phplib-users — A list for users of phplib to talk / discuss phplib

[Phplib-users] RE: Phplib-users digest, Vol 1 #472 - 1 msg

[T. R. <Te...@Te...>]

I think I've found a solution to my problem - additional testing will bear
out if this will work in the long haul.

The left hand column of my site always display a "login/create account" box
if auth[uid]==nobody.  If you are truly logged in, that area of the screen
instead displays a logout button.  (The logout button, just calls
$sess->unauth() and reverts the user back to 'nobody' privileges).

My login form POSTs to a page called /userHome.php (see snippet below) -
which requires 'user' privileges and is not accessible to 'nobody'.  The
loginif(nobody) was causing users to be prompted for their username and
password twice.  I needed to find a way to tell the auth class that the
login was already in progress.

Listed below is the code that I'm tinkering with now.

--------------------------------------------------------
include("prepend.php");
page_open( array("sess" => "mySession",
                 "auth" => "myAuth",
                 "perm" => "myPerm") );

# Is the user trying to log on?
if( isset($HTTP_POST_VARS['username']) && $HTTP_POST_VARS['username'] &&
    isset($HTTP_POST_VARS['password']) && $HTTP_POST_VARS['password'] &&
    $auth->auth['uid']=="nobody" ) {

  # We tell the auth object that we just got back from calling the
  # the login form and then we freeze the session.
  $auth->auth["uid"] = "form";
  $auth->auth["exp"] = 0x7fffffff;
  $auth->auth["refresh"] = 0x7fffffff;
  $sess->freeze();

  # Call page_open a second time, will cause auth_validatelogin() to fire
  # and authenticate the user.
  page_open( array("sess" => "mySession",
                   "auth" => "myAuth",
                   "perm" => "myPerm") );
}

$perm->check("user");
--------------------------------------------------------

The first call to page_open works just fine - the myAuth class permits
'nobody' and the user is authenticated as such.  I examine the POST to
"intercept" the username/password and then manually try to tell the auth
class that we're in the middle of a login process.  With the uid set to
form, the second call to page_open forces auth_validatelogoin to be fired.

Assuming the user authenticated themselves properly the rest of script works
as expected.  We check for appropriate permissions and render the rest of
the page.

Feedback and comments on my 'hack' are welcome.

Terry


-----Original Message-----
From: php...@li...
[mailto:php...@li...]On Behalf Of
php...@li...
Sent: Thursday, November 06, 2003 11:23 PM
To: php...@li...
Subject: Phplib-users digest, Vol 1 #472 - 1 msg


Send Phplib-users mailing list submissions to
	php...@li...

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/phplib-users
or, via email, send a message with subject or body 'help' to
	php...@li...

You can reach the person managing the list at
	php...@li...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Phplib-users digest..."


Today's Topics:

   1. Switching User Contexts (T. Riedel)

--__--__--

Message: 1
From: "T. Riedel" <Te...@Te...>
To: <php...@li...>
Date: Thu, 6 Nov 2003 10:27:20 -0500
Subject: [Phplib-users] Switching User Contexts

I could use a little guidance from the list tracking a bug in my
application.

My site has a set of publicly viewable pages, and a several pages that
require additional privileges.  All pages reference a subclass of auth
called "myAuth" which enables "nobody" and permits browsing of the publicly
viewable pages.

When they enter their username and password, they are posting to a secured
page called /userHome.php.  /userHome.php sees the existing session and
recognizes that the user is "authenticated" as nobody, but fails the next
step of login_if($auth->auth['uid']=='nobody') which redirects them to a
login page!

The net effect is that the users thinks the first login attempted failed and
the second attempt behaves normally.  Clearly, what I'm trying to accomplish
and what I've written are widely divergent!

So, what's the "proper" way to allow the users to switch between "nobody"
and a real, authenticated user?

- Should I use two subclasses of auth - one that enables nobody and another
that doesn't?
- Should I attempt to detect the logon by looking at HTTP_POST_VARS for the
username and password and then trying to $sess->delete() and $auth->unauth()
to "force" the start method to execute auth_validatelogin().

Thanks in advance for your assistance!

terry




--__--__--

_______________________________________________
Phplib-users mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phplib-users


End of Phplib-users Digest

[Phplib-users] Switching User Contexts

[T. R. <Te...@Te...>]

I could use a little guidance from the list tracking a bug in my
application.

My site has a set of publicly viewable pages, and a several pages that
require additional privileges.  All pages reference a subclass of auth
called "myAuth" which enables "nobody" and permits browsing of the publicly
viewable pages.

When they enter their username and password, they are posting to a secured
page called /userHome.php.  /userHome.php sees the existing session and
recognizes that the user is "authenticated" as nobody, but fails the next
step of login_if($auth->auth['uid']=='nobody') which redirects them to a
login page!

The net effect is that the users thinks the first login attempted failed and
the second attempt behaves normally.  Clearly, what I'm trying to accomplish
and what I've written are widely divergent!

So, what's the "proper" way to allow the users to switch between "nobody"
and a real, authenticated user?

- Should I use two subclasses of auth - one that enables nobody and another
that doesn't?
- Should I attempt to detect the logon by looking at HTTP_POST_VARS for the
username and password and then trying to $sess->delete() and $auth->unauth()
to "force" the start method to execute auth_validatelogin().

