[Phplib-users] Switching User Contexts
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] Switching User Contexts
|
From: T. R. <Te...@Te...> - 2003-11-06 15:56:33
|
I could use a little guidance from the list tracking a bug in my application. My site has a set of publicly viewable pages, and a several pages that require additional privileges. All pages reference a subclass of auth called "myAuth" which enables "nobody" and permits browsing of the publicly viewable pages. When they enter their username and password, they are posting to a secured page called /userHome.php. /userHome.php sees the existing session and recognizes that the user is "authenticated" as nobody, but fails the next step of login_if($auth->auth['uid']=='nobody') which redirects them to a login page! The net effect is that the users thinks the first login attempted failed and the second attempt behaves normally. Clearly, what I'm trying to accomplish and what I've written are widely divergent! So, what's the "proper" way to allow the users to switch between "nobody" and a real, authenticated user? - Should I use two subclasses of auth - one that enables nobody and another that doesn't? - Should I attempt to detect the logon by looking at HTTP_POST_VARS for the username and password and then trying to $sess->delete() and $auth->unauth() to "force" the start method to execute auth_validatelogin(). Thanks in advance for your assistance! terry |
