLASS START --
?php
## Archive:c_http.class
## Description:Basic http class functions (only post right now)
## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz)
## Property Of:Everyone
## Date Created: 07/01/2001
## Mod History:07/01/2001 Chris Alsop - Initial Coding
##
==
class c_http {
## DECLARE CLASS VARIABLES
var $QUERY_STRING;
var $TARGET_DOMAIN;
var $TARGET_FILE;
var $RESPONSE;
## END CLASS VARIABLE DECLARATION -
## FUNCTION: c_http()
## ARGS: $psQueryString : String
## $psTargetDomain : String
## $psTargetFile : String
##
function c_http($psQueryString,
$psTargetDomain,$psTargetFile) {
$this-QUERY_STRING = $psQueryString;
$this-TARGET_DOMAIN = $psTargetDomain;
$this-TARGET_FILE = $psTargetFile;
}
## END FUNCTION: c_http() *
## FUNCTION: post()
## ARGS: None
## RETURNS: Boolean
##
function post() {
$qs = $this-QUERY_STRING;
$domain = $this-TARGET_DOMAIN;
$thefile = $this-TARGET_FILE;
if(!$fp = fsockopen($domain,80)) {
print Socket not openbr;
return false;
exit();
}
$postData = POST http://$domain/$thefile HTTP/1.0\r\n;
$postData .= Content-type:
application/x-www-form-urlencoded\r\n;
$postData .= Content-length: .strlen($qs).\r\n\r\n;
$postData .= $qs;
if(!fputs($fp,$postData)) {
return false;
exit();
}
$data = ;
while(!feof($fp)) $data .= fgets($fp,32000);
$pos = 0;
for($i=0; $i2000; $i++) {
if(strtoupper(substr($data,$i,4)) == \r\n\r\n) {
$pos = $i+4; $i = 2000;
}
}
$data = substr($data,$pos);
$base = base href ;
$base = $base . =;
$base = $base . 'http://$domain/' ;
$base = $base . ;
if (eregi(body,$data)) {
$data = eregi_replace(body,$base.BODY,$data);
} else {
$data = $base . $data;
}
$this-RESPONSE = $data;
fclose($fp);
return true;
}
## END FUNCTION: post() ***
}
?
!-- CLASS END --
!-- Test Script --
?php
/*Form information I am trying to send to- example only
form name=MyForm action=login.php method=post
Please log into MyMBI
ID INPUT TYPE=text NAME=meuser SIZE=15
PasswordINPUT TYPE=password NAME=password SIZE=15
INPUT TYPE=submit VALUE=Sign inBR
/FORM
*/
//setting up the varibles
// print hi test 1p;
$post_info = meuser=***password=**;
$oHttp = new c_http($post_info,my.mbinet.net,/login.php);
if(!$oHttp-post()) {
echo error;
}
echo $oHttp-RESPONSE;
// first arg is the query string you want to post. it must be urlencoded.
if you want the current querystring you can use $QUERY_STRING. the second
arg is the domain and the third is the file (or script) that
Re: [PHP-DB] Authenticating through a php script
Dave,
I am afraid I am not communicating what I am trying to do.
I have multiple databases that my library purchases. FirstSearch,
Ebscohost, etc. These company's have there own authentication systems that
I have no control over. A lot of them give user names and passwords that
can access their secure database; however I will not give out this
information to students. I want to design a system that will log the
students on directly without them ever seeing the log in screen.
A) Does this make sense in what I am trying to do?
B) How can I do it?
Jeremy
At 12:38 PM 1/9/2003 -0700, David Smith wrote:
I haven't looked over all your code in detail, but the problem you
describe seems to be best solved using PHP Sessions. Sessions store data
between browser refreshes. You could store whether a user has been
authenticated via LDAP, and then on a subsequent page, you can reference
that information to determine how to proceed.
Here's the doc: http://www.php.net/manual/en/ref.session.php
--Dave
On Thu, 2003-01-09 at 11:29, Jeremy Peterson wrote:
David,
I have ldap working, my problem is the second half of my question.
The problem script workflow:
1. Authenticate on LDAP (Resolved)
2. Connect to different authenticated site for the user (Not sure
where to
go now.)
My guess was to send the post information to where the form action points
to. Having done this, all I get is a blank page. I guess if PHP sends
the post information then the client will be out of the authentication
loop. There must be a better way. But I don't think I have enough
information to know how to proceed.
Somehow I have to get the browser to send the http post rather than
PHP. Is this possible.
Jeremy
P.S.
The script I am using right now incorporates Chris Alsop's class:
!-- CLASS START --
?php
## Archive:c_http.class
## Description:Basic http class functions (only post right now)
## Author: Chris Alsop - [EMAIL PROTECTED] (rumblefiz)
## Property Of:Everyone
## Date Created: 07/01/2001
## Mod History:07/01/2001 Chris Alsop - Initial Coding
##
==
class c_http {
## DECLARE CLASS VARIABLES
var $QUERY_STRING;
var $TARGET_DOMAIN;
var $TARGET_FILE;
var $RESPONSE;
## END CLASS VARIABLE DECLARATION -
## FUNCTION: c_http()
## ARGS: $psQueryString : String
## $psTargetDomain : String
## $psTargetFile : String
##
function c_http($psQueryString,
$psTargetDomain,$psTargetFile) {
$this-QUERY_STRING = $psQueryString;
$this-TARGET_DOMAIN = $psTargetDomain;
$this-TARGET_FILE = $psTargetFile;
}
## END FUNCTION: c_http() *
## FUNCTION: post()
## ARGS: None
## RETURNS: Boolean
##
function post() {
$qs = $this-QUERY_STRING;
$domain = $this-TARGET_DOMAIN;
$thefile = $this-TARGET_FILE;
if(!$fp = fsockopen($domain,80)) {
print Socket not openbr;
return false;
exit();
}
$postData = POST http://$domain/$thefile HTTP/1.0\r\n;
$postData .= Content-type:
application/x-www-form-urlencoded\r\n;
$postData .= Content-length: .strlen($qs).\r\n\r\n;
$postData .= $qs;
if(!fputs($fp,$postData)) {
return false;
exit();
}
$data = ;
while(!feof($fp)) $data .= fgets($fp,32000);
$pos = 0;
for($i=0; $i2000; $i++) {
if(strtoupper(substr($data,$i,4)) == \r\n\r\n) {
$pos = $i+4; $i = 2000;
}
}
$data = substr($data,$pos);
$base = base href ;
$base = $base . =;
$base = $base . 'http://$domain/' ;
$base = $base . ;
if (eregi(body,$data)) {
$data = eregi_replace(body,$base.BODY,$data);
} else {
$data = $base . $data;
}
$this-RESPONSE = $data;
fclose($fp);
return true;
}
## END FUNCTION: post() ***
}
?
!-- CLASS END --
!-- Test Script --
?php
/*Form information I am trying to send to- example only
form name=MyForm action=login.php method=post
Please log into MyMBI
ID INPUT
