Cookie Session Php

$server="XXX.XXX.XXX.XXX"; //change to ip address of ldap server
$basedn="ou=users, ou=accounts, dc=domain, dc=com"; //change to reflect the ou
and
domain that your users are in.
$script=$_SERVER['SCRIPT_NAME'];
if (isset($HTTP_COOKIE_VARS['cookie'])) { //If cookie exists, retrieve it and
put it in an
array for use.
$cookie=$HTTP_COOKIE_VARS['cookie'];
}
if (isset($cookie)) {
$username=$cookie['user'];
$password=($cookie['token']);
$fullname=$cookie['fullname'];
$fqdn=$cookie['fqdn'];
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) {
die ("Could not bind to $dn$basedn");
}
} else {
if ((isset($_POST['username'])) && (isset($_POST['password']))) {
$username=$_POST['username'];
$password=$_POST['password'];
$filter="(&(|(!(displayname=Administrator*))(!
(displayname=Admin*)))(cn=$username))"; //define an appropriate ldap search filter
to
find your users, and filter out accounts such as administrator(administrator should
be
renamed anyway!).
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn",
$password))) {
die ("Could not bind to $dn");
}
$sr = ldap_search($connect, $basedn,"$filter");
$info = ldap_get_entries($connect, $sr);
$fullname=$info[0]["displayname"][0];
$fqdn=$info[0]["dn"];
setcookie("cookie[user]",$username);
setcookie("cookie[token]",$password);
setcookie("cookie[fullname]",$fullname);
setcookie("cookie[fqdn]", $fqdn);
} else {
?>


Portal Login















color="gray">Enter Credentials









face="Verdana,Tahoma,Arial,sans-
serif" size="1" color="gray">Username:


face="Verdana,Tahoma,Arial,sans-
serif" size="1" color="gray">Password:

name="password">

name="image">







color="silver">This System is
for the use of authorized users only. Individuals using this computer system
without
authority, or in excess of their authority, are subject to having their activities
on this system
monitored and recorded by system personnel. In the course of monitoring individuals
improperly using this system, or in the course of system maintenance, the activities
of
authorized users may also be monitored. Anyone using this system expressly consents
to
such monitoring and is advised that if such monitoring reveals possible criminal
activity,
system personnel may provide the evidence of such monitoring to law enforcement
officals.
This warning has been provided by the United States Department of Justice and is
intended to
ensure that monitoring of user activity is not in violation of the Communications
Privacy Act of
1986.







die ();
}
}
?>