need alt. Session auth. (.htaccess php_value)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My shared-host doesn't allow  php_value directives in  .htaccess

I was using an  "auto_prepend_file" on my local development machine,
that helped me implement a Session based authentication system.

Host said:  "PHP is running as SuEXEC-CGI for security reasons"
and auto_prepend_file  can only be put in php.ini  ( system wide, out
of my control )

Now I'm back to Square 0.   I'd prefer not to get stuck rewriting my
Any other alternatives & suggestions on implementing Session based
authentication ?

Re: need alt. Session auth. (.htaccess php_value)

awebguynow wrote:

Quoted text here. Click to load it


Well, I guess you have to rewrite your code so it handles the authentication  
It doesn't have to be a lot of work.
I always approach this simple. Try something along the following lines:

Above every PHP-file that needs some authentication:
  // session_start(); // I use auto-start, so this is up to you.
  // or

the someFunctions.php file contains a simple routine like:
function checkIfLoggedIn(){
 if (isset($_SESSION["userid"])){
   // OK, continue
 } else {
   // not ok, session over or illegal attempt
   header('login.php?comment='.urlencode('Your session is over. Please login  

same for checkIfIsAdmin(), only that checks another value in SESSION, like  
$_SESSION["admin"] == "Y".

You probably have your own sets of expected session-vars.

I give you this example because it is usable everywhere where sessions are  
supported. If you set it up like this, you never need to worry about  
safemode, or auto_prepend_file, etc, because you simple include it  
everywhere where needed with appropriate functionscalls.

Hope this helps.

Erwin Moller

Site Timeline