Re: [PHPLIB] Auth Class From: Massimiliano Masserelli (negro <email protected>)
Date: 01/18/00

On Tue, Jan 18, 2000 at 04:11:29AM -0800, Vibol Hou wrote:

> There seems to be a major discrepancy between the Auth classes in version
> 7.0 and 7.2 (of course code has been cleaned/redone). However, The redone
> 7.2 code has a problem with an infinite loop when "var nobody = true;" and
> one calls "$auth->login_if($login)" and $login is true.. It will call the
> start() function per login_if(), but after the user tries to authenticate,
> it will loop back to the same login page stating that the username/pass is
> invalid (does this with the included example and my own login page).
> Version 7.0 works fine. After looking and comparing the code, I have come
> to the conclusion that the subselects in v7.2 are broken when it comes to
> verifying users via login_if(). Has anyone looked into this already? (I've
> just subscribed to this list).

Well, the login_if method sets $auth->nobody to false when forcing
login. The auth["uid"] should be set to "form" by the start, and on the
next page the authentication should take place.

Please, take care to force login with a condition like

  $auth->auth["uid"] == "nobody"

or you will force login over and over again even on succesfully
authentication. Yes, force_login does FORCE login. 8-)

Bye. 

--
     Massimiliano Masserelli       |     URL:    http://www.interim.it/
     Internet Images S.r.l.        |     Tel:    +39-051-3390671
     vicolo Viazzolo, 3            |     Fax:    +39-051-557890
     40124 - Bologna - Italy       |
-------------------------------------------------------------------------------
Neo-proverbio:

Rosso di sera
e` scoppiata la polveriera.
                -- Stefano Benni, Ballate
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.