vicidial.org

Hi
I am going to add new php scripts inside the $PATHweb/vicidial/ directory. So for security purposes; only authorised user from vicidial must have access to them, in the same way of admin.php, AST_agent_performance_detail.php and so on.

What lines do I need to add to the new php scripts?

Are the following lines right?

Code: Select all

<?php
require("dbconnect.php");

$PHP_AUTH_USER=$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW=$_SERVER['PHP_AUTH_PW'];

$PHP_AUTH_USER = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_USER);
$PHP_AUTH_PW = ereg_replace("[^0-9a-zA-Z]","",$PHP_AUTH_PW);


$stmt="SELECT count(*) from vicidial_users where user='$PHP_AUTH_USER' and pass='$PHP_AUTH_PW' and user_level > 7;";
if ($DB) {echo "|$stmt|\n";}
$rslt=mysql_query($stmt, $link);
$row=mysql_fetch_row($rslt);
$auth=$row[0];

  if( (strlen($PHP_AUTH_USER)<2) or (strlen($PHP_AUTH_PW)<2) or (!$auth))
   {
    Header("WWW-Authenticate: Basic realm=\"VICIDIAL-LEAD-LOADER\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "Invalid Username/Password: |$PHP_AUTH_USER|$PHP_AUTH_PW|\n";
    exit;
   }
?>


Am I missing something?
Is that correct?

Thanks

That should work.

Let us know how it goes.

mflorell wrote:That should work.

Let us know how it goes.

When for the first time I login from a new php scripts and then I logout through the admin.php (logout link in the admin.php script). I can still navigate for every php scripts inside the vicidal/ directory, with out any user and passowrd.

That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.

What web browser are you using?

mflorell wrote:That has more to do with how the HTTP variables survive through your web browser. If you close your browser then the login/pass HTTP variables are lost and you have to re-log in.

What web browser are you using?

When the first login is through the vicidial/admin.php, the logout link works well. The problem is when the first login is through one of the new php scripts or AST_agent_performance.php and so on. I mean when the first login isn't through the vicidial/admin.php script, the logout link doesn't take effect

The web browser that I am using is Firefox v2.0.0.6, but I also tried with IE v6.0 and the problem is the same.

thanks

That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.

mflorell wrote:That's interesting, I've never really looked into that. HTTP variables are kind of a pain to deal with. Let us know if you figure out a solution.

If I figure out a solution, I will tell you

Thank you very much