$this->debug(“Redirect user to caller application at url =
$url.”);
} else {
$this->debug(“User failed authentication.”);
$this->display_login();
$_SESSION[“SESSION_ATTEMPTS”] =
$this->getSessionField(“SESSION_ATTEMPTS”) + 1;
}
}
}
function warn()
{
global $WARNING_URL;
$this->debug(“Came to warn the user $WARNING_URL”);
header(“Location: $WARNING_URL”);
}
function display_login()
{
global $TEMPLATE_DIR;
global $LOGIN_TEMPLATE;
global $MAX_ATTEMPTS;
global $REL_TEMPLATE_DIR;
global $email, $url;
global $PHP_SELF,
$FORGOTTEN_PASSWORD_APP;
$url = $this->getRequestField(‘url’);
if ($this->getSessionField(“SESSION_ATTEMPTS”) > $MAX_ATTEMPTS)
{
$this->warn();
}
$this->debug(“Display login dialog box”);

$template = new Template($TEMPLATE_DIR);
$template->set_file(‘fh’, $LOGIN_TEMPLATE);
$template->set_block(‘fh’, “mainBlock”);
$template->set_var(‘SELF_PATH’, $PHP_SELF);
$template->set_var(‘ATTEMPT’,
$this->getSessionField(“SESSION_ATTEMPTS”));
Continued
Chapter 5: Central Authentication System 141
08 549669 ch05.qxd 4/4/03 9:24 AM Page 141
Listing 5-7 (Continued)
$template->set_var(‘TODAY’, date(“M-d-Y h:i:s a”));
$template->set_var(‘TODAY_TS’, time());
$template->set_var(‘USERNAME’, $email);
$template->set_var(‘REDIRECT_URL’, $url);
$template->set_var(‘FORGOTTEN_PASSWORD_APP’, $FORGOTTEN_PASSWORD_APP);
$template->parse(“fh”, “mainBlock”);
$template->set_var(‘BASE_URL’, sprintf(“%s”,$this->base_url));
$template->pparse(“output”, “fh”);
return 1;
}
function is_authenticated()
{
return (!empty($_SESSION[“SESSION_USERNAME”])) ? TRUE : FALSE;
}
function authenticate($user = null, $passwd = null)
{
$authObj = new Authentication($user, $passwd, $this->app_db_url);
if ($authObj->authenticate())
{
$uid = $authObj->getUID();

$this->debug(“Setting user id to $uid”);
$this->setUID($uid);
return TRUE;
}
return FALSE;
}
}
global $AUTH_DB_URL;
$thisApp = new loginApp(
array(
‘app_name’ => $APPLICATION_NAME,
‘app_version’ => ‘1.0.0’,
‘app_type’ => ‘WEB’,
‘app_db_url’ => $AUTH_DB_URL,
‘app_auto_authorize’ => FALSE,
‘app_auto_chk_session’ => FALSE,
142 Part II: Developing Intranet Solutions
08 549669 ch05.qxd 4/4/03 9:24 AM Page 142
‘app_auto_connect’ => TRUE,
‘app_type’ => ‘WEB’,
‘app_debugger’ => $OFF
)
);
$thisApp->buffer_debugging();
$thisApp->debug(“This is $thisApp->app_name application”);
$thisApp->run();
$thisApp->dump_debuginfo();
?>
The logout.php application calls the is_authenticated() method of the
class.PHPApplication.php object and, if the user is authenticated, it calls its own

logout method. This method calls the session_unset() and session_destroy()
methods, which are part of PHP’s built-in session management API. The ses-
sion_unset()
method simply makes the session variables as if they were never set
before. The effect of session_unset() in our login scenario is that session vari-
ables such as SESSION_USERNAME and SESSION_ATTEMPTS are unset. Similarly, the
session_destroy() method removes the entire session (file or database record)
from the session storage. The full effect is that the user loses her session and will
need a new login session to work with applications that require the central login
facility.
The logout.php application uses the logout.conf file shown in Listing 5-8.
This configuration file is very similar to the login.conf and requires no further
explanation except that the $HOME_URL is a new entry. This variable sets the URL,
which is used to redirect the logged out user to a central page. Typically this URL
would be set to the home page of the intranet or Internet site.
Listing 5-8: logout.conf
<?php
// login.conf
//extract($_GET);
//extract($_POST);
// Turn on all error reporting
error_reporting(E_ALL);
// If you have installed framewirk directory in
// a different directory than
// %DocumentRoot%/framework, change the setting below.
Continued
Chapter 5: Central Authentication System 143
08 549669 ch05.qxd 4/4/03 9:24 AM Page 143
Listing 5-8 (Continued)
$APP_FRAMEWORK_DIR=$_SERVER[‘DOCUMENT_ROOT’] . ‘/framework’;

