[RESOLVED] Pear Auth help

gotissues68

Hi All,
I am using Pear::Auth for an application and authentication works fine. The trouble I'm running into is using it across pages. The examples in the documentation assume code is executed if auth is successful. I've set it to redirect to another page. On this second page, I am instantiating a new auth object to see if valid auth exists and if not, sending the user back to the login page. This works fine, however, if there were valid credentials entered and the user is shown the protected page the variables set on the login page aren't transferring over.

I'm sure there is something wrong with the logic I'm using to do this. What would be the proper way to use Pear::Auth across pages in this fashion?

Google and forum search have failed me so far.

Thanks for any help, hints or links =)

Drew-

gotissues68

Well I have managed to partially kluge together a solution.

I have changed it so that when $a->getAuth succeeds it includes the application page and now variables I set as part of that process like a->setSessionName as I can see them when I do a var_dump($SESSION) however if I try and echo any variable in $SESSION or try and run it through a function it is showing up as blank as if it's not set.

NogDog

Afraid I don't really have any idea without any code to look at; and I've never used PEAR::Auth, so I don't happen to know any particular tricks or "gotchas" to look out for.

I can see them when I do a var_dump($SESSION) however if I try and echo any variable in $SESSION or try and run it through a function it is showing up as blank as if it's not set.

At first glance this would seem to indicate some problem in the way you are referencing the $SESSION variables, but it could be a complete misunderstanding on my part. Or one possibility is that something you are doing is wiping out $SESSION (e.g.: unset($SESSION);), which would then mean that if it is recreated by further assignments, the $SESSION array would no longer be "super-global".

gotissues68

Thanks for the reply Nog. If this weren't using the Pear::Auth class it wouldn't be an issue. I'm not unsetting anything so I'm somewhat confused. The docs for the class do reference the session named as $_authsession but attempting to access these vars yields the same results.

I'll post the code I'm using which I really doubt will be of any use but it'll be worth a shot.

// class instantiation junk

$auth->start();
if ($auth->checkAuth()) {
$user = $auth->getUsername();
$auth->setSessionName("drew");
include 'app.php';
}

$user is indeed being set appropriately and I can access it with no problem. I can also see that is set in the $_SESSION var_dump() output. I just can't figure out why I can't access anything else. Totally weird, I've never encountered this behavior before.

The only reason I'm attempting to check the session vars is because if I instantiate a new Auth object to check the checkAuth() method it kills all the session information already created on within the original auth code, as I said using include 'app.php'; inside the original object has resolved at least accessing my user set variable.

Hmm I suppose I could just set a couple of my own vars like this and check against them =)

We'll see what happens I'll post back on the results.

gotissues68

Just setting another variable in the code I post along with $user and checking for it's existence works the way I intend. So I guess problem solved even if it's not the most elegant solution.