Re: [phplib] login page help From: Giancarlo Pinerolo (giancarlo <email protected>)
Date: 07/13/01

If you have auth, as soon as it is included (on the top),
logiform.html will pop out if you are not logged on.
You don't need it i the calling page (the index) but you *need* it in
the page that wants to check. (But in the end you'll find it useful
everywhere, because you may want to show a different 'index' page if
he's already logged on)

As, in the 'checking page', you don't want the 'login form to pop out,
because you already have provided the form somewhere alse, but still
you need auth to do the checking, you need default authentication
here.

The method to check for a provided pairs of variables that *have* to
be named 'username' and 'password' is auth_validatelogin.

The method I used (the code I gave is too related to my setup, I know
it doesn't work), is to save, in the 'index' page, a 'session'
variable that says 'this guy wants to log in (call it 'enter' or
'dologin' or whatever).
You don't want to use a plain variable because people can twickle it.

The checking page checks: if you are the special user 'nobody', and
the session variable 'dologin' is set, it calls auth->validatelogin,
and sees if it return true.
if it returns true, at this moment your auth and user and perm stuff
has to be initialized, so it calls auth->login_if("anything"), which
is a wrapper for start() in auth.
checking page hat to unset and maybe unregister the session
temporarily value 'dologin', so the next time it comes in it knows you
don't want to do all af this again
Last, it calls himself back via a 'header: location $PHP_SELF

Giancarlo

Jesse Swensen wrote:
>
> Hacking is good when you don't have the functionality in the class. In fact
> it is a necessity. But when the functionality is already there, it seems to
> me, just lazy.
>
> Sorry for sounding sort, but these half days are killing me. The hardest
> part is figuring out which 12 hours to work... :-)
> --
> Jesse Swensen
> swensenj <email protected>
>
> > From: "Ignatius Teo" <iteo <email protected>>
> > Organization: Southern Cross University
> > Date: Fri, 13 Jul 2001 09:41:48 +1000
> > To: "Cresta Johnson" <cjohnson <email protected>>, "Jesse Swensen"
> > <swensenj <email protected>>, <phplib <email protected>>
> > Subject: Re: [phplib] login page help
> >
> > Jesse, I'll readily admit that what I suggested is a hack, but it does what
> > I want (due to various constraints). ;-(
> >
> > Cresta, because your index page is "not protected", I assume you are not
> > calling page_open? This would be the likely reason the auth credentials
> > aren't being propagated to the index page and subsequent pages from hence.
> >
> > As Giancarlo mentioned, you probably should use default_auth instead.
> >
> > Ignatius
> >
> > ----- Original Message -----
> > From: "Cresta Johnson" <cjohnson <email protected>>
> > To: "Jesse Swensen" <swensenj <email protected>>; <phplib <email protected>>
> > Sent: Tuesday, June 12, 2001 11:39 PM
> > Subject: Re: [phplib] login page help
> >
> >
> >> Sorry, this may be a really lame question (I'm kind of a newbie with OO
> >> classes). When I look at the auth class (where the auth_preauth function
> > is
> >> defined, it doesn't seem to do anything other than return false - which
> >> would invoke the login form, right?). Do I need to define my own
> >> auth_preauth function in a sub class?
> >>
> >> I'm worried that I'm being to confusing about what I want to accomplish. I
> >> am able to use phplib authentication just fine to protect the pages that I
> >> want to protect. When trying to access a protected page, the login page is
> >> invoked and then (if authenticated) the protected page is displayed. But I
> >> was hoping to also add a little login box to my index page (which is NOT
> >> protected & I don't want the login page to be called) which would allow
> > the
> >> user (if they wanted to - not a requirement) to login directly from the
> >> index page & redirect him to the protected area. What I can't seem to do
> > is
> >> save the login, password info that they type in at the index page without
> >> requiring them to login.
> >>
> >> Again, I'm really sorry - I might not be understanding phplib completely.
> >> But I've been working on this for two weeks and my deadline is looming!
> >>
> >> Thanks for your help!
> >>
> >> ----- Original Message -----
> >> From: "Jesse Swensen" <swensenj <email protected>>
> >> To: "Cresta Johnson" <cjohnson <email protected>>; <phplib <email protected>>
> >> Sent: Thursday, July 12, 2001 6:33 AM
> >> Subject: Re: [phplib] login page help
> >>
> >>
> >>> This functionality is already built into PHPLib. Use the auth_preauth
> >>> method in your subclass of Auth. Auth_preauth always gets called first
> >> and
> >>> returns either a uid, in which your user is authorized and your
> >> application
> >>> goes on it's merry way. Or it returns false, in which the regular
> >>> authorization takes place, by bringing up you login page, etc...
> >>>
> >>> So, you can do anything it the auth_preauth method to authorize the
> > user.
> >>> Maybe you have a user id/password on your index page and auth_preauth
> >> check
> >>> for the existence of those variables and uses them to do the
> >> authorization.
> >>> If they don't exist returns false.
> >>> --
> >>> Jesse Swensen
> >>> swensenj <email protected>
> >>>
> >>>> From: "Cresta Johnson" <cjohnson <email protected>>
> >>>> Organization: Dzign Studio
> >>>> Reply-To: "Cresta Johnson" <cjohnson <email protected>>
> >>>> Date: Wed, 11 Jul 2001 16:48:33 -0600
> >>>> To: <phplib <email protected>>
> >>>> Subject: [phplib] login page help
> >>>>
> >>>> Hi All!
> >>>>
> >>>> I was wondering if it was possible to have a login page that wasn't
> >>>> protected by the phplib auth/perm functions? What I want to do is have
> > a
> >>>> "quick" login button on the index page of my site (which wouldn't be
> >>>> protected) and after verifying the login information would redirect
> > the
> >> user
> >>>> to another page that is protected by the phplib auth/perm functions.
> >> What
> >>>> I've tried to do so far is to send the user & password (via html
> >>>> form)directly to the page (that's protected) & I've also tried to send
> >> the
> >>>> information to another php script that processes the information &
> > then
> >>>> redirects to the protected page. Either way, I am still having the
> >>>> login.ihtml page invoked. Is there anyone that's done this before and
> >> has a
> >>>> code sample that I can look at?
> >>>>
> >>>> Thanks so much!
> >>>>
> >>>> Cresta
> >>>>
> >>>>
> >>>> --
> >>>> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> >>>> Kommandoliste mit Mail an: phplib-help <email protected>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> >>> Kommandoliste mit Mail an: phplib-help <email protected>
> >>>
> >>
> >>
> >> --
> >> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> >> Kommandoliste mit Mail an: phplib-help <email protected>
> >>
> >
>
> --
> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> Kommandoliste mit Mail an: phplib-help <email protected> 

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>