Thanks in advance for your assistance!

terry

Re: [Phplib-users] comments in template file

[Sven <Deb...@Ko...>]

Hello

In my old function i can't delete comments inside comments.
For example:
{* comment A {* comment B *} *}

With this function, we can kill all comments:

  /**********************************************************
  * This function strip comments from templates.
  *
  * Returns:
  *
  * @param     $str
  * @access    public
  * @return    string
  */
  function delete_comment($str) {
    $a = 1;
    $b = 0;
    while ($a > $b) {
      $a = strlen($str);
      $str = preg_replace('/(\{\*(?:[^{*]|\{(?!\*)|\*(?!\}))*\*\})/', '', 
$str);
      $b = strlen($str);
    }
    return $str;
  }

-- 
    ciao Sven

Re: [Phplib-users] Two different auth classes in the same web site

[Virilo T. <vi...@su...>]

Thanks you very much!

Yes, i just have replaced the battery this morning.  I've stayed living in
the past!

> This is simple to achieve in 3 steps:
> 1. define your 2 auth extension classes
> 2. make sure the separate classes use separate tables (or otherwise
> prevent a customer from authenticating as admin)
> 3. make sure the page_open() on customer pages sets "auth" =>
> "Customer_Auth" and on admin pages sets "auth" => "Admin_Auth"

I've thought the same, I have already write my "Customer_Auth", but im not
sure if it was a good idea use the same phplib with different tables because
both auth classes will use the same sess class and table.

I have to read 'auth.inc'.


Greetings,

    Virilo Tejedor.  Email: vi...@su...




----- Original Message ----- 
From: "Layne Weathers" <la...@dr...>
To: <php...@li...>
Sent: Thursday, October 23, 2003 9:33 PM
Subject: Re: [Phplib-users] Two different auth classes in the same web site


On Thursday, October 23, 1997, at 12:15  PM, Virilo Tejedor wrote:

Your system clock appears to be 6 years behind.

> I have an auth subclass called 'Customer_Auth' and i need another
> subclass (i.e. Admin_Auth) for admins.
> These classes have differents behaviors: ill never let anybody
> autoregister in Admin_Auth or visit as user 'nobody'.
>
> These classes also will have differents tables in the database.
>
> I havent thought if its better have two phplib copies, or one copy for
> both classes. In the second case, Im not sure if somebody could
> authenticate in customer pages and appears like authenticated because
> both classes uses the same session class (and table).

This is simple to achieve in 3 steps:
1. define your 2 auth extension classes
2. make sure the separate classes use separate tables (or otherwise
prevent a customer from authenticating as admin)
3. make sure the page_open() on customer pages sets "auth" =>
"Customer_Auth" and on admin pages sets "auth" => "Admin_Auth"

Layne


-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Phplib-users mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phplib-users

Re: [Phplib-users] Two different auth classes in the same web site

[Layne W. <la...@dr...>]

On Thursday, October 23, 1997, at 12:15  PM, Virilo Tejedor wrote:

Your system clock appears to be 6 years behind.

> I have an auth subclass called 'Customer_Auth' and i=A0need another=20
> subclass (i.e. Admin_Auth) for admins.
> These classes have differents behaviors: ill never let anybody=20
> autoregister in Admin_Auth or visit as user 'nobody'.
> =A0
> These classes also will have differents tables in the database.
> =A0
> I havent thought if its better have two phplib copies, or one copy for=20=

> both classes.=A0 In the second case, Im not sure if somebody could=20
> authenticate in customer pages and appears like authenticated because=20=

> both classes uses the same session class (and table).

This is simple to achieve in 3 steps:
1. define your 2 auth extension classes
2. make sure the separate classes use separate tables (or otherwise=20
prevent a customer from authenticating as admin)
3. make sure the page_open() on customer pages sets "auth" =3D>=20
"Customer_Auth" and on admin pages sets "auth" =3D> "Admin_Auth"

Layne=

[Phplib-users] Two different auth classes in the same web site

[Virilo T. <vi...@su...>]

I have an auth subclass called 'Customer_Auth' and i need another =
subclass (i.e. Admin_Auth) for admins.
These classes have differents behaviors: ill never let anybody =
autoregister in Admin_Auth or visit as user 'nobody'.

These classes also will have differents tables in the database.

I havent thought if its better have two phplib copies, or one copy for =
both classes.  In the second case, Im not sure if somebody could =
authenticate in customer pages and appears like authenticated because =
both classes uses the same session class (and table).


In the future I could use it to share different web pages in the same =
server.


Im not sure to be in the correct way. Has anybody a better solution?  is =
there any example?


Thanks in advance:

    Virilo Tejedor.  Email: vi...@su...


Sorry for my english, my spanish is better.

[Phplib-users] Can't make Default_Auth work properly

[Keven C <kev...@ho...>]

Default_Auth doesn't appear to work correctly, after you have been to 
another page that
requires Authentication.

This can even be demonstrated with the example files supplied with 
PhpLib-7.4.
For example, with the example files.

From index.php3:
Click 'Load default auth example' - (correctly says your user id is nobody)
Click back
Click 'Load a more complex example' - (correctly says uid is nobody and you 
don't have admin permission)

However if you do it the other way round:
From index.php3:
Click 'Load a more complex example' - (correctly brings up a login box)
Click back
Click 'Load default auth example' - (incorrectly brings up a login box - 
should have used uid nobody)

in order to ever get the Default_Auth page back again you have to shutdown 
your browser and
restart.

So, Default_Auth doesn't behave the same, after you have visited a page that 
requires authorisation.

Any ideas what's going wrong?

Keven.

_________________________________________________________________
Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile

[Phplib-users] Displaying images in OOHForms' WYSIWYG editor

[Arcadius A. <ah...@sh...>]

Greetings....
I'm using the WYSIWYG editor in phplib-7.4  to manage a website (edit 
HTML/PHP files on the file system). The software works great...

