HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Philip Strnad (philip <email protected>)
Date: 08/22/00

• Next message: andRie Isharyono: "[phplib] Re: [PHP-INST] Apache not starting with PHP4 ..."
• Previous message: Mikhail Avrekh: "Re: [phplib] destroy session"
• In reply to: Marc Rossi: "[phplib] possible page.inc change"
• Next in thread: marcr <email protected>: "RE: [phplib] possible page.inc change"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marc, are you using $auth->login_if()? If not, you probably should be.
I had a similar problem about a year ago. What it comes down to is that
a new auth cannot be created if you already have one. To force a login
you should use $auth->login_if($var) at the top of your script, as close
as possible to your page_open() call. For more info you can search for
something like "upgrading auth" in the archives, which should return my
post about this from a while ago.

Philip

Marc Rossi wrote:
>
> Hello All. I allow "nobody" auth at my site for most but not all pages.
> The problem I run into is when a user who has been browsing my site
> with a "nobody" auth hits a page that does not allow "nobody", they
> are still granted access without being prompted for a valid user/pass
> combo. I found that the page_open() call does not create a new auth
> if you already have one (even if the page being opened is requires a
> different auth class). I was able to work around it with the following
> change to the page_open() function in page.inc. The code does make some
> assumptions (about the uids "nobody" & "form") but seems to work for me.
> I am interested in any thoughts, comments, or suggestions others might
> have for me. Thanks, Marc.
>
> *** /tmp/LATEST Tue Aug 22 14:36:42 2000
> --- page.inc Tue Aug 22 14:30:06 2000
> ***************
> *** 21,28 ****
> # the auth feature depends on sess
> if (isset($feature["auth"])) {
> global $auth;
> !
> ! if (!isset($auth)) {
> $auth = new $feature["auth"];
> }
> $auth->start();
> --- 21,28 ----
> # the auth feature depends on sess
> if (isset($feature["auth"])) {
> global $auth;
> !
> ! if (!isset($auth) || ($auth->classname != $feature["auth"] && ($auth->auth["uid"] == "nobody" || $auth->auth["uid"] == "form"))) {
> $auth = new $feature["auth"];
> }
> $auth->start();
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

• Next message: andRie Isharyono: "[phplib] Re: [PHP-INST] Apache not starting with PHP4 ..."
• Previous message: Mikhail Avrekh: "Re: [phplib] destroy session"
• In reply to: Marc Rossi: "[phplib] possible page.inc change"
• Next in thread: marcr <email protected>: "RE: [phplib] possible page.inc change"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]