Re: [Phplib-users] Registration Question
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Registration Question
|
From: Giancarlo <gia...@na...> - 2002-10-25 19:06:27
|
Il 17:04, venerd=EC 25 ottobre 2002, Rob Hutton ha scritto:
> I'm trying to protect from someone going to the registration form and
> trying names and logins until they get one. The login for only allows =
five
> tries before the account is locked.=20
But if you used a session counter....and increase it each time you enter=20
validatelogin...
> The registration form, however does
> not have this restriction as it is not designed to log someone in. But
Instead of blocking the form, block the function, as I said above
> with the current layout of auth (without a real control structure) ther=
e is
> no way to prevent auth_validatelogin from excecuting unless I put in a
> hidden field and test for it. Which is very ugly in my mind...
..........
# we have a authcommand
if array_key_exists($this->urlaction, $_GET) {
switch ((sring) $_GET[$this->urlaction]) {
case 'reg':
auth_handleregister();
case 'log':
auth_handlelogin();
case 'logout':
auth_handlelogout();
}
}
..........
What I want to say is that a start function shoukd never be extended. So =
if=20
someone wants to adapt phplib auth features to, let's say, accept xmlrpc =
data=20
for 'remote logins' he has no choiche but rewrite start, if the nature a=
nd v=20
of the input fields get tested in there.
start is ready to accept an default action, you know, as start(action=3D=
'log')
so the kind of input provided, and its vaue, could be tested well before=20
(page.inc) instead of after (validatelogin/doregister).
But I wouldn't tie start to a particular HTTP_.._VARS, so people will nev=
er=20
need to extend it.
To me, being this well related to 'what kind of page we are dealing with'=
(if=20
are them pages! they could well be XML data posted/returned one day) I,'d=
=20
manage thet action log/reg in page inc, and call=20
auth->start(log/reg/whatever) from page inc.
Againg I didn't go so far for backward compatibility, because as it is no=
w it=20
can still be dropped in place in most phplib (almost_standard) implementa=
tions
Gian=20
|