But there is a little problem(or bug?).
In my HTML/PHP files, I have only relative path for images (for instance 
<img src="images/myimage.gif" />) while the WYSIWYG editor seems to 
display only images with full URL (i.e.  <img 
src="http://mydomain.com/images/myimage.gif"/> ).
So, images with relative URL/Path don't show in the editor :-(

I even added a "preview" button to the editor that start the page being 
edited in a new browser window..... and the images are correctly 
displayed..... but not within the WYSIWYG editor ....

 I just wanted to ask whether anyone came across this problem  before.

Thanks in advance.

Arcadius A.

Re: [Phplib-users] Maintaing POST through Auth (Was: Phplib-users -- confirmation of subscription -- request 235198)

[Layne W. <la...@dr...>]

On Friday, September 5, 2003, at 11:34 AM, Layne Weathers wrote:
> You can easily overcome this problem by making a few changes in your 
> MEINE_AUTH class. Here's what I've done in my Auth class.
>
> In auth_loginform():
> 	if(!is_array($login_post) and count($_POST)) {
> 		$login_post = $_POST;
> 		if(!$sess->is_registered("login_post")) 
> $sess->register("login_post");
> 	}
>
> Then, in auth_validatelogin(), after a correct login has been 
> validated:
> 	global $sess, $login_post;
> 	if(is_array($login_post)) {
> 		$_POST = $login_post;
> 		$sess->unregister("login_post");
> 	}

Stupid me, I left off the global declarations from auth_loginform(). 
Use the same global $sess, $login_post; as in auth_validatelogin above.

Layne Weathers

[Phplib-users] Maintaing POST through Auth (Was: Phplib-users -- confirmation of subscription -- request 235198)

[Layne W. <la...@dr...>]

On Friday, September 5, 2003, at 04:15 PM, as...@0u... wrote:

> Hi list,
>
> I`ve got a formular with some text fields within a php-file (1.php).=20=

> Another php-file (2.php) is called
> by the form to evaluate the fields. Both php-files are protected with=20=

> the follwing line at the beginning:
>
> page_open(array("sess" =3D> "MEINE_SESSION", "auth" =3D> =
"MEINE_AUTH"));
>
> 1.php is loaded and the input is made. After the lifetime of the=20
> auth-class has expired, I send the data
> to 2.php by clicking the submit-button. 2.php even contains the=20
> page_open statement. After that,=A0the login
> dialog appears. That ist OK. After re-authentication, 2.php is loaded.=20=

> But now=A02.php is unable to get the
> data of the form from 1.php. Therefore I use=20
> $HTTP_POST_VARS["Textfeld"], but there is no data.
>
> The lifetime of the session-class is 0. That of the auth-class is 1=20
> minute.
>
> Does anybody hava any ideas?
>
> Thanks, Andi.


Hi Andi,

You can easily overcome this problem by making a few changes in your=20
MEINE_AUTH class. Here's what I've done in my Auth class.

In auth_loginform():
	if(!is_array($login_post) and count($_POST)) {
		$login_post =3D $_POST;
		if(!$sess->is_registered("login_post")) =
$sess->register("login_post");
	}

Then, in auth_validatelogin(), after a correct login has been validated:
	global $sess, $login_post;
	if(is_array($login_post)) {
		$_POST =3D $login_post;
		$sess->unregister("login_post");
	}

Good luck,
Layne Weathers

[Phplib-users] Re: Phplib-users -- confirmation of subscription -- request 235198

[<as...@0u...>]

Hi list,

I`ve got a formular with some text fields within a php-file (1.php). Another php-file (2.php) is called
by the form to evaluate the fields. Both php-files are protected with the follwing line at the beginning:

page_open(array("sess" => "MEINE_SESSION", "auth" => "MEINE_AUTH"));

1.php is loaded and the input is made. After the lifetime of the auth-class has expired, I send the data
to 2.php by clicking the submit-button. 2.php even contains the page_open statement. After that, the login
dialog appears. That ist OK. After re-authentication, 2.php is loaded. But now 2.php is unable to get the
data of the form from 1.php. Therefore I use $HTTP_POST_VARS["Textfeld"], but there is no data.

The lifetime of the session-class is 0. That of the auth-class is 1 minute.

Does anybody hava any ideas?

Thanks, Andi.

[Phplib-users] Authentication/permissions module

[Mike G. <mik...@sa...>]

Does anyone know of an authentication/permissions module built using 
PHPLib which can be easily integrated with existing sites?

We need something that includes the user enrollment, lost password 
retrieval, etc., features which can be used as a drop in module for an 
existing site to provides for limiting access to other parts of the site 
based upon the auth and perm classes of PHPLib.

Ideally the package would use PHPLib templates for page layout.

I've done all of the above as parts of other sites. But, unfortunately, 
I did it in such a way that the code is not anything like a separate 
module which could be re-used in another site (bang my head against the 
wall).

TIA!

Mike Green

Re: [Phplib-users] Editing user variables?

[Nathaniel P. <np...@te...>]

----- Original Message ----- 
From: "Andy Fundinger" <an...@bu...>
To: "'Nathaniel Price'" <np...@te...>
Sent: Wednesday, August 27, 2003 2:57 PM
Subject: RE: [Phplib-users] Editing user variables?


> Would I be misusing the library if I tried to store user profile-type data
> in user variables?

Generally, yes. Since the sort of data that you are talking about needs to
be searchable and easily editable by other users, User variables will just
gum up the works. I only use user variables for things like preference
settings -- stuff that you'd like the system to remember, but don't
necessarily need to be able to search for or edit very often.

