Re: [phplib] Transparent authentication (revised slightly) From: Douglas Forrest (dougforrest <email protected>)
Date: 12/12/00

This is somewaht tricky.

PHLIB sessions do not persist once the browser session in which the page has
been opened has been closed.

User variables can persist but require that you log-in as the user in a new
session for the retained variables to come into play.

One answer is to use PHPLIB default authentication so that all users can
access the opening page without having to log-in, in combination with a
cookie which can identify an already authenticated user to the page.

Default authentication is turned on by setting var nobody = true in your
auth class in login.inc.

The cookie is set with "SetCookie" right after you open the page which is
reached after log-in but before any html is output from your program. For
example:

    <?php page_open(array("sess" => "Your_Session",
                      "auth" => "Your_Auth");
    $expiredate = mktime(0,0,0,1,1,2004); // date way in the future
    SetCookie("YourCookie", $user_identification_data,
$expiredate,"/",your.domain.com);?>

At this point you can also register your user identification (generally
something other than your auth_user user_id), if you so
desire:

    $sess->register('user_identification_data').

Then, back on the opening screen, you can check if the cookie is set, and
act accordingly:

    if (isset($YourCookie)) {
         $user_identification_data = $MyOzCookie;
          // recognized user stuff
    } else {
        $user_identification_data = '';
        // new user stuff
    }
    $sess->register("user_identification_data");

Two additional points:

1. You may need a mechanism to log users out and unset the cookie. If you
unset an existing cookie, remember that the existing cookie value will have
already been sent to you BEFORE you unset it so be careful when/how you test
for its value.

2. Unless you are creating users in some other way, you may need to create
a registration form using PHPLIB's "reg" mode.

----- Original Message -----
From: Paul Smith <paul <email protected>>
To: <phplib <email protected>>
Sent: Tuesday, December 12, 2000 4:18 PM
Subject: [phplib] Transparent authentication

> I wouldn't ask this but the PHPLib docs are a bit confusing on this point,
> so here goes...
>
> My goal is thus: I want all users to my site to be authenticated
> automatically, without having the login screen appear by default, with
some
> default account if they are new, or with their own account if they have
> already registered in the past. New users will then have the opportunity
to
> set up a "real" account.
>
> Any thoughts?
>
> Paul
> ---
> Paul Smith | InfoTech Designer
> Center for Neighborhood Technology
> www.cnt.org <http://www.cnt.org> | paul <email protected> <mailto:paul <email protected>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>