Re: [Phplib-users] Registration Question
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Registration Question
|
From: Joe S. <jo...@be...> - 2002-10-25 13:36:29
|
On Thu, Oct 24, 2002 at 10:42:14PM -0400, Rob Hutton wrote:
> It looks to me with the default setup that is you are using login_if to
> register and the person types an existing login name and password, then it
> will silently authenticate them. This is not a good thing when the purpose
> of auth is protection.
Under your scenario couldn't they just enter the valid info on the login
form?
> Is there any way to force the person to enter something unique when
> registering besides moding auth_doregister above auth_validatelogin? I was
> thinking maybe setting a hidden form variable and checking for its existence
> in auth_validatelogin and returning false if it existed.
>
You can validate however you want in do_register. If you don't want to
log them in immediately after registering - don't.
In Kristian's example do_register:
## If user is present and password matches, silently log
## the user in.
if ($this->db->f("password") == $pass1) {
$this->auth["perm"] = $this->db->f("perms");
return $this->db->f("user_id");
}
Joe
> Thoughts, comments. I am trying to do something for the examples so I want
> it to be the way it was meant to work...
>
> Rob Hutton
> Web Safe
> www.wsafe.com
|