> Are there common/example ways to store data like real
> name, location, company name, E-mail address etc. in a system using
phplib?
> I'd want this sort of thing to be listable, searchable, and editable by
> other users.

I don't know about anyone else, but I just use the database to store that
info directly. The easiest way to do it is by adding columns (such as
realname, location, company, email, etc.) to the auth_user table. Then, if
you want PHPlib to be aware of these values, just extend it so that it takes
those values from the database and does something with them. For example, in
your subclass of Auth, while PHPlib is querying for the username and
password data for the login process, you could easily extend that query, and
put the resulting data into a global variable. It's not strictly required to
do that, but it may be useful if you were depending on the data that was in
the User variables in your app.

As for searching, listing and editing users, you'd probably want to come up
with your own interface to that. Since it's just database data, you'd use
the same methods to edit it as you would with any other database. PHPlib
/does/ come with an example interface for editing users; take a look at the
new_user.php script (it comes with your PHPlib distro under the pages/admin/
directory). Hopefully that can give you an idea of where to start.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

Re: [Phplib-users] Editing user variables?

[Nathaniel P. <np...@te...>]

----- Original Message ----- 
From: "Andy Fundinger" <an...@bu...>
To: <php...@li...>
Sent: Wednesday, August 27, 2003 11:35 AM
Subject: [Phplib-users] Editing user variables?


> Is there an easy way to access other user's variables?  I'd really like to
> do things like browse through all my users and edit their real names or
add
> a value to all current users without having to write the tool for it
> entirely from scratch.

Not really, no. User variables are stored in a serialized form in the
database, just like session variables, thus the information is only
accessible after it is deserialized and imported into variables (which the
User class does transparently). Additionally, to save the changes back to
the database, you'll need to reserialize /all/ the data and put it back in
the database. Thus you'll only be able read and change the data from one
user at a time.

If I were to create such a tool, I'd look at the User (and Session, if you
don't use session4.inc) class code and see about using the serialize() and
deserialize() functions to get the data in and out. You might even be able
to use the classes themselves with some modifications. Be aware that there
would be significant limitations to it. You wouldn't be able to search in
the DB for a specific user variable setting, for instance, and there's the
aforementioned problem of needing to deserialize and reserialize /all/ the
data in order to change any of it. Also, you will have to perform an update
for each individual user where you change any of their user data. (i.e.
Modifying 20 users, even if the modification is the same, means doing 20
updates to the database).

If you're storing data in user variables that you need to access and/or
change like this frequently, you might consider adding some hard-coded
columns to your database and putting the data there, so that it's easier to
use it.

In any case I'm not aware that any pre-built tool to do what you're wanting
to do exists, so you'll probably have to code up something yourself.

Good luck.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

[Phplib-users] Editing user variables?

[Andy F. <an...@bu...>]

Is there an easy way to access other user's variables?  I'd really like to
do things like browse through all my users and edit their real names or add
a value to all current users without having to write the tool for it
entirely from scratch.

Andy Fundinger

Re: [Phplib-users] oohForm text element with multiple attribute

[Nathaniel P. <np...@te...>]

There have been some problems with using JavaScript on form inputs that have
"[]" in their name before. Some excellent solutions can be found in the user
contributed notes in the PHP manual:
http://www.php.net/manual/en/language.types.array.php

Basically the solutions boil down to doing one of the following:

1) Use the alternate Javascript syntax to access the form, i.e.:
document.theForm.elements["myField[0]"].value

This will only work if each input has a unique name. In other words, if you
have multiple inputs and all of them are named "myField[]", this won't work.
However, this is also the most foolproof method of doing it, since it won't
break if you move the HTML form elements around, as with method #2. All you
have to do is make sure that OOHforms outputs an index number along with
each form name, so that it looks like
<input name="myField[$i]"...> where $i is a unique number for each form
element, instead of <input name="myField[]">

2) Use the generic JavaScript elements[] array to access it, i.e.:
for (i = 0; i <= frm.elements.length; i++) {
    document.theForm.elements[i].value
}

The disadvantage is that if you move your form elements around much, you'll
break your javascripts.

3) You might also experiment with using the HTML ID attribute to do it,
however I'm not sure if it will work:
<script language="javascript">
//UNTESTED JAVASCRIPT - Use at own risk
//Make sure your form elements are done like this:
//<input type="text" name="myField[]" id="myField1">
//<input type="text" name="myField[]" id="myField2">
//and so on
document.writeln(document.getElementById("myField1").value);
document.writeln(document.getElementById("myField2").value);
</script>

You will need to make sure that each HTML ID attribute is given a different
name. This one is almost like method #1, but you don't have to worry about
giving each element a unique NAME attribute.

