Previous Next Table of Contents

5. Example configuration

index.php3 is a simple example using only the Poe_Session, class. showoff.php3 is a much more complex example that also makes use of Poe_Auth and Poe_Perm as well as the Table class to create a session page that is authenticated and protected by permissions. This example needs a correct database setup to function. create_database.sql will create this database setup for your database, if you are using MySQL.

local.inc includes the definitions necessary to connect to that database. You MUST adapt these defintions to match your local setup to make this work: It should be enough to adapt DB_Poe, the very first class in local.inc to make it run. local.inc also includes a class Poe_Challenge_Auth which is unused (and can replace Poe_Auth). You may want to either delete this class or Poe_Auth, if you are going to use local.inc as a start for your own local.inc.

Class Poe_Auth does include loginform.ihtml to create the login screen. You may want to use this file as a start for your own login screens.

Class Poe_Challenge_Auth does include crloginform.ihtml to create the login screen. You may want to use this file as a start for your own login screens, if you use Challenge/Response authentication (see below). crloginform.ihtml in turn references md5.js, a javascript implentation of the md5 hash algorithm.

Class Poe_Challenge_Auth is a modified login system that uses JavaScript and a Challenge/Response mechanism to avoid that the user password ever hits the wire. It is attackable, because it uses a semi-predictable challenge (md5(uniqid("")), but more secure than plaintext passwords.


Previous Next Table of Contents