$PEAR =$_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’;
$PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] . ‘/phplib’;
// Insert the path in the PHP include_path so that PHP
// looks for PEAR, PHPLIB and our application framework
// classes in these directories
ini_set( ‘include_path’, ‘:’ .
$PEAR . ‘:’ .
$PHPLIB . ‘:’ .
$APP_FRAMEWORK_DIR . ‘:’ .
ini_get(‘include_path’));
$PHP_SELF = $_SERVER[“PHP_SELF”];
$LOGIN_TEMPLATE = ‘login.html’;
$APPLICATION_NAME = ‘LOGIN’;
$DEFAULT_LANGUAGE = ‘US’;
$AUTH_DB_URL = ‘mysql://root:foobar@localhost/auth’;
$ACTIVITY_LOG_TBL = ‘ACTIVITY’;
$AUTH_DB_TBL = ‘users’;
$MIN_USERNAME_SIZE= 3;
$MIN_PASSWORD_SIZE= 3;
$MAX_ATTEMPTS = 250;
$FORGOTTEN_PASSWORD_APP =
‘/user_mngr/apps/user_mngr_forgotten_pwd.php’;
$APP_MENU = ‘/’;
$TEMPLATE_DIR = $_SERVER[‘DOCUMENT_ROOT’] .
‘/login/templates’;
$REL_TEMPLATE_DIR = ‘/login/templates/’;
$WARNING_URL = $TEMPLATE_DIR . ‘/warning.html’;
require_once “login.errors”;
require_once “login.messages”;
require_once ‘DB.php’;

require_once $APP_FRAMEWORK_DIR . ‘/’ . ‘constants.php’;
144 Part II: Developing Intranet Solutions
08 549669 ch05.qxd 4/4/03 9:24 AM Page 144
require_once $APP_FRAMEWORK_DIR . ‘/’ . $DEBUGGER_CLASS;
require_once $APP_FRAMEWORK_DIR . ‘/’ . $APPLICATION_CLASS;
require_once $APP_FRAMEWORK_DIR . ‘/’ . $ERROR_HANDLER_CLASS;
require_once $APP_FRAMEWORK_DIR . ‘/’ . $AUTHENTICATION_CLASS;
require_once $APP_FRAMEWORK_DIR . ‘/’ . $DBI_CLASS;
require_once $APP_FRAMEWORK_DIR . ‘/’ . $USER_CLASS;
require_once $TEMPLATE_CLASS;
?>
The logout application also has a logout.errors file, shown in Listing 5-9, and
logout.messages file, shown in Listing 5-10.
Listing 5-9: logout.errors
<?php
// Errors for Logout application
$ERRORS[‘US’][‘MISSING_CODE’] = “No error message found”;
$ERRORS[‘US’][‘INVALID_DATA’] = “Invalid data.”;
?>
The logout messages are displayed using the alert() method found in the
class.PHPApplication.php object.
Listing 5-10: logout.messages
<?php
// Messages for logout applications
$MESSAGES[‘US’][‘LOGOUT_SUCCESSFUL’] = “You are logged out.”;
$MESSAGES[‘US’][‘LOGOUT_FAILURE’] = “You are not logged in.”;
$MESSAGES[‘US’][‘LOGOUT_NOT_LOGGED_IN’] = “You are not logged in.”;
?>
Now let’s test our central login and logout applications.
Chapter 5: Central Authentication System 145

08 549669 ch05.qxd 4/4/03 9:24 AM Page 145