All installation and configuration problems and questions
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
by eijal » Wed Jul 30, 2008 12:40 pm
Hi
I am going to add new php scripts inside the $PATHweb/vicidial/ directory. So for security purposes; only authorised user from vicidial must have access to them, in the same way of admin.php, AST_agent_performance_detail.php and so on.
What lines do I need to add to the new php scripts?
Are the following lines right?
- Code: Select all
<?php
require("dbconnect.php");
$PHP_AUTH_USER=$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW=$_SERVER['PHP_AUTH_PW'];
$PHP_AUTH_USER = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_USER);
$PHP_AUTH_PW = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_PW);
$stmt="SELECT count(*) from vicidial_users where user='$PHP_AUTH_USER' and pass='$PHP_AUTH_PW' and user_level > 7;";
if ($DB) {echo "|$stmt|\n";}
$rslt=mysql_query($stmt, $link);
$row=mysql_fetch_row($rslt);
$auth=$row[0];
if( (strlen($PHP_AUTH_USER)<2) or (strlen($PHP_AUTH_PW)<2) or (!$auth))
{
Header("WWW-Authenticate: Basic realm=\"VICIDIAL-LEAD-LOADER\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Invalid Username/Password: |$PHP_AUTH_USER|$PHP_AUTH_PW|\n";
exit;
}
?>
Am I missing something?
Is that correct?
Thanks
-
eijal
-
- Posts: 186
- Joined: Thu Feb 08, 2007 6:34 pm
by mflorell » Wed Jul 30, 2008 2:05 pm
That should work.
Let us know how it goes.
-
mflorell
- Site Admin
-
- Posts: 18339
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
-
by eijal » Wed Jul 30, 2008 4:50 pm
mflorell wrote:That should work.
Let us know how it goes.
When for the first time I login from a new php scripts and then I logout through the admin.php (logout link in the admin.php script). I can still navigate for every php scripts inside the vicidal/ directory, with out any user and passowrd.
-
eijal
-
- Posts: 186
- Joined: Thu Feb 08, 2007 6:34 pm
by mflorell » Wed Jul 30, 2008 7:21 pm
That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.
What web browser are you using?
-
mflorell
- Site Admin
-
- Posts: 18339
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
-
by eijal » Thu Jul 31, 2008 3:25 pm
mflorell wrote:That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.
What web browser are you using?
When the first login is through the vicidial/admin.php, the logout link works well. The problem is when the first login is through one of the new php scripts or AST_agent_performance.php and so on.
I mean when the first login isn't through the vicidial/admin.php script, the logout link doesn't take effect
The web browser that I am using is Firefox v2.0.0.6, but I also tried with IE v6.0 and the problem is the same.
thanks
-
eijal
-
- Posts: 186
- Joined: Thu Feb 08, 2007 6:34 pm
by mflorell » Thu Jul 31, 2008 7:31 pm
That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.
-
mflorell
- Site Admin
-
- Posts: 18339
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
-
by eijal » Fri Aug 01, 2008 9:20 am
mflorell wrote:That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.
If I figure out a solution, I will tell you
Thank you very much
-
eijal
-
- Posts: 186
- Joined: Thu Feb 08, 2007 6:34 pm
Return to Support
Who is online
Users browsing this forum: No registered users and 257 guests
