Re: [Phplib-users] Auth working with a twist
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Auth working with a twist
|
From: Giancarlo <gia...@na...> - 2002-10-13 08:06:07
|
Il 02:44, domenica 13 ottobre 2002, hai scritto: > Just to run down again, I have a page with an IFRAME imbedded in it. The > problem that I am seeing is that the content in the IFRAME is actually > being loaded, and then immediately reloaded by the browser. So since I am > using default auth, I see the login page flash, then the protected page > appears, because the first time through the again is stripped off, then the > page is reloaded, and it falls through the login_if. But if you saw the loginform somehow, that means your auth there does not exist anymore. Once $auth->unauth() or auth->logout has bee called (and it is called before splashing the form), how can then you see again a protected page? From that moment, the $auth in your session says you're not authed... So, on any reload, it would be not login_if that decides, but the auth->start in page.inc, that happens before login_if. So the problem I think is that the session is not freezed for some reason. Inside login_if, basically you are unauthed, the session is freezed, and the script exits. So if you could place some echoes just after each of these necessary calls, and see what the $auth->auth[uid] is like, we could have a clue. Or you could try the test defauth.php3 and showoff.php3 pages with your 'features' in page_open, and see what happens (if the counters increase mainly).. That login_if can easily become a mini app, that logins/registers users etc... It is already a bit out_of_place there, inside the auth class. Gian > So, first of all, has anyone seen a browser refresh a frame immediately > when it is loaded before. Is this common behavior? I've never seen it. > Secondly, the regex that removes the "again" looks like it removes > everything after the ?. Till the next '&' or end_of_string I think it is... This isn't a good idea IMHO because you can't pass > variables to the page. Am I reading it wrong? and if not, should it be > made more specific to just remove the "again". I'm not a regex person. > > > Rob Hutton > Web Safe > www.wsafe.com > > ********************************************************************** > > Introducing Symantec Client Security - Integrated Anti-Virus, > Firewall, and Intrusion Detection for the Client. > > Learn more: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > > View our Symantec Client Security Demo: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=3&PID=11624271 > > Download the Symantec Client Security Fact Sheet: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=4&PID=11624271 > > Download the Symantec Client Security Brochure: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=5&PID=11624271 > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
