phplib-users Mailing List for PHPLIB (Page 13)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: T. R. <Te...@Te...> - 2003-08-15 14:10:56
|
HAH! That's was it! I had one really old script that called "Example_Auth" instead of my customized auth class. Thanks for the help! ....now I can get back to work! -----Original Message----- From: Nathaniel Price [mailto:np...@te...] Sent: Thursday, August 14, 2003 2:22 PM To: T. Riedel; php...@li... Subject: Re: [Phplib-users] Reauthentication Woes Hmm... based on your description of everything, it /should/ be working. A few thoughts come to mind: 1) Do you have any global variables with the name of $sess or $auth (and if you want to be super-careful, check for $perm and $user as well) in your scripts? PHPlib registers and uses these variables to store the session and authentication objects. If any script resets these variables, it will probably cause weirdness. 2) Are you using different subclasses of Auth on different pages? That might cause some hard to track down bugs, if each subclass handles anything significantly differently. 3) Which version of PHP and PHPlib do you use? If you aren't using the latest release (7.4-pre2) of PHPlib, and you have PHP set up with import_globals set to false, it won't work properly, although the symptoms don't match up exactly (you shouldn't be able to log in at all under these conditions). It is also possible that there might be a bug in the "stable" (7.2d) release that has been fixed in one of the later releases. You might post some more psuedo code from your app as well, since I can't really tell much from your description. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: "'Nathaniel Price'" <np...@te...>; <php...@li...> Sent: Thursday, August 14, 2003 10:45 AM Subject: RE: [Phplib-users] Reauthentication Woes > Thanks for the quick response Nathaniel! > > I grepped *.php for page_open and compared it to a grep for page_close. > Everything that opens a page, closes it. While I was checking the PHP > scripts, I also performed the same check on all my included files and they > all checked out too. > > That was good suggesion though, anything else that comes to mind? |
|
From: Nathaniel P. <np...@te...> - 2003-08-14 18:49:21
|
Hmm... based on your description of everything, it /should/ be working. A few thoughts come to mind: 1) Do you have any global variables with the name of $sess or $auth (and if you want to be super-careful, check for $perm and $user as well) in your scripts? PHPlib registers and uses these variables to store the session and authentication objects. If any script resets these variables, it will probably cause weirdness. 2) Are you using different subclasses of Auth on different pages? That might cause some hard to track down bugs, if each subclass handles anything significantly differently. 3) Which version of PHP and PHPlib do you use? If you aren't using the latest release (7.4-pre2) of PHPlib, and you have PHP set up with import_globals set to false, it won't work properly, although the symptoms don't match up exactly (you shouldn't be able to log in at all under these conditions). It is also possible that there might be a bug in the "stable" (7.2d) release that has been fixed in one of the later releases. You might post some more psuedo code from your app as well, since I can't really tell much from your description. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: "'Nathaniel Price'" <np...@te...>; <php...@li...> Sent: Thursday, August 14, 2003 10:45 AM Subject: RE: [Phplib-users] Reauthentication Woes > Thanks for the quick response Nathaniel! > > I grepped *.php for page_open and compared it to a grep for page_close. > Everything that opens a page, closes it. While I was checking the PHP > scripts, I also performed the same check on all my included files and they > all checked out too. > > That was good suggesion though, anything else that comes to mind? |
|
From: T. R. <Te...@Te...> - 2003-08-14 17:55:00
|
Thanks for the quick response Nathaniel! I grepped *.php for page_open and compared it to a grep for page_close. Everything that opens a page, closes it. While I was checking the PHP scripts, I also performed the same check on all my included files and they all checked out too. That was good suggesion though, anything else that comes to mind? Thanks! Terry -----Original Message----- From: Nathaniel Price [mailto:np...@te...] Sent: Thursday, August 14, 2003 1:41 PM To: T. Riedel; php...@li... Subject: Re: [Phplib-users] Reauthentication Woes Are you calling page_close() on the page where you first log in at? If you don't, that would produce exactly the behavior you describe, since page_close() saves all the authentication data into the current session. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: <php...@li...> Sent: Thursday, August 14, 2003 10:23 AM Subject: [Phplib-users] Reauthentication Woes [snip] > I go ahead and logon, and the secured page comes up as expected. > > If I call up any