 |
 |
 |
 |
|
|
Date: 08/10/00
- Next message: Jens Peter Moeller: "Re: [phplib] more than 31 permissions ?"
- Previous message: nrosenb2 <email protected>: "[phplib] Default auth question ..."
- In reply to: Jesse Swensen: "Re: [phplib] page_open() - weird behavior !!"
- Next in thread: Michael Chaney: "Re: [phplib] page_open() - weird behavior !!"
- Reply: Michael Chaney: "Re: [phplib] page_open() - weird behavior !!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jesse, thanks for your reply.
Yes, I am familiar with the Auth class. The problem is that in my
application, a user's permissions may change depending on what page he is
looking at, i.e. he may have "admin" privileges on one set of pages and
"user" privileges on another. Every page will contain a number of elements
which would be accessible and/or editable for a user with sufficient
permissions for that page and not editable (possibly - unaccessible) for
the same user if he is actually looking at other stuff on the same
page. More precisely, a user's permissions to edit the result of a
sqlquery depend on which *row* in the result he wants to look at, on
the properties of that row...
However, the Session class does not *require* auth to be activated,
afaik. WHat I don't understand is why page_open does something with
$HTTP_POST_VARS when it has to set the Session_id cookie. I mean, once the
cookie is set, everyting works, but why doesn't it work before ??
M.
On Thu, 10 Aug 2000, Jesse Swensen wrote:
> Maybe I am missing something, but I don't understand why you are not doing
> auth in the designed manor. This is what I believe you will need to do.
>
> In local.inc sub class Auth. There is a method you will need to overwrite,
> auth_validatelogin. This method will do the query you are trying to do
> here:
> > $auth = new DB_Sql;
> > $auth->query("select * from table where pwd='$pwd' and id='$id'");
>
> and then based on the result, you return either the user id or FALSE.
>
> Now, you need to modify your page_open call to something like:
> page_open(array("sess"=>"My_Session", "auth"=>"My_Auth"));
>
> Another point to remember is Auth requires a session, so you need to create
> the session first for auth to work. The good news is page_open takes care
> of that for you.
> --
> Jesse Swensen
> swensenj <email protected>
>
> > From: Mikhail Avrekh <ami <email protected>>
> > Date: Mon, 7 Aug 2000 14:20:01 -0700 (PDT)
> > To: phplib <email protected>
> > Subject: [phplib] page_open() - weird behavior !!
> >
> > I already sent out an email about this last week, and I've done some more
> > digging around since then, so I hope that this time I can be more specific
> > about the problem and hopefully someone can help me out with this...
> >
> > Here's the script:
> >
> > <?
> > $count = 0;
> > $auth = new DB_Sql;
> > $auth->query("select * from table where pwd='$pwd' and id='$id'");
> >
> > $count=1;
> > if ($auth->next_record()) {
> > $count=2;
> > page_open(array("sess"=>"My_Session"));
> > $sess->register("id");
> > page_close();
> > print $count;
> > } else {
> > print "Your password is not in the database";
> > exit;
> > }
> >
> > ?>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Jens Peter Moeller: "Re: [phplib] more than 31 permissions ?"
- Previous message: nrosenb2 <email protected>: "[phplib] Default auth question ..."
- In reply to: Jesse Swensen: "Re: [phplib] page_open() - weird behavior !!"
- Next in thread: Michael Chaney: "Re: [phplib] page_open() - weird behavior !!"
- Reply: Michael Chaney: "Re: [phplib] page_open() - weird behavior !!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]