Re: [Phplib-users] New phpauth code
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] New phpauth code
|
From: Giancarlo P. <gia...@na...> - 2002-05-07 21:57:06
|
> That's a screwup on my part. Should read "auth object doesn't > exist...." > > > I have not thoroughly inspected your code, but what I have seen indicates > > that you have dismissed many of the design decisions followed in the PHPLib > > classes. Why? > > I've dismissed very little. The biggest problem that I had with > phplib's auth class was that the existence of an auth object didn't mean > the user was authenticated. Indeed, even the "is_authenticated" > function didn't work properly, as it would return "form" if the user was > in the process of logging in. Checking for authentication meant going > through the convoluted steps of checking for an auth object, seeing if > is_authenticated returned anything, and if so making sure it wasn't > "form". Now, it's a simple check for the existence of an auth object in > the $_SESSION global. An he wsn't 'nobody'! > > Additionally, the separate perm object didn't make sense to me. Nor did > the inclusion of various files (headers, etc.) which sometimes resulted > in confusion of scope (header might be included in global scope, or from > within the auth object if logging in or registering). > ...... > new code. These problems involve the fundamental architecture of the > auth class that they present, working on it doesn't make sense. I came to this same conclusion about the intrinsic obsolescence of auth and perm. I was also trying to incorporate them with 'user', and have a single object, and keep them clean from the phisical way of interaction with the client. So have the 'form' state eventually handled outside this that I called the BigUser object, by the page funcions. I have no time now to check phpauth, I'll see it as soon as I am back to php for any project. But am courious about what users think of Giancarlo |