I will leave a specific implementation within OOHforms as an excersize to
the reader, since I haven't bothered much with that particular class and
wouldn't know exactly where you'd need to modify it.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

----- Original Message ----- 
From: "Andres Barreto Zicare" <aba...@ei...>
To: <php...@li...>
Sent: Monday, August 25, 2003 12:30 PM
Subject: [Phplib-users] oohForm text element with multiple attribute


>
> Hello again:
> I went into the oohForm class files and I edited the line where a multiple
> text field is printed so no more problems with the appended "[]". But I
> still have a problem, it is not posible to give different values to the
> various instances of a multiple text field. By now, I wonder if I am
trying
> to do something that oohForm does not offer... Being more especific... Can
> oohForm deal with multiple text fields with the same name and different
> values?
> Thank you very much...
> Andres

[snip]

RE: [Phplib-users] oohForm text element with multiple attribute

[Andres B. Z. <aba...@ei...>]

Sr. Price,
Thank you very much for your answer... I have tried method #1 and #2 before
and it worked, but I felt like they were not very efficient workarounds. I
can not understand the logic used in oohForm to deal with this situation. It
is my understanding that something like the feature available for "select"
fields should be implemented within oohForm, that is: the possiblity to
declare a text field as multiple, put all the values in an array and have
the oohform outputs  the right thing (and also be able to understand the
form data submited back). Is it out there any solution with this approach?
i.e.
**********
$f->add_element(array("type"=>"text",
     "name"=>"myField",
     "multiple"=>1,
     "value"=>"$values"));
***
for ($i=0;$i<$n;$i++) {
	$f->show_element(myField, $values[$i]);
	}
***
And then have oohForm outputs:
<input type="text" name="myField" value="$values[0]">
<input type="text" name="myField" value="$values[1]">
	"
	"
<input type="text" name="myField" value="$values[n]">
**********
Andres


-----Original Message-----
From: Nathaniel Price [mailto:np...@te...]
Sent: Lunes, 25 de Agosto de 2003 02:27 p.m.
To: Andres Barreto Zicare
Subject: Re: [Phplib-users] oohForm text element with multiple attribute


There have been some problems with using JavaScript on form inputs that have
"[]" in their name before. Some excellent solutions can be found in the user
contributed notes in the PHP manual:
http://www.php.net/manual/en/language.types.array.php

Basically the solutions boil down to doing one of the following:

1) Use the alternate Javascript syntax to access the form, i.e.:
document.theForm.elements["myField[0]"].value

This will only work if each input has a unique name. In other words, if you
have multiple inputs and all of them are named "myField[]", this won't work.
However, this is also the most foolproof method of doing it, since it won't
break if you move the HTML form elements around, as with method #2. All you
have to do is make sure that OOHforms outputs an index number along with
each form name, so that it looks like
<input name="myField[$i]"...> where $i is a unique number for each form
element, instead of <input name="myField[]">

2) Use the generic JavaScript elements[] array to access it, i.e.:
for (i = 0; i <= frm.elements.length; i++) {
    document.theForm.elements[i].value
}

The disadvantage is that if you move your form elements around much, you'll
break your javascripts.

3) You might also experiment with using the HTML ID attribute to do it,
however I'm not sure if it will work:
<script language="javascript">
//UNTESTED JAVASCRIPT - Use at own risk
//Make sure your form elements are done like this:
//<input type="text" name="myField[]" id="myField1">
//<input type="text" name="myField[]" id="myField2">
//and so on
document.writeln(document.getElementById("myField1").value);
document.writeln(document.getElementById("myField2").value);
</script>

You will need to make sure that each HTML ID attribute is given a different
name. This one is almost like method #1, but you don't have to worry about
giving each element a unique NAME attribute.

I will leave a specific implementation within OOHforms as an excersize to
the reader, since I haven't bothered much with that particular class and
wouldn't know exactly where you'd need to modify it.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

----- Original Message -----
From: "Andres Barreto Zicare" <aba...@ei...>
To: <php...@li...>
Sent: Monday, August 25, 2003 12:30 PM
Subject: [Phplib-users] oohForm text element with multiple attribute


>
> Hello again:
> I went into the oohForm class files and I edited the line where a multiple
> text field is printed so no more problems with the appended "[]". But I
> still have a problem, it is not posible to give different values to the
> various instances of a multiple text field. By now, I wonder if I am
trying
> to do something that oohForm does not offer... Being more especific... Can
> oohForm deal with multiple text fields with the same name and different
> values?
> Thank you very much...
> Andres
>
>
>
> -----Original Message-----
> From: php...@li...
> [mailto:php...@li...]On Behalf Of Andres
> Barreto Zicare
> Sent: Viernes, 22 de Agosto de 2003 12:21 p.m.
> To: php...@li...
> Subject: [Phplib-users] oohForm text element with multiple attribute
>
>
> Hello:
>
> In Javascript, if multiple objects on the same form have the same NAME
> attribute (eg. <input type=text name=myField> ), an array of the given
NAME
> (myField) is created automatically. Elements are indexed in source order
> starting at 0. So references to document.theForm.myField[0] are valid.
>
> Now, I am using this piece of php code:
>
> for ($i=0;$i<$n;$i++)
> {
> $f->add_element(array("type"=>"text",
>     "name"=>"myField",
>     "multiple"=>1,
>     "value"=>"$nombre"));
> }
>
> And I have found that oohform prints the form elements as: <input
> name=myField[] value=''>
>
> The "[]" appended to the element name fools the javascript interpreter so
I
> cant make reference to the elements.
>
> How can I make oohform to print the element name without the "[]" ?
>
> Thanks
>
> Andres
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click
here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Phplib-users mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click
here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Phplib-users mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>
>

[Phplib-users] oohForm text element with multiple attribute

[Andres B. Z. <aba...@ei...>]

Hello again:
I went into the oohForm class files and I edited the line where a multiple
text field is printed so no more problems with the appended "[]". But I
still have a problem, it is not posible to give different values to the
various instances of a multiple text field. By now, I wonder if I am trying
to do something that oohForm does not offer... Being more especific... Can
oohForm deal with multiple text fields with the same name and different
values?
Thank you very much...
Andres



-----Original Message-----
From: php...@li...
[mailto:php...@li...]On Behalf Of Andres
Barreto Zicare
Sent: Viernes, 22 de Agosto de 2003 12:21 p.m.
To: php...@li...
Subject: [Phplib-users] oohForm text element with multiple attribute


Hello:

In Javascript, if multiple objects on the same form have the same NAME
attribute (eg. <input type=text name=myField> ), an array of the given NAME
(myField) is created automatically. Elements are indexed in source order
starting at 0. So references to document.theForm.myField[0] are valid.

