Re: [phplib] Re: Forcing login using Default Auth From: Bill Peck (bpeck <email protected>)
Date: 10/28/00

If you want to go back to the old method of phplib where you didn't have to
click a cancel button to break the login process make these changes to auth.inc

    # Check current auth state. Should be one of
    # 1) Not logged in (no valid auth info or auth expired)
    # 2) Logged in (valid auth info)
    # 3) Login in progress (if $$cl, revert to state 1)
    if ($this->is_authenticated()) {
      $uid = $this->auth["uid"];
      switch ($uid) {
        case "form":
          # Login in progress
          if ($$cl) {
            # If $$cl is set, delete all auth info
            # and set state to "Not logged in", so eventually
            # default or automatic authentication may take place
            $this->unauth();
            $state = 1;
          } else {
            # Set state to "Login in progress"
+ $this->unauth(); <<<------------Add these two lines and comment
out the $state=3
+ $state = 1; <<<------------
+ #$state = 3; <<<------------
- $state = 3;
        }

Matthew Leingang wrote:

> Turo,
>
> that authentication takes two loads of the page, so there is an
> intermediate stage that you keep getting hung up on if you try to go to
> another page after being presented with a login form. Also remember that
> the Auth instance is registered as a session variable, so if the user goes
> to a page, is presented with a login screen, and decides to go back to a
> page with default authentication, that default auth is never seen Read the
> source code. I did when I had this problem a few weeks ago. :-)
>
> The variable Auth::cancel_login is your friend. Its value is a string
> naming a variable that if set will interrupt the login process. Assuming
> that your Auth::cancel_login = "cancel_login" (default, I think), just
> put a link on your login page like (untested):
>
> <a href="<?php echo $PHP_SELF; ?>?cancel_login=yep">Cancel Login</a>
>
> or even in the login form itself:
>
> <input type=submit name="cancel_login" value="Cancel Login">
>
> The second is good for a user changing his mind or correcting his mistake
> about logging in. The first is good when going to another page, say, a
> form that e-mails the webmaster saying "I forgot my password." Just make
> sure that variable is set to break the authentication cycle.
>
> HTH,
> Matt
>
> ----------------------------------------------------------------
> Matthew Leingang 617/495-2171
> Harvard University leingang <email protected>
> Department of Mathematics "This signature needs no quote."
>
> On Mon, 28 Aug 2000, Turo Dexter wrote:
>
> > Greetings.
> >
> > I have set up default authentication and it is working for the most part,
> > but I am unclear on how to force the login page to be displayed, while
> > allowing users to back out of the login page if they change their minds.
> > Seems that once that login page is visited, none of the pages protected by
> > default auth will work anymore, the login form always displays.
> >
> > --Turo Dexter
> > phplib <email protected>
> >
> >
> >
> > --hahpfolibaealodihhda
> > Content-Type: message/rfc822
> > Content-Disposition: inline; filename="phplib_7749.ezm"
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>