I work on project in pl/sql and need to secure a part of a website by login form.
I wrote package UI to show authentication(login, password) form and other forms. But how can I create an user session if the login and password are correct and show the logged view ??
Create your own table in the database to store session related information:
create table web_sessions(
session_id varchar2(32)
, variable varchar2(32)
, value varchar2(4000)
);
Use DBMS_RANDOM to generate a random string as session identifier and use OWA_COOKIE to store it in a cookie.
Your login page should do:
Set session cookie with random string
Check username/password
If username/password are correct, store successful login in your session table
Redirect to main application page
Every page in your application should check:
Get the session cookie
If session does not exist (or is not valid), redirect to login page
Show authenticated content
This should get you going.
Related
I have two domains (ex:a.com,b.com) with the same Database, need to log in whenever logged into the alternate domain.
if a.com was logged in b.com also wants to log in
I already tried calling curl URL and passing unique id and get user details from the database using unique id and start the session and set session values to the variable, the session was set and got in response but the second domain was not logged in
I'm wondering how I can password protect pages (therefore web routes) without any auth. My website doesn't have user login/register system, it's not needed.
All I want is to have a several password protected pages that each have a unique password, these passwords are stored in a database.
How would I go about doing this?
Two steps.
create a page for requesting password, also include which page he is trying to access, if user enters the password correctly, set session variable saying pageX is authenticated and redirect to the page.
Create Middleware that checks for the session variable, if it doesn't exist redirect to password page.
I prefer to combine it with javascript window.prompt and session laravel.
Create a pop up to insert the password of the page.
https://www.w3schools.com/js/js_popup.asp
redirect the result to a route, in the controller search the password form database.
use session from laravel, so if the password exist set the session.
https://laravel.com/docs/5.0/session
4.the session isset is null, redirect it to another route.
I need to share session values between domain A and domain B.
I am trying to login to domain B,the code for login and signup are written in domain A. Once logged in the user will be redirected to domain B.The problem i am facing is that i am unable to fetch the unique id of logged in user which is stored in session. Call to login function is made via an API.I am able to store and fetch the session value on the same page. But when i try to fetch the session value in different page, its showing null.
Note: domain B is not a subdomain. They are two different domains.
Can anyone help me in solving this issue?
I'm new in PHP and Codeigniter, by the way how to update database table when session in CI is expired and where I can put the code? I use uniqid in database, it's called token. here is my login tableusername, password, level, token, last_login, exp_time. and I want to change value token=null when session in Codeigniter is expired.
I think you're approaching this the wrong way. Sessions can expire passively, so your user DB would not be up to date.
You could use Codeigniter's option to store session data in your MySQL database and check against those entries.
I'm developing twitter application so I'm using twitter_oauth gem to authorize. Here's the code which is very basic one. So, if a user goes to /login it will redirect user to twitter login, once he logged in and click authorize the app, the he will be redirected back to my website.
begin
callback = ENV['twitter_callback'] || "http://127.0.0.1:4567/login/success"
request_token = #twitterClient.request_token(:oauth_callback => callback)
MemcacheUtil::set("request_token_twitter", request_token, 3000)
redirect request_token.authorize_url
rescue Exception => e
puts e.message
puts e.backtrace.join("\n")
raise Exception.new("Something's wrong with twitter!")
end
Here's what I would like to do. If user logged out and he wants to login again. Right now, if he clicks the login button he'll be redirected to twitter again to authorize the app. Is there anyway I could overcome this. I notice some site then even though I logged out and i click login again. It does something and logged me in without going to twitter site. How do I do that? Do they keep my token and secret in cookies?
for example: http://www.klout.com
You need to have your own user model for your app, then link 3rd-party accounts. OpenSocial spec defines Account as (domain, userId, username) so that is likely a safe bet. You could store this in memcached as well, or have a different storage, and then store your key on the device or in cookie depending on if web app or native app. Don't store the token in cookie, store reference to your user and then perform a lookup on first request and perhaps store your own auth token in memcached for the "session".
simple MySQL tables for user:
CREATE TABLE IF NOT EXISTS user (id INT NOT NULL AUTO_INCREMENT, name VARCHAR(48), ..., PRIMARY KEY (id));
CREATE TABLE IF NOT EXISTS user_accounts (id INT NOT NULL AUTO_INCREMENT, domain VARCHAR(64), user_id VARCHAR(32), username VARCHAR(32), status TINYINT(1), PRIMARY KEY (id));
OR
simple JSON object for user/accounts (store in memcached for example with your own key)
"user":{"id":yourId, "name":"Some Name",
"accounts":[{"domain":"twitter.com", "user_id":"sometoken", "username":"handle"}]
}
Hope that is helpful. Key is store your own users, then reference your key as cookie or on device during subsequent visits and perform your own lookup. For performance you won't want to look up every request so I'd suggest you use memcached to store session thereafter for that user.