Now, I am using this piece of php code:

for ($i=0;$i<$n;$i++)
{
	$f->add_element(array("type"=>"text",
			    "name"=>"myField",
			    "multiple"=>1,
			    "value"=>"$nombre"));
}

And I have found that oohform prints the form elements as: <input
name=myField[] value=''>

The "[]" appended to the element name fools the javascript interpreter so I
cant make reference to the elements.

How can I make oohform to print the element name without the "[]" ?

Thanks

Andres






-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Phplib-users mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phplib-users

Re: [Phplib-users] Header and footer puting

[Richard A. <rh...@ju...>]

At 9:46 +0200 22/8/03, Horst Kriegers wrote:

>$tpl->set_var("HTMLHEAD", stristr(include("htmlhead.html"), 1));

That code looks very strange to me. Does include() work that way?
I would do something like:

$tpl->set_var("HTMLHEAD", implode("", file("htmlhead.html")));

 ...R.

[Phplib-users] oohForm text element with multiple attribute

[Andres B. Z. <aba...@ei...>]

Hello:

In Javascript, if multiple objects on the same form have the same NAME
attribute (eg. <input type=text name=myField> ), an array of the given NAME
(myField) is created automatically. Elements are indexed in source order
starting at 0. So references to document.theForm.myField[0] are valid.

Now, I am using this piece of php code:

for ($i=0;$i<$n;$i++)
{
	$f->add_element(array("type"=>"text",
			    "name"=>"myField",
			    "multiple"=>1,
			    "value"=>"$nombre"));
}

And I have found that oohform prints the form elements as: <input
name=myField[] value=''>

The "[]" appended to the element name fools the javascript interpreter so I
cant make reference to the elements.

How can I make oohform to print the element name without the "[]" ?

Thanks

Andres

[Phplib-users] Header and footer puting

[Horst K. <Hor...@lo...>]

Hello list,=20

I'm a new user of Phplib - template - and I need somme help.
I try to insert an HTML Header, Header and Footer in a page with template, =
and it doesn't work correctly.=20
Here you are my code:=20

=3D=3D=3D=3D=3D=3D=3D=3D t1.tpl =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
{HTMLHEAD}
<Center>
{HEADER}
<Table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" Width=3D"500">
	<th colspan=3D"4" Align=3D"Left">{NOMBRE_ENREGISTREMENTS} =
Enregistrements</th>
	<!-- BEGIN RESPONSABLEBLOCK -->
	<tr>
		<td>{RESPONSABLE_ID}</td><td>{RESPONSABLE_NOM}</a></td><td>=
{RESPONSABLE_PRENOM}</td><td><a href=3D"mailto:{RESPONSABLE_EMAIL}">{RESPON=
SABLE_EMAIL}</a></td>
	</tr>
	<!-- END RESPONSABLEBLOCK -->
</Table>
{FOOTER}
</Center>
</Body>
</Html>
=3D=3D=3D=3D=3D End t1.tpl =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20

=3D=3D=3D=3D=3D=3D=3D=3D t1.php =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
<?PHP
// Connection =E0 la base de donn=E9es
@mysql_connect("MyHost", "MyUserName", "MyPassword") or die(mysql_errno() =
& " - " & mysql_error());
@mysql_select_db("elogbook") or die(mysql_errno() & " - " & mysql_error());=


// requ=EAte SQL
$sql =3D "
				SELECT
					responsable_id,
					responsable_nom,
					responsable_prenom,
					responsable_email
				FROM
					responsables
				WHERE
					responsable_email LIKE '%@%.ch'
				ORDER BY
					responsable_nom,
					responsable_prenom
			"
			;

// Ex=E9cution de la requ=EAte sql et r=E9cup=E9ration des donn=E9es
$result =3D mysql_query($sql);

// D=E9connection de la base de donn=E9es
mysql_close();


///////////////////////////////////////////////
// Insertion de la classe PHPLIB
include "template/template2.inc";

// Cr=E9ation du template
$tpl =3D new template("./");

// Indication du fichier servant de mod=E8le
$tpl->set_file("t1", "t1.tpl");



///////////////////////////////////////////////
// Traitement des informations

/* Ent=EAte HTML */
$tpl->set_var("HTMLHEAD", stristr(include("htmlhead.html"), 1));



/* Block Ent=EAte de page */
$tpl->set_var("FOOTER", stristr(include("header.html"), 1));


/* Pied de page */
$tpl->set_var("FOOTER", stristr(include("footer.html"), 1));




/* Block RESPONSABLE */
// Cr=E9ation du block
$tpl->set_block("t1", "RESPONSABLEBLOCK", "responsableblock");
// Nombre d'enregistrements
$tpl->set_var("NOMBRE_ENREGISTREMENTS", mysql_numrows($result));
while ($val =3D mysql_fetch_array($result)){ // On parcoure les r=E9sultats=
 de la requ=EAte
	$tpl->set_var("RESPONSABLE_ID", $val["responsable_id"]);
	$tpl->set_var("RESPONSABLE_NOM", $val["responsable_nom"]);
	$tpl->set_var("RESPONSABLE_PRENOM", $val["responsable_prenom"]);
	$tpl->set_var("RESPONSABLE_EMAIL", $val["responsable_email"]);
	$tpl->parse("responsableblock", "RESPONSABLEBLOCK", true);
}


