RE: [Phplib-users] Mixing Authenticated & unauthenticated Pages
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] Mixing Authenticated & unauthenticated Pages
|
From: T. R. <Te...@Te...> - 2003-08-18 18:58:08
|
Thanks again Nathaniel - I've taken your advice and gotten a little further,
but I'm not quite there yet.
- I decided to "stop the madness" and yanked those embedded page_open/close
calls from my menu code
- I also modified my menu to test is_object($perm) before trying to render
my navigation bar - very good, common sense suggestion!
- I'm already doing an autoprepend to load a prepend script that includes
all the page/sess/local/yada-yada-yada
Perhaps I'm just a complete dolt, but the manual doesn't seem very clear to
me. It makes it seem that you need to create an Auth subclass that and set
$nobody to true. Just flipping the nobody flag to true in my MyCustomAuth
doesn't seem right. When does the class force authentication and when does
it just cruise along as nobody?
The login_if() FORCES a login if you're nobody! So it's perfect if you want
to force users to reauthenticate. In this case, I'm trying to avoid
annoying requests to reauthenticate. If you've logged on once, and then
decided to click a "no-permissions-required" script, I don't want the $auth
object stomped by a $nobody=true version which will forced the user to
reauthenticate when he returns to a secured page. (did that make sense?)
I guess what I really want to do is allow a user to have TWO instances of an
Auth class - a "normal" version that requires login and a "nobody" auth
class to browse unsecured pages. It seems rather strange, but from my
confused point of view - it seems to make sense. ...probably just
succumbing to the madness again....
-----Original Message-----
From: Nathaniel Price [mailto:np...@te...]
Sent: Monday, August 18, 2003 1:14 PM
To: T. Riedel; php...@li...
Subject: Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages
<<<snip>>>
Uh... Don't do it? Especially not multiple times for the same page as it
seems you're doing from the description of the above (once in the included
menu and once on the actual page). That way lies madness. You should be able
to add default auth functionality to your existing customAuth class by
setting the class variable $nobody to true in local.inc. Then on any page
you don't want to allow the 'default' authentication to take effect, use
$auth->login_if($auth->auth['uid'] == 'nobody') right after the page_open()
to force a login (the easy way) or use $perm->check("user") (or whatever
your desired permission setting is) and then modify your perminvalid.ihtml
file to always include a relogin link for any user with the UID of "nobody"
(probably more accesible as it allows one to remain "authenticated" as
nobody). See the documentation on default auth for more details:
<http://www.sanisoft.com/phplib/manual/authAddedInfo.php>
I'd say what you should do is use $perm->has_perm() on the included menu
script to detect the permission settings of the user, but leave it up to
each individual page to do the page_open() and page_close() calls (you can
also use the auto_prepend_file and auto_append_file settings in php.ini, or
inside the apache configuration, to do this for you if you use PHPlib
consistantly throughout your site). If you use your menu on pages that don't
use PHPlib (or at least those that don't instanciate $perm) as well, first
detect whether or not $perm is an object (using is_object()), then act
accordingly.
Hope that helps. If I've completely missed the mark, let me know.
Full disclosure: I haven't used default auth much, so I don't know all the
ins-and-outs. So, to anyone on the list, If I'm wrong about something,
please let me know.
_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>
|
