Securing DBasis

Thursday, June 10. 2004

Securing dbasis with the standard, Syntax session-based authentication turns out to be relatively simple. The version of dbasis in cvs now has this for all future sites going forward. To secure exisiting instances drop in the following code after line 115. This requires a login from a user in the admin group. line 115: $session->initialize();

# Authentication
# --------------
    require_once($PXDB_PATH . '/classes/auth/pxdb_auth.class.php');
    
    $auth = &new pxdb_auth('dbasis');
    $auth->set_username_field('idnum');
    //$auth->debug = true;
    // restrict to admin group
    
    if($_GET['logout']) { $auth->logout(); }
    
    $auth->restrict( 'admin' );
    
    if(!($user = &$auth->authenticate())) {
        //include(SITE_ROOT . '/display/header.disp.php');
        $auth->showlogin();
        //include(SITE_ROOT . '/display/footer.disp.php');
        exit;
    }

Posted by omerida in Under the Hood at 18:19 | Comments (0) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry

About SyntaxCMS

SyntaxCMS is an Open Source Content Management System project sponsored by Forum One Communications. Forum One is a firm based in Washington DC with the singular mission of applying significant technologies to public policy issues of importance.