// Traitement de la page
$tpl->parse("parse", "t1");

// Affichage de la page
$tpl->p("parse");
?>
=3D=3D=3D=3D=3D End t1.php =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20


Thanks for your help=20
Horst=20


PS: Sorry for my poor English.=20

Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages

[Nathaniel P. <np...@te...>]

----- Original Message ----- 
From: "T. Riedel" <Te...@Te...>
To: "'Nathaniel Price'" <np...@te...>;
<php...@li...>
Sent: Monday, August 18, 2003 11:54 AM
Subject: RE: [Phplib-users] Mixing Authenticated & unauthenticated Pages


[snip]
> Perhaps I'm just a complete dolt, but the manual doesn't seem very clear
to
> me.  It makes it seem that you need to create an Auth subclass that and
set
> $nobody to true.  Just flipping the nobody flag to true in my MyCustomAuth
> doesn't seem right.  When does the class force authentication and when
does
> it just cruise along as nobody?

From the documentation:
|To use default authentication, create a subclass of My_Auth as shown above
|with the nobody flag set (Note: No need to extend in two steps. The only
|important thing here is that the nobody flag is set.)

In other words, you can just set the $nobody flag to true.

Default auth forces authentication only when the value passed to login_if()
evaluates to true. That means that on a page where you want default auth
functioning and allow some content to be viewed by "nobody", you will need
to provide a link on the page that sets a variable within PHP and pass that
variable to login_if(), as per the documentation.

> The login_if() FORCES a login if you're nobody!  So it's perfect if you
want
> to force users to reauthenticate.  In this case, I'm trying to avoid
> annoying requests to reauthenticate.  If you've logged on once, and then
> decided to click a "no-permissions-required" script, I don't want the
$auth
> object stomped by a $nobody=true version which will forced the user to
> reauthenticate when he returns to a secured page.  (did that make sense?)

It does, but you're confusing two things (which I think is in part due to a
particularly confusing naming convention). The $nobody flag merely tells
Auth that we are in Default Authentication mode. In other words, if the user
is not logged in, Auth will automatically log them in as "nobody". It
doesn't mean that you're /always/ "nobody". It just tells Auth what to do if
it can't authenticate normally. A logged in user will retain their login
even when visiting a default auth page.

There's also the $auth->auth['uid'] == "nobody" setting. /This/ is what the
Auth class uses to determine if the user is "nobody", and it will be
overwritten by the normal data for a logged-in user once they're logged in.
Auth will never overwrite this data unless the user is logged out and then
revisits a default auth page.

The example that I provided of using login_if($auth->auth['uid']=="nobody")
was meant as an example of what you could do to simulate the behavior of a
normal page (without default authentication) while in Default Authentication
mode. In other words a user that hasn't logged in, but is "authenticated" as
"nobody" will always see a login screen. If this isn't what you want, then
by all means, do something else. :)

> I guess what I really want to do is allow a user to have TWO instances of
an
> Auth class - a "normal" version that requires login and a "nobody" auth
> class to browse unsecured pages.  It seems rather strange, but from my
> confused point of view - it seems to make sense.  ...probably just
> succumbing to the madness again....

As I said above, a single class will handle both types of uses... that's why
default auth was created in the first place. Anyway, I understand the
confusion. PHPlib isn't the best documented project in the world (although
it's a /lot/ better now than when I started out with it), or the easiest to
understand, but once I figured out how it works I realized just how
powerful/useful it is for doing what it does.

Also, I've found a flowchart that helped me wrap my head around the whole
authentication process in PHPlib here:
<http://www.drostan.org/Application/webdev/uod/auth_phplib.php>

Hope that helps!

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

RE: [Phplib-users] Mixing Authenticated & unauthenticated Pages

[T. R. <Te...@Te...>]

Thanks again Nathaniel - I've taken your advice and gotten a little further,
but I'm not quite there yet.

- I decided to "stop the madness" and yanked those embedded page_open/close
calls from my menu code
- I also modified my menu to test is_object($perm) before trying to render
my navigation bar - very good, common sense suggestion!
- I'm already doing an autoprepend to load a prepend script that includes
all the page/sess/local/yada-yada-yada

Perhaps I'm just a complete dolt, but the manual doesn't seem very clear to
me.  It makes it seem that you need to create an Auth subclass that and set
$nobody to true.  Just flipping the nobody flag to true in my MyCustomAuth
doesn't seem right.  When does the class force authentication and when does
it just cruise along as nobody?

The login_if() FORCES a login if you're nobody!  So it's perfect if you want
to force users to reauthenticate.  In this case, I'm trying to avoid
annoying requests to reauthenticate.  If you've logged on once, and then
decided to click a "no-permissions-required" script, I don't want the $auth
object stomped by a $nobody=true version which will forced the user to
reauthenticate when he returns to a secured page.  (did that make sense?)

I guess what I really want to do is allow a user to have TWO instances of an
Auth class - a "normal" version that requires login and a "nobody" auth
class to browse unsecured pages.  It seems rather strange, but from my
confused point of view - it seems to make sense.  ...probably just
succumbing to the madness again....

