Re: [PHPLIB] Self registration and Site Design From: Daniel Cunningham (daniel <email protected>)
Date: 10/29/99

I agree that Mr. Masserelli's points are a very important capability,
and would also argue that this arrangement:

   (1) Mixed environment (pages from programmers AND designers)
   (2) Pages w/ mixed protection (basically, the login script page(s),
        and any "user task" pages)
   (3) Not wanting users to re-login again after initial registration

...would be a VERY common site configuration that PHPLIB should
address with capabilities and (hopefully) examples.

Now, here's another important consideration: The users really like
the password and account capability -- BUT -- they also seem to
frequently perform navigation using the "back" button of the browser.
Of course, when they do this, the pre-expiration feature kicks in,
and they just sort of stare at the screen like a deer in the headlights.

They think it's broken, when in fact, it's a security feature.

Is there any way around this?

Also, this actually becomes critical when they are working on
a form, and we give a confirmation/summary of the information
they have enetered in the form, along with an option to "go back
and correct any mistakes". So the pre-expiration, which forces
a reload, wipes out all the information they have just entered.

Is there any way around this?

Should I be cramming all the form information into session
vars? Is that the only way to get around pre-expiration?

-- Daniel Cunningham

At 10:46 AM 10/29/1999 +0200, you wrote:
>On Thu, Oct 28, 1999 at 08:30:28PM +0200, Kristian Koehntopp wrote:
>
> KK> Current CVS has an example for self registration using "reg" mode in
> KK> Auth. Be sure to get the new local.inc file and registerform.ihtml
> KK> from CVS. Then set 'mode = "reg"' in Example_Auth in local.inc.
> KK> If you do not have CVS at home, use the cvsweb on our homepage.
>
>Kris, I was aware of the reg mode of the auth class, but the point is: how
>can you make "reg" mode and "log" mode to cooperate? My approach doesn't
>relay on auth methods and works well for a very mixed environment in which
>public and protected pages are present and registration is completely
>user driven. When the user registered once, he must be able to log in with
>his username and password without going through the process of the
>registration again.
>
>Bye.
>--
> Massimiliano Masserelli | URL: http://www.interim.it/
> Internet Images S.r.l. | Tel: +39-051-3390671
> vicolo Viazzolo, 3 | Fax: +39-051-557890
> 40124 - Bologna - Italy |
>--------------------------------------------------------------------------- 

----
>Experience, n.:
>	Something you don't get until just after you need it.
>		-- Olivier
>-
>PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
>To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
>the body, not the subject, of your message.

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.