Adding new scripts to vicidial directory

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Adding new scripts to vicidial directory

Postby eijal » Wed Jul 30, 2008 12:40 pm

Hi
I am going to add new php scripts inside the $PATHweb/vicidial/ directory. So for security purposes; only authorised user from vicidial must have access to them, in the same way of admin.php, AST_agent_performance_detail.php and so on.

What lines do I need to add to the new php scripts?

Are the following lines right?

Code: Select all
<?php
require("dbconnect.php");

$PHP_AUTH_USER=$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW=$_SERVER['PHP_AUTH_PW'];

$PHP_AUTH_USER = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_USER);
$PHP_AUTH_PW = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_PW);


$stmt="SELECT count(*) from vicidial_users where user='$PHP_AUTH_USER' and pass='$PHP_AUTH_PW' and user_level > 7;";
if ($DB) {echo "|$stmt|\n";}
$rslt=mysql_query($stmt, $link);
$row=mysql_fetch_row($rslt);
$auth=$row[0];

  if( (strlen($PHP_AUTH_USER)<2) or (strlen($PHP_AUTH_PW)<2) or (!$auth))
   {
    Header("WWW-Authenticate: Basic realm=\"VICIDIAL-LEAD-LOADER\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "Invalid Username/Password: |$PHP_AUTH_USER|$PHP_AUTH_PW|\n";
    exit;
   }
?>


Am I missing something?
Is that correct?

Thanks
eijal
 
Posts: 186
Joined: Thu Feb 08, 2007 6:34 pm

Postby mflorell » Wed Jul 30, 2008 2:05 pm

That should work.

Let us know how it goes.
mflorell
Site Admin
 
Posts: 18387
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Postby eijal » Wed Jul 30, 2008 4:50 pm

mflorell wrote:That should work.

Let us know how it goes.


When for the first time I login from a new php scripts and then I logout through the admin.php (logout link in the admin.php script). I can still navigate for every php scripts inside the vicidal/ directory, with out any user and passowrd.
eijal
 
Posts: 186
Joined: Thu Feb 08, 2007 6:34 pm

Postby mflorell » Wed Jul 30, 2008 7:21 pm

That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.

What web browser are you using?
mflorell
Site Admin
 
Posts: 18387
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Postby eijal » Thu Jul 31, 2008 3:25 pm

mflorell wrote:That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.

What web browser are you using?

When the first login is through the vicidial/admin.php, the logout link works well. The problem is when the first login is through one of the new php scripts or AST_agent_performance.php and so on. I mean when the first login isn't through the vicidial/admin.php script, the logout link doesn't take effect

The web browser that I am using is Firefox v2.0.0.6, but I also tried with IE v6.0 and the problem is the same.

thanks
eijal
 
Posts: 186
Joined: Thu Feb 08, 2007 6:34 pm

Postby mflorell » Thu Jul 31, 2008 7:31 pm

That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.
mflorell
Site Admin
 
Posts: 18387
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Postby eijal » Fri Aug 01, 2008 9:20 am

mflorell wrote:That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.

If I figure out a solution, I will tell you

Thank you very much
:wink:
eijal
 
Posts: 186
Joined: Thu Feb 08, 2007 6:34 pm


Return to Support

Who is online

Users browsing this forum: No registered users and 137 guests