-----Original Message-----
From: Nathaniel Price [mailto:np...@te...]
Sent: Monday, August 18, 2003 1:14 PM
To: T. Riedel; php...@li...
Subject: Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages

<<<snip>>>

Uh... Don't do it? Especially not multiple times for the same page as it
seems you're doing from the description of the above (once in the included
menu and once on the actual page). That way lies madness. You should be able
to add default auth functionality to your existing customAuth class by
setting the class variable $nobody to true in local.inc. Then on any page
you don't want to allow the 'default' authentication to take effect, use
$auth->login_if($auth->auth['uid'] == 'nobody') right after the page_open()
to force a login (the easy way) or use $perm->check("user") (or whatever
your desired permission setting is) and then modify your perminvalid.ihtml
file to always include a relogin link for any user with the UID of "nobody"
(probably more accesible as it allows one to remain "authenticated" as
nobody). See the documentation on default auth for more details:
<http://www.sanisoft.com/phplib/manual/authAddedInfo.php>

I'd say what you should do is use $perm->has_perm() on the included menu
script to detect the permission settings of the user, but leave it up to
each individual page to do the page_open() and page_close() calls (you can
also use the auto_prepend_file and auto_append_file settings in php.ini, or
inside the apache configuration, to do this for you if you use PHPlib
consistantly throughout your site). If you use your menu on pages that don't
use PHPlib (or at least those that don't instanciate $perm) as well, first
detect whether or not $perm is an object (using is_object()), then act
accordingly.

Hope that helps. If I've completely missed the mark, let me know.

Full disclosure: I haven't used default auth much, so I don't know all the
ins-and-outs. So, to anyone on the list, If I'm wrong about something,
please let me know.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

Re: [Phplib-users] Mixing Authenticated & unauthenticated Pages

[Nathaniel P. <np...@te...>]

----- Original Message ----- 
From: "T. Riedel" <Te...@Te...>
To: <php...@li...>
Sent: Monday, August 18, 2003 8:07 AM
Subject: [Phplib-users] Mixing Authenticated & unauthenticated Pages


> I include() a menu in the left hand gutter of every page.  If you're
logged
> on with user permissions, you get one menu, admin - you get another.  If
you
> haven't logged on at all, you only see a log in form.  (pretty basic
stuff)
> Items across the top navigation bar of the page don't require
> authentication.  To handle those pages, I created a second subclass of
Auth
> called defaultAuth that sets $nobody to true.
>
> If I open a non-privileged page, like say contacts.php - the left-hand
menu
> disappears. OK - that makes sense, the defaultAuth is active and not my
> customAuth class.  In a moment of misguided clarity, I added a page_open()
> in the left navigation that uses my customAuth class.  Great!  Now I can
see
> the left hand menu when I'm on a page that uses defaultAuth.
>
> Wait just a second boy-genius! - Now users who haven't logged on yet are
> forced to log on when that left nav is executed during the include().
> Ahhh, the law of unintended consequences bites me in the rump again!
>
> Anyone got any tips they'd like to share for mixing authentication modes?

Uh... Don't do it? Especially not multiple times for the same page as it
seems you're doing from the description of the above (once in the included
menu and once on the actual page). That way lies madness. You should be able
to add default auth functionality to your existing customAuth class by
setting the class variable $nobody to true in local.inc. Then on any page
you don't want to allow the 'default' authentication to take effect, use
$auth->login_if($auth->auth['uid'] == 'nobody') right after the page_open()
to force a login (the easy way) or use $perm->check("user") (or whatever
your desired permission setting is) and then modify your perminvalid.ihtml
file to always include a relogin link for any user with the UID of "nobody"
(probably more accesible as it allows one to remain "authenticated" as
nobody). See the documentation on default auth for more details:
<http://www.sanisoft.com/phplib/manual/authAddedInfo.php>

I'd say what you should do is use $perm->has_perm() on the included menu
script to detect the permission settings of the user, but leave it up to
each individual page to do the page_open() and page_close() calls (you can
also use the auto_prepend_file and auto_append_file settings in php.ini, or
inside the apache configuration, to do this for you if you use PHPlib
consistantly throughout your site). If you use your menu on pages that don't
use PHPlib (or at least those that don't instanciate $perm) as well, first
detect whether or not $perm is an object (using is_object()), then act
accordingly.

Hope that helps. If I've completely missed the mark, let me know.

Full disclosure: I haven't used default auth much, so I don't know all the
ins-and-outs. So, to anyone on the list, If I'm wrong about something,
please let me know.

_________________________________
Nathaniel Price
Webmaster <http://www.tesseract.net>

[Phplib-users] Mixing Authenticated & unauthenticated Pages

[T. R. <Te...@Te...>]

Thanks all for your help with my revalidation problems!  I'm very glad to be
beyond that, now I'm moving ahead and making new mistakes.  (the only way
real progress is ever made!)
I'm trying to mix authenticated & "anonymous/nobody" scripts.

I include() a menu in the left hand gutter of every page.  If you're logged
on with user permissions, you get one menu, admin - you get another.  If you
haven't logged on at all, you only see a log in form.  (pretty basic stuff)
Items across the top navigation bar of the page don't require
authentication.  To handle those pages, I created a second subclass of Auth
called defaultAuth that sets $nobody to true.

If I open a non-privileged page, like say contacts.php - the left-hand menu
disappears. OK - that makes sense, the defaultAuth is active and not my
customAuth class.  In a moment of misguided clarity, I added a page_open()
in the left navigation that uses my customAuth class.  Great!  Now I can see
the left hand menu when I'm on a page that uses defaultAuth.

Wait just a second boy-genius! - Now users who haven't logged on yet are
forced to log on when that left nav is executed during the include().
Ahhh, the law of unintended consequences bites me in the rump again!

Anyone got any tips they'd like to share for mixing authentication modes?

Thanks in advance,

Terry