I dont really have a clue what I'm doing here. I've got this code but can't get it to work for PHP authentication. Please Help.
//Authorise
<?php
ini_set("session.cookie_lifetime", "0");
ini_set("session.gc_maxlifetime", "3600");
session_start();
$var = $_SESSION["authenticated"];
if(strcmp($var,'yes') !== 0){
header('Location: C:\xampp\htdocs\Edge\Authorise.php');
}
?>
Login Page
<?php
ini_set("session.cookie_lifetime", "0");
ini_set("session.gc_maxlifetime", "3600");
session_start();
include('Authorise.php');
echo "<center><h2>This site requires authentication.</h2>";
echo "<br><hr>";
if(isset($_POST['sig_response'])){
$resp = Duo::verifyResponse(get_cfg_var('duo_ikey'), get_cfg_var('duo_skey'), get_cfg_var('duo_akey'), $_POST['sig_response']);
if($resp != NULL){
header('Location: http://localhost:99/edge');
}
}
else if(isset($_POST['user']) && isset($_POST['pass'])){
if($_POST['user'] == get_cfg_var('duo_user') && $_POST['pass'] == get_cfg_var('duo_pass')) {
$sig_request = Duo::signRequest(get_cfg_var('duo_ikey'), get_cfg_var('duo_skey'), get_cfg_var('duo_akey'), $_POST['user']);
?>
<script src="Duo-Web-v1.bundled.min.js"></script>
<input type="hidden" id="duo_host" value="<?php echo get_cfg_var('duo_host') ; ?>">
<input type="hidden" id="duo_sig_request" value="<?php $_SESSION["authenticated"] = "yes"; echo $sig_request; ?>">
<script src="Duo-Init.js"></script>
<iframe id="duo_iframe" width="620" height="500" frameborder="0" allowtransparency="true" style="background: transparent;"></iframe>
<?php
}
}
else {
echo "<form action='duo.php' method='post'>";
echo "Username: <input type='text' name='user' /> <br />";
echo "Password: <input type='password' name='pass' /> <br />";
echo "<input type='submit' value='Submit' />";
echo "</form>";
}
?>
I got this code from elsewhere. Please can someone explain in more detail to me. Thanks.
The request is not very clear, are you trying to learn what the code means? What certain functions mean? Or are you trying to get a fix?
Judging from what you wrote I will assume that you seek an explanation for the code:
ini_set changes the php configuration for the run time of the script, means it changes the configuration on the global level of the script.
session_start basically starts a session, or continues a current session, it is used for instance when dealing with sessions for login systems, to assign session variables afterwards (e.g $_SESSION["authenticated"])
strcmp returns FALSE if equal.
NOTE: !== should be changed to !=
You basically declared a condition that if $var is NOT equal to 'yes' then it would redirect to authorize.php via the header function.
You need to read more about the POST and GET methods, as there is a lot to explain and if you do not really know what you are doing, then it is best to read through, considering you are passing information through a form and using the post methods. There is a lot of information out there about these, including pros and cons, security details, it is best to get to know the language a little before dealing with these as well.
Best of luck!