[Phplib-users] new method start for auth
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] new method start for auth
|
From: Giancarlo P. <gia...@na...> - 2002-05-28 12:52:07
|
I was reflecting on the rationale behind this intermediate state, whenever a login or register form is showed out, The auth object is initialized with the $auth->auth[uid]='form' This is done in method start of auth class. Then, only if this value is set to 'form', the $auth->mode value (reg/log) is tested, and a registration or a login is attempted with the data supplied. This too is done within the start method of class auth. All this is not taken into account if you provide your own auth_preauth function. I don't know why this intermediate state has been coded, I suppose there can be some safety gains, and maybe you can point me to some. One I can think of is that you block 'post-and-register' submissions (in fact is getsession-post-and-register), because that value has to be set to form. What other can be the end of having that intermediate state? Is the end to forces you to have got a form before sobmitting it? But this causes a whole lot of problems, among which: -you cannot simply show a login or register form anywhere, 'cause it's input won't be taken in consideration, not being auth[uid]=='form' -once a for is showed yu are stuck and need the cancel_login button to get clean The auth->mode log/reg issue is very incumbrent too, at least being it handled from inside auth. You are stuck with the same policy all over the site, log or reg mode I'd prefer it to be decided by me, when I need to put out a form. Cnaging this behavior means we have to dig into method $auth->start, see how to twickle the 'mode' value has arrived down to there : quite complicated at the moment The patched auth.inc and page.inc that I posted on sourceforge try to simplify this. Can anyone give them a try? Giancarlo Pinerolo |
