Batch php to loggoff web site

I need to have a batch job, from windows (using AT command) to run
once per night to ensure that admins have logged off/out of the web
site admin panel. If I were logged in, I would issue a url similar to
this

http://mysite.com/cntl.php?action=logout

It's not the AT command that's the issue; it's the php code to do this
from command line php. I would expect to have a php program like this
(called logoff.php)

<?
header("Location: http://mysite.com/cntl.php?action=logout");
?>

and issue a command like
php logoff.php

However, that code does not work from batch, although it does work
from a browser url. Any suggestions to accomplish this? If sockets
are required, please post the method. I have tried that way too but
can't seem to figure it out.

Thanks.

On 3 Nov 2003 05:29:58 -0800, gfraley5@earthlink.net (gf) wrote:

>I need to have a batch job, from windows (using AT command) to run
>once per night to ensure that admins have logged off/out of the web
>site admin panel. If I were logged in, I would issue a url similar to
>this
>
>http://mysite.com/cntl.php?action=logout
>
>It's not the AT command that's the issue; it's the php code to do this
>from command line php. I would expect to have a php program like this
>(called logoff.php)
>
><?
>header("Location: http://mysite.com/cntl.php?action=logout");
>?>
>
>and issue a command like
>php logoff.php

The header() function simply issues an HTTP header and so will only
work with an HTTP client (like a browser). It is the browser that
interprets and acts upon the Location header, not PHP.

You'll need to look at a command-line HTTP client. A windows version
of lynx may be suitable.

--
David ( @priz.co.uk )
The Internet Prisoner Database: http://www.priz.co.uk/ipdb/
The Tarbrax Chronicle: http://www.tarbraxchronicle.com/

I may be misunderstanding you, so if I'm off in the wrong direction, I
apologize.
I'm not that knowledgeable about sockets, but I believe that the web server
may or may not have kept its connection to the browser, so trying to
directly issue that URL to the browser can be difficult or impossible. As I
see it, you're going to have a very hard time forcing client browsers to
receive the logoff URL unless:
a) the script they originally hit is still running, via sleep or some such
process idling mechanism
b) the page that's generated contains a REFRESH tag forcing them to hit the
server again.

a) seems like a bad idea because you leave a lot of processes running
needlessly
b) if the page autorefreshes, then you can just have them logout after a
certain time reloading the same page (i.e., an indication of inactivity), or
after a certain time of day or both.

Hope that helps,

Eric


"gf" <gfraley5@earthlink.net> wrote in message
news:2ecb8cd6.0311030529.15e1d9bb@posting.google.c om...
> I need to have a batch job, from windows (using AT command) to run
> once per night to ensure that admins have logged off/out of the web
> site admin panel. If I were logged in, I would issue a url similar to
> this
>
> http://mysite.com/cntl.php?action=logout
>
> It's not the AT command that's the issue; it's the php code to do this
> from command line php. I would expect to have a php program like this
> (called logoff.php)
>
> <?
> header("Location: http://mysite.com/cntl.php?action=logout");
> ?>
>
> and issue a command like
> php logoff.php
>
> However, that code does not work from batch, although it does work
> from a browser url. Any suggestions to accomplish this? If sockets
> are required, please post the method. I have tried that way too but
> can't seem to figure it out.
>
> Thanks.

"gf" <gfraley5@earthlink.net> wrote in message
news:2ecb8cd6.0311030529.15e1d9bb@posting.google.c om...
> I need to have a batch job, from windows (using AT command) to run
> once per night to ensure that admins have logged off/out of the web
> site admin panel. If I were logged in, I would issue a url similar to
> this
>
> http://mysite.com/cntl.php?action=logout
>
> It's not the AT command that's the issue; it's the php code to do this
> from command line php. I would expect to have a php program like this
> (called logoff.php)
>
> <?
> header("Location: http://mysite.com/cntl.php?action=logout");
> ?>
>
> and issue a command like
> php logoff.php
>
> However, that code does not work from batch, although it does work
> from a browser url. Any suggestions to accomplish this? If sockets
> are required, please post the method. I have tried that way too but
> can't seem to figure it out.
>
> Thanks.
>

You are going about it the wrong way. Forget trying to send a HEADER from
the command line... there's no browser to receive it. You need to simply
write a php program that will do what you want and only output to the
command line.

Try this:

1) create a new function in your cntl.php script called 'forcelogout'
2) in this function output only to a logfile or with echo/print (no html)
3) call the function as normal -
http://mysite.com/cntl.php?action=forcelogout

swisscheese

Thanks for the replies thus far. A clarification though. I understand that
that the header() function does not work in batch. I only used that to
indicate the TYPE of thing I am after.

gf wrote:
> I need to have a batch job, from windows (using AT command) to run
> once per night to ensure that admins have logged off/out of the web
> site admin panel. If I were logged in, I would issue a url similar to
> this
>
> http://mysite.com/cntl.php?action=logout
>
> It's not the AT command that's the issue; it's the php code to do this
> from command line php. I would expect to have a php program like this
> (called logoff.php)
>
> <?
> header("Location: http://mysite.com/cntl.php?action=logout");
> ?>
>
> and issue a command like
> php logoff.php
>
> However, that code does not work from batch, although it does work
> from a browser url. Any suggestions to accomplish this? If sockets
> are required, please post the method. I have tried that way too but
> can't seem to figure it out.

What you want to do isn't really possible. As I understand it you don't
want admins walking away from their pcs leaving an admin webpage up for
other people to mess about with. In reality there's nothing you can do
about the workstation/web browser, the server has no control over that
end. What you will have to do is implement some form of timeout at the
server end to re-request the admin password before performing any action.

If you use sessions or cookies to identify logged in users then you
should be able to do this by manipulating the expiry times. I use
cookies to identify users. Ordinary users get a fresh 30 day cookie with
every page. The administrator logon only gets a 10 minute one.

> What you want to do isn't really possible. As I understand it you don't
> want admins walking away from their pcs leaving an admin webpage up for
> other people to mess about with. In reality there's nothing you can do
> about the workstation/web browser, the server has no control over that
> end. What you will have to do is implement some form of timeout at the
> server end to re-request the admin password before performing any
> action.
>
> If you use sessions or cookies to identify logged in users then you
> should be able to do this by manipulating the expiry times. I use
> cookies to identify users. Ordinary users get a fresh 30 day cookie with
> every page. The administrator logon only gets a 10 minute one.

Enable session management for a short period of time, e.g. 10 minutes, and
insert into the <head> section of your HTML an HTTP-equiv refresh:

<meta http-equiv="REFRESH" content="605; URL=/" />

i.e. the page will refresh itself 10 minutes plus 5 seconds after first
loading. Given that the session will have expired 5 seconds beforehand, it
will therefore log you out.



Martin Lucas-Smith www.geog.cam.ac.uk/~mvl22
www.lucas-smith.co.uk

Martin Lucas-Smith <mvl22@cam.ac.uk> wrote in message news:<Pine.SOL.4.44.0311041140220.2071-100000@red.csi.cam.ac.uk>...
> > What you want to do isn't really possible. As I understand it you don't
> > want admins walking away from their pcs leaving an admin webpage up for
> > other people to mess about with. In reality there's nothing you can do
> > about the workstation/web browser, the server has no control over that
> > end. What you will have to do is implement some form of timeout at the
> > server end to re-request the admin password before performing any
> > action.
> >
> > If you use sessions or cookies to identify logged in users then you
> > should be able to do this by manipulating the expiry times. I use
> > cookies to identify users. Ordinary users get a fresh 30 day cookie with
> > every page. The administrator logon only gets a 10 minute one.
>
> Enable session management for a short period of time, e.g. 10 minutes, and
> insert into the <head> section of your HTML an HTTP-equiv refresh:
>
> <meta http-equiv="REFRESH" content="605; URL=/" />
>
> i.e. the page will refresh itself 10 minutes plus 5 seconds after first
> loading. Given that the session will have expired 5 seconds beforehand, it
> will therefore log you out.
>

Thanks Martin (and others). This will work in the event they leave
the browser open. However, I never stated that. My issue is that the
cookie is left on their machine and regardless of whether they leave
their browser open or closed the cookie allows them to stay logged in.
I know I can alter the cookie expire time and that is an option.
However, I don't want it expiring while they are in the middle of
something, so I avoid that. What I want is a way to automatically
schedule an offline job that will expire the cookie, log off the
browser, do whatever is necessary so that at 21:00 hours, as an
example, ALL sessions are timed out.

> Thanks Martin (and others). This will work in the event they leave
> the browser open. However, I never stated that. My issue is that the
> cookie is left on their machine and regardless of whether they leave
> their browser open or closed the cookie allows them to stay logged in.
> I know I can alter the cookie expire time and that is an option.
> However, I don't want it expiring while they are in the middle of
> something, so I avoid that. What I want is a way to automatically
> schedule an offline job that will expire the cookie, log off the
> browser, do whatever is necessary so that at 21:00 hours, as an
> example, ALL sessions are timed out.

Simply set the cookie expire time so that it expires at 21:00 hours. It
takes a little calculation but entirely possible.

In my case with 10 min cookies I reissue another 10 min cookie on each
request. That only catches people who walk away from their pc (and lazy
bastards!).

On 4 Nov 2003 06:41:46 -0800, gfraley5@earthlink.net (gf) wrote:

>Martin Lucas-Smith <mvl22@cam.ac.uk> wrote in message news:<Pine.SOL.4.44.0311041140220.2071-100000@red.csi.cam.ac.uk>...

>I know I can alter the cookie expire time and that is an option.
>However, I don't want it expiring while they are in the middle of
>something, so I avoid that. What I want is a way to automatically
>schedule an offline job that will expire the cookie, log off the
>browser, do whatever is necessary so that at 21:00 hours, as an
>example, ALL sessions are timed out.

In your scripts, check if the time is between, say 08:00 and 21:00. If
so, allow the script to continue as normal, otherwise display an
appropriate message and run your logoff function.

If the user has closed their browser or does not refresh the page, you
can't remove the cookie.

Controlling users' login status will be flimsy at best as they're not
actually logged into anything. You only know if the user is "still
there" when they request a new page from the server. They could have
closed their browser, switched off their machine and gone home for the
night and you'll never know about it.

I think the best you can do is the time check above, and setting the
cookie to expire ten minutes ahead. As long as the user is active, the
cookie will keep getting reset. After ten minutes of inactivity the
user will need to log in again. Many sites work like this. And after
9pm the system can't be used anyway.

--
David ( @priz.co.uk )
The Internet Prisoner Database: http://www.priz.co.uk/ipdb/
The Tarbrax Chronicle: http://www.tarbraxchronicle.com/