HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Florent Berenger (fberenger <email protected>)
Date: 06/27/00

• Next message: ªL§Ó®p
• Previous message: Bryan McGuire: "[phplib] mySQL error: Too many open connections"
• In reply to: Marc Rossi: "[phplib] page.inc/auth.inc interaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> A user is visiting a page with auth "nobody" and clicks on a login button.
> This reinvokes the current page with the "login" var set. This "login"
var
> causes $auth->login_if() to be executed which destroys the current auth,
> sets $auth->nobody to false, and starts the authentication process all
> over with a call to $auth->start(). While at the login page the user
> jumps to another site (perhaps by typing in a new URL). When the user
> eventually returns to the site (to a page that allows "nobody") they
> are prompted with the login screen instead of being allowed default
> access. This is where I want the user to be allowed access as the user
> "nobody" instead of being prompted with an unexpected login screen.
>
> The things I know (or think I know):
> - This happens because the session cookie in the user's points to a
session
> containing the auth created when at the previous login screen.
> - I could put a "cancel login" button on the login page that would do the
> trick.
> - Maybe I'm being a bit picky here.
>
> Is there a way around this without hacking the page.inc/auth.inc
interaction?
>

Hello,

I had the same problem because I put all the authentication's forms in a
popup window.
I have overwritten the 'login_if' function in a extended Auth_Class.
It prevents from unauth() and permit to relogin.

!!! this is a '1 week aged' code. I'm not sure about it. but it seems to
work.

Florent

function login_if( $t ) {
if ( $t ) {
    switch ($this->mode) {
          case "yes":
          case "log":
            if ( $uid = $this->auth_validatelogin() ) {
              $this->auth["uid"] = $uid;
              $this->auth["exp"] = time() + (60 * $this->lifetime);
              $this->auth["refresh"] = time() + (60 * $this->refresh);
              return true;
            } else {
              $this->auth_loginform();
              $this->auth["uid"] = "form";
              $this->auth["exp"] = 0x7fffffff;
              $this->auth["refresh"] = 0x7fffffff;
              $sess->freeze();
              exit;
            }
            break;
          case "reg":
            if ($uid = $this->auth_doregister()) {
              $this->auth["uid"] = $uid;
              $this->auth["exp"] = time() + (60 * $this->lifetime);
              $this->auth["refresh"] = time() + (60 * $this->refresh);
    return true;
            } else {
              $this->auth_registerform();
              $this->auth["uid"] = "form";
              $this->auth["exp"] = 0x7fffffff;
              $this->auth["refresh"] = 0x7fffffff;
              $sess->freeze();
              exit;
            }
         }
    }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

• Next message: ªL§Ó®p
• Previous message: Bryan McGuire: "[phplib] mySQL error: Too many open connections"
• In reply to: Marc Rossi: "[phplib] page.inc/auth.inc interaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]