Re: persistent sign on for Zend Server

The usual approach, is to store the User a variable as session variable to denote that the user was logged in, it is even better if you store the time stamp and IP address from which it is connecting from. NEVER store the password even on a session variable.

Just put the following at the beginning of any of your public php script:

Application::authenticate();

Then create a class:

Class authenticate {
public static function authenticate() {
if( !isset( $session['logged_in'] ) || $session['logged_in'] !== true ) {
header( 'Cache-Control: must-revalidate, proxy-revalidate, public' );
Application::redirect( 'login.php' );
}
}

public static function redirect( $url ) {
header( 'location:' . $url );
exit;
}

Public function login() {
.... show your form here ....
... and call login_validate() on form submit...
... of course, you have to build/modify a public .php script that would call login_validate();
};

Public function login_validate() {
if (user+password+other_IS_OK )...
$session['logged_in'] = true;
}
}

Well... you get the idea.

Jorge Merino

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Larry Kleinman
Sent: Thursday, March 03, 2011 12:18 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] persistent sign on for Zend Server

Using Zend Server, I would like to present a sign-on screen where the user
enters a user ID and password to be used as the parms of the i5_connect
function. This is not hard, but I want to present that screen only once,
and use that info as the user moves from screen to screen, all of which
will require a 15_connection. I know that I can store the user and
password entered as $_SESSION variables, but I don;t like the idea of the
password being written to some place on the PC hard drive. (That's how
$_SESSION works, right?). Any suggestions on how to deal with this.

Larry Kleinman
Kleinman Associates, Inc.
212-949-6469
203-255-4100