Re: [Phplib-users] again auth.inc
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] again auth.inc
|
From: Giancarlo P. <gia...@na...> - 2002-06-10 09:54:53
|
>
> If you need the intermediate state, even in the same auth[uid] place, I
> can add it to page_open.
Well, we'd go into the same insanity. The mistake was to use an
$auth->auth[] field to hold the login_in_progress state. Which needed to
have an auth object first! If we'd used an e.g. $sess->login_in_progress
state field, we'd been much better, with the same result: be assured
that a form has been shown somehow.
Anyway you must understand that the intermediate 'login_in_progress'
('form') state, if set anywhere into $auth->auth[], will block all
other pages, and makes sense only whe you want to have an unique, global
policy. It is not compatible with the 'case_by_case' policy, php-nuke
style.
If you prefer the case_by_case policy and *still* like to have the extra
check of a login_in_progress state flag, you cannot put it in the auth
object, but rather put it in the sess object. That makes no difference
on the security,
G
> When it shows the form it will set that, upon considering the input
> fields it will check that.
But then I'd have to reintroduce the cancel_login stuff. If I use a
$sess->login_in_progress field, other pages can still have $auth, but
nevertheless $sess-<login_in_progress it can be checked before
considering $username input fields.
Gian
|
