<?php
require_once ('domit/xml_domit_include.php');
require_once ('ParamsProxy.php');
require_once ('UTF8.php');
require_once ('DbProxy.php');
require_once ('Authenticator.php');
/**
* Checks whether we are logged in. This is done by attempting to trade our cached session unique id
* for a new one:
*
* <new session id> = Authenticator::getInstance()->authenticate (<old session id>);
*/
function attemptToLoginFromCache () {
$isAuthenticated;
$newSessionData;
$cachedSessionData = trim ($_COOKIE["AuthenticatorDemo"]);
if (!empty ($cachedSessionData)) {
$newSessionData = Authenticator::getInstance()->authenticate ($cachedSessionData);
$isAuthenticated = !is_numeric ($newSessionData);
}
if ($isAuthenticated) {
storeSessionData ($newSessionData);
} else {
// If authentication fails, you may want to test the value returned. For instance, you
// may test it against these constants:
//
// - Authenticator::SESSION_UID_EXPIRED
// - Authenticator::INVALID_SESSION_UID
// - Authenticator::IP_HAS_CHANGED
//
// You could then print error messages to the user, instead of just redirecting him.
header ('Location: ../AuthenticatorDemo.php');
exit ();
}
}
/**
* Ends the current session on demand. This is done as:
*
* Authenticator::getInstance()->unAuthenticate (<session unique id>);
*/
function endSession () {
$cachedSessionData = trim ($_COOKIE["AuthenticatorDemo"]);
Authenticator::getInstance()->unAuthenticate ($cachedSessionData);
}
/**
* Stores the session unique id on the client machine.
*
* The session lifetime is limited by the Authenticator module, internally. If you use a
* cookie as the local storage medium, give it a long lifetime. This will rule out potential
* issues. In this demo, we make the cookie last one day, although our Authenticator is
* configured to allow 15 minutes per session at most.
*/
function storeSessionData ($sessionData) {
$cookieExpireTime = (time() + 86400);
$cookiePath = '/';
setcookie ('AuthenticatorDemo', $sessionData, $cookieExpireTime, $cookiePath);
}
// This code is run as the page loads...
$action = trim ($_POST['action']);
if ($action == 'Logout') {
endSession ();
}
attemptToLoginFromCache ();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>ProtectedContent</title>
</head>
<body>
<h2>Protected Content</h2>
<p>This is a sample page holding <em>protected</em> content. This page cannot be loaded in
your browser without prior authenticating with your username and password.</p>
<hr />
<form action="" method="post">
<p>
<input type="submit" name="action" value="Logout" />
</p>
</form>
</body>
</html>
|