Single Sign-on
We now have a central sign-on system for our web pages. When a user logs into one section of our web site, they do not have to log in to other sections. You can use the central sign-on for your official web pages, if you are using PHP for your web pages. All official web pages are, under the redesign, using PHP.
The single sign-on system handles requesting passwords via secure server and authorizes pages for you automatically.
The central system updates immediately after someone changes their password, unlike the .htaccess system which can take up to an hour to reflect password changes.
Unlike the .htaccess system, this system protects pages, not directories. Protecting one page with this system does not protect the rest of the pages in that directory, even if it is the index page. You must follow these steps on every page that you want protected. This system cannot protect images, PDF files, or any files other than PHP files. For the moment, if you wish to protect entire directories, you will need to continue to use .htaccess.
Password-protecting your PHP page
The very top of your web page must include the login file:
include('/web/includes/login.php');
It must do this inside a php part of your page, such as by:
<?include('/web/includes/login.php');?>
This must be at the very top of your web page. There cannot be any HTML before, nor even any spaces or blank lines. Any stuff above the PHP code listed above will cause the protection to fail. Unlike a bad .htaccess file, bad PHP lines will open up your page to the entire net.
If all you want to do is limit access to USD community members, that's all you need to do. No one will be able to get into your web page unless they have a valid MySanDiego username and password.
The login form will automatically choose our secure server, and redirect back to your original page when it is done. The system will, in fact, only accept passwords that are sent securely. You do not need to do anything special to ensure this.
Who is a community member?
Currently, a community member is someone who has a MySanDiego account. There are four groups: students, faculty, staff, and sites (web site accounts). In the future, our web server’s notion of the USD community will probably expand to include incoming students, potential students, parents, and interested parties.
Limit to specific users
If you want to limit access to a specific user, put the following before your “include” line, as in:
<? $allow = "username"; include('/web/includes/login.php'); ?>
If you want to limit access to a group of users, place them in quotes, listed with commas:
<? $allow = array("username1", "username2", "username3"); include('/web/includes/login.php'); ?>
You can also deny access to a user or list of users, using $deny instead of $allow.
Logout buttons and links
Sign-ins expire after (as I write this) twenty minutes. You can also provide an explicit logout button or link.
If you wish to place a logout button, put the following where the logout button to appear:
<?logoutbutton()?>
If you wish to place a logout link, use this:
The logout button or link will only display if the user is logged in. You can give logoutlink() and logoutbutton() a message and this will be the text of the link. If you give a second item to one of those functions, that will be used as the URL of a logout page that people will be redirected to on logout:
<?logoutlink("Logout of Rainbow Tour", "/rainbow/")?>
<?logoutlink("Log Out of Rainbow Tour")?>