[phplib] possible page.inc change From: Marc Rossi (marcr <email protected>)
Date: 08/22/00

Hello All. I allow "nobody" auth at my site for most but not all pages.
The problem I run into is when a user who has been browsing my site
with a "nobody" auth hits a page that does not allow "nobody", they
are still granted access without being prompted for a valid user/pass
combo. I found that the page_open() call does not create a new auth
if you already have one (even if the page being opened is requires a
different auth class). I was able to work around it with the following
change to the page_open() function in page.inc. The code does make some
assumptions (about the uids "nobody" & "form") but seems to work for me.
I am interested in any thoughts, comments, or suggestions others might
have for me. Thanks, Marc.

*** /tmp/LATEST Tue Aug 22 14:36:42 2000
--- page.inc Tue Aug 22 14:30:06 2000
***************
*** 21,28 ****
      # the auth feature depends on sess
      if (isset($feature["auth"])) {
        global $auth;
!
! if (!isset($auth)) {
          $auth = new $feature["auth"];
        }
        $auth->start();
--- 21,28 ----
      # the auth feature depends on sess
      if (isset($feature["auth"])) {
        global $auth;
!
! if (!isset($auth) || ($auth->classname != $feature["auth"] && ($auth->auth["uid"] == "nobody" || $auth->auth["uid"] == "form"))) {
          $auth = new $feature["auth"];
        }
        $auth->start();

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>