Intranet Software, Extranet Software, Corporate Intranets & Extranets
Claromentis
 
Trace: » What's New Tuning » Securing third-party PHP page
You are here: Claromentis WIKI » development » Securing third-party PHP page
Translations of this page:
Table of Contents

Securing third-party PHP page

Situation

You may have another web-based application written in PHP sharing the same server with Claromentis. Here is how you can secure your application and forces users to log-in to Claromentis before they can access it

Same Domain

If your PHP pages located on the same domain as Claromentis you can use this method, example would be your intranet might be called: 

http://myofficeintranet.com

and your PHP application is located at 

http://myofficeintranet.com/apps/

How to:

1. Create page called cla_session.php 

<?
session_start();
if (!$_SESSION['SESSION_UID'])
{
  header("Location: /intranet/main/login.php?page=".urlencode($_SERVER['REQUEST_URI']));
  exit();
}
?>

2. Insert this line on the typical header of the php file you have, pay attention to the path. 

 
<?php
require("cla_session.php");
?>

Separate Domain, same Physical Server

1. Create page called cla_session.php

Replace $login_domain and $claromentis_path with the correct value 

<?
$login_domain = "http://yourintranet.com";
$claromentis_path = "/home/public_html/intranet/common/";
 
if (strlen($_GET['sid']))
{
	$old_pwd = getcwd();
	chdir($claromentis_path);
	require_once('../common/ifunctions.php');
	$session = RC4($_GET['sid'], 'de');
	session_write_close();
	if (strlen($session) != 0)
		session_id($session);
	chdir($old_pwd);
}
 
session_start();
 
if (!$_SESSION['SESSION_UID'])
{
	$page = 'http://'.$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
	httpRedirect($login_domain.'intranet/main/login.php?page='.urlencode($page));
}
 
 
function http_status_header($status_string)
{
	if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
		$http_version = '1.0';
	else
		$http_version = '1.1';
 
	Header("HTTP/$http_version ".$status_string);
	Header("Status: ".$status_string);
}
 
function httpRedirect($loc)
{
	if (headers_sent())
	{
		echo "<html><head><META http-equiv=\"refresh\" content=\"0; URL=$loc\"></head><body onLoad=\"tip=document.getElementById('redirect_tip'); tip.style.display='none'; self.location='$loc'\"><span id=\"redirect_tip\" style=\"font-size: 11px; font-face: Tahoma\"><a href='$loc'>Click here to continue</a></span></body></html>";
	} else
	{
		http_status_header('303 See Other');
		Header("Location: $loc");
		echo "Redirecting to <a href='$loc'>$loc</a>";
	}
	exit();
}
 
?>

2. Insert this line on the typical header of the php file you have, pay attention to the path. 

 
<?php
require("cla_session.php");
?>

Discussion

 
development/securing_page.txt · Last modified: 07/06/2011 04:49 by admin
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki