[Phplib-users] Re: Default Auth? 7.2d
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] Re: Default Auth? 7.2d
|
From: Christian R. <ro...@in...> - 2002-02-16 02:57:56
|
Hello Jacob, Fred and All!
> > So basically, if a user who is authenticated as "nobody" attempts to
> > access a protected page (which contains the following after
> > page_open)
> > =20
> > $auth->login_if($auth->auth["uid"] =3D=3D "nobody");
> >=20
> > ...authentication is destroyed and the user must login in order to do
> > *anything*.
I have the same problem here.
> If you set it up right, clicking the "Cancel" button on the login form
> will get you out of the modal login state and back to some accessible
> page. =20
My 7.2d didn't come with a login form with a "Cancel" button!
Unless I missed something?
> The login form/page acts much like a modal dialog box -- the
> visitor should exit it via one of the form's submit buttons.
Why should it? I think it's perfectly normal for someone to access a
protected page and then hit "Home" link of the menu! From a user point of
view, having to hit "cancel" on the login form to access the non-protected
pages is not natural.
> As you say, while in that login state with phplib, all pages using
> authentication (i.e., those that specify an "auth" class in the
> page_open call) will demand a login. =20
There must be something we can do to change that!
> But why do you want to allow the visitor to access
> other pages while in the midst of login? If there is some "help" page
> that explains the login policy, perhaps you can avoid using an auth
> class at all with that page.
Here's why...
The home page will show different things depending if the user is logged
in or not. For example, when the user is logged in, the menu of every
pages (including the home page which is public) show the "Register" link
when you are not logged in. When you ARE logged in the "Register" link is
not there but it shows "Logged in as 'user123'."
So, the home page (and all public pages) must be able to determine if the
user is logged in. One natural way (as per documentation) is to use
Default Auth. Incomming users will be logged in as "nobody" until they
login! When the user hit a protected page and decide to go back to the
home page, he should still be logged in as "nobody"! He should not be
presented with a login form on the home page, ever!
Possible solutions I am thinking to investigate :
1) Hack PHPLIB and fix it!
2) Use $sess on all pages to help track if you are logged in or not!
3) change the '$auth->login_if($auth->auth["uid"] =3D=3D "nobody");'
by 'if($auth->auth["uid"] =3D=3D "nobody") {
include"loginform.php";
page_close(); exit;
}' on all pages which are protected. The form will be displayed
without having PHPLIB screw the "nobody" authentication.
I haven't tried any of those yet. I will probably try #1 and submit by
changes here.
Good luck!
--=20
Christian Roy <cr...@in...>
Station InfiniWeb inc.
http://www.infiniweb.ca
/* H=E9bergement Web - Programmation Web - Sites Web - Nom de domaine */
/* Web Hosting - Web Programming - Instant Websites - Domain name */
|
