We are not using PHP but the same concept would work in PHP. We do the same as Scott. All DB connections from our web apps use the same userid/password for all calls. When the user first connects they have to signon. We call and RPG app to validate the credentials (we actually do a two step process, check Active Directory using LDAP and if that fails check local i5 directory). If the authentication is valid we create a session id, write it to DB2 table along with the userid (along with some other info) and set a session cookie with the session id. On all subsequent requests, if the cookie exists, we check the sessions id in the database and if it matches the app will respond, if not it redirects them to a logon screen. All of that code is also in a callable app that either returns the users credentials to the app or does the redirect
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Scott
Sent: Thursday, June 11, 2009 10:49 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Reusing User ID and Password with Zend i5_Program_Call
Shannon,
I responded on the Zend forums and thought I'd copy that response here.
Here is what I'm doing, not sure if it is the best but it is what I'm
doing.
I use a generic login for all of the connections to the 400. This login
has the initial menu set to *SIGNOFF.
When a user enters a username/password I call an RPG program passing
these as parameters. In the RPG program I call QSYGETPH to see if the
combination is valid, if it is I set a flag and store it in the session,
along with the username discarding the password (this wouldn't work if
your object security required the specific user to connect). I also
check the number of invalid password attempts before checking the
password so the user cannot disable themselves from the web login (I
didn't want to have to deal with re-setting accounts disabled this way.)
by calling QSYRUSRI.
You could however store the username and password in the session which
will be stored on the IFS. This may or may not be a concern depending on
how your IFS is secured (or not secured :-) ).
I'm not sure if that answers your question. If not let me know what
needs clarification or an example.
Scott
Shannon ODonnell wrote:
Here's my scenario:
I have the user log in with their i5 user id/password with a PHP script.
I then take the user to a new page, and I have them enter a search string.
I take that search string and I pass it to an RPG program using
i5_Program_Call. Now...as you know, the i5_Program_Call requires the user
to log in first, that is, the php page needs to establish a connection to
the server before doing a i5_program_call.
But in this case, the user logged in on a previous php page which, since
this is basically all stateless, the iSeries and the PHP server know nothing
about.
I do not want to force the user to log in again on this page to do their
search, and I don't want to store that user ID and password in the PHP
script either. So how can I accomplish this?
What does the rest of the community do to reuse the id and password with PHP
like this?
Shannon O'Donnell
As an Amazon Associate we earn from qualifying purchases.