PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

phpwiki - The Wiki for PHP Developers
Sending Mail With PHP3
Faking It - Simulated Database Queries
Creating an Online Survey - Part 1
Creating an Online Survey - Part 2

Re: [phplib] login page help SIMPLE! From: giancarlo pinerolo (giancarlo <email protected>)
Date: 07/13/01

Next message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Previous message: Jesse Swensen: "Re: [phplib] login page help SIMPLE!"
In reply to: Jesse Swensen: "Re: [phplib] login page help SIMPLE!"
Next in thread: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Reply: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In fact preauth bypasses all permission check, unless you set ther
$auth->auth[perm] value in it.
You cannot rely on things like

$perms->check("user") or $perms->check("admin")

after it, if you don't set that.

Deafult authhentication

This is a great feature, not a fake authentication as it may sound.

If, at any point, you want to check (only check, not force him to login)
if the actual visitor is logged in or not, and conditionally show him
some personalized component or not, you can do it only with default
authentication.

I dunno way the didn't make it the default.

Giancarlo

Jesse Swensen wrote:
>
> >From the documentation:
>
> auth_preauth()
>
> This function can [should] be overridden in a subclass to Auth. It is being
> called as the very first step in the authentication process and has the
> opportunity to authenticate the user without a loginform being displayed (by
> deriving all necessary information telepathically, or by using cookies, or
> divining the user identities from the incestines of a dead squirrel).
>
> ******************* THIS IS THE KEY STATEMENT *******************
> If it returns a UID value, the user is authenticated and neither
> auth_loginform() nor auth_validatelogin() are called.
>
> If it returns false, all goes on as usual.
> ***********************************************************************
>
> So, try this:
>
> in your auth subclass create auth_preauth method like (this is only an
> outline and not actual code):
>
> class Example_Auth {
> :
> :
> :
> function auth_preauth () {
> if(($username) && ($password)) {
> # do something here to validate the pair.
> # The result of your validation will be a UID.
> if(valid) return $uid;
> else return false;
> }
> return false;
> }
> }
>
> Now use the index page as follows:
>
> <FORM action="welcome.php" method=post>
> Login
> <INPUT name=username size=10 value="">
> Password
> <INPUT name=password type=password size=10 value="">
> <INPUT type=submit value="login"><BR>
> </FORM>
>
> when this pages gets posted it calls welcome.php
>
> <?
> page_open(array( "sess" => "Example_Session",
> "auth" => "Example_Auth",
> "perm" => "Example_Perm",
> "user" => "Example_User"
> )
> );
> ?>
> WELCOME USER
> <?
> page_close();
> ?>
>
> This is what will happen:
> 1) If the username and password validation return false (this comes
> from auth_preauth), the normal login page will be displayed.
> 2) If auth_preauth returns a uid, then the user will just see the
> welcome.
>
> preauth takes care of all of this for you (well your function in the
> subclass). No default user, no mess, no fuss. It just works, try it.
>
> --
> Jesse Swensen
> swensenj <email protected>
>
> > From: giancarlo pinerolo <giancarlo <email protected>>
> > Organization: navigare.net
> > Date: Fri, 13 Jul 2001 14:35:36 +0200
> > To: Cresta Johnson <cjohnson <email protected>>, Jesse Swensen
> > <swensenj <email protected>>, phplib <email protected>
> > Subject: Re: [phplib] login page help SIMPLE!
> >
> > I dunno wht I've made all this mess around
> > it's far more simple than I wrote
> >
> > index.page:
> > <?
> > page_open(array("sess" => "Example_Session",
> > "auth" => "Example_Default_Auth", // facultative
> > "perm" => "Example_Perm", "user" => "Example_User"));
> > ?>
> > <FORM action="welcome.php" method=post>
> > Login
> > <INPUT name=username size=10 value="">
> > Password
> > <INPUT name=password type=password size=10 value="">
> > <INPUT type=submit value="login"><BR>
> > </FORM>
> > <?
> > page_close();
> > ?>
> >
> > welcome page
> >
> > <?
> > page_open(array("sess" => "Example_Session",
> > "auth" => "Example_Default_Auth", // you need this
> > "perm" => "Example_Perm", "user" => "Example_User"));
> >
> > if (!$auth->auth["uid"]=$auth->auth_validatelogin())
> > {
> > $auth->login_if("doit");
> > }
> > ?>
> > WELCOME USER
> > <?
> > page_close();
> > ?>
>
> --
> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> Kommandoliste mit Mail an: phplib-help <email protected>

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>

Next message: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Previous message: Jesse Swensen: "Re: [phplib] login page help SIMPLE!"
In reply to: Jesse Swensen: "Re: [phplib] login page help SIMPLE!"
Next in thread: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Reply: giancarlo pinerolo: "Re: [phplib] login page help SIMPLE!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]