Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages
|
From: Nathaniel P. <np...@te...> - 2003-08-18 17:14:00
|
----- Original Message -----
From: "T. Riedel" <Te...@Te...>
To: <php...@li...>
Sent: Monday, August 18, 2003 8:07 AM
Subject: [Phplib-users] Mixing Authenticated & unauthenticated Pages
> I include() a menu in the left hand gutter of every page. If you're
logged
> on with user permissions, you get one menu, admin - you get another. If
you
> haven't logged on at all, you only see a log in form. (pretty basic
stuff)
> Items across the top navigation bar of the page don't require
> authentication. To handle those pages, I created a second subclass of
Auth
> called defaultAuth that sets $nobody to true.
>
> If I open a non-privileged page, like say contacts.php - the left-hand
menu
> disappears. OK - that makes sense, the defaultAuth is active and not my
> customAuth class. In a moment of misguided clarity, I added a page_open()
> in the left navigation that uses my customAuth class. Great! Now I can
see
> the left hand menu when I'm on a page that uses defaultAuth.
>
> Wait just a second boy-genius! - Now users who haven't logged on yet are
> forced to log on when that left nav is executed during the include().
> Ahhh, the law of unintended consequences bites me in the rump again!
>
> Anyone got any tips they'd like to share for mixing authentication modes?
Uh... Don't do it? Especially not multiple times for the same page as it
seems you're doing from the description of the above (once in the included
menu and once on the actual page). That way lies madness. You should be able
to add default auth functionality to your existing customAuth class by
setting the class variable $nobody to true in local.inc. Then on any page
you don't want to allow the 'default' authentication to take effect, use
$auth->login_if($auth->auth['uid'] == 'nobody') right after the page_open()
to force a login (the easy way) or use $perm->check("user") (or whatever
your desired permission setting is) and then modify your perminvalid.ihtml
file to always include a relogin link for any user with the UID of "nobody"
(probably more accesible as it allows one to remain "authenticated" as
nobody). See the documentation on default auth for more details:
<http://www.sanisoft.com/phplib/manual/authAddedInfo.php>
I'd say what you should do is use $perm->has_perm() on the included menu
script to detect the permission settings of the user, but leave it up to
each individual page to do the page_open() and page_close() calls (you can
also use the auto_prepend_file and auto_append_file settings in php.ini, or
inside the apache configuration, to do this for you if you use PHPlib
consistantly throughout your site). If you use your menu on pages that don't
use PHPlib (or at least those that don't instanciate $perm) as well, first
detect whether or not $perm is an object (using is_object()), then act
accordingly.
Hope that helps. If I've completely missed the mark, let me know.
Full disclosure: I haven't used default auth much, so I don't know all the
ins-and-outs. So, to anyone on the list, If I'm wrong about something,
please let me know.
_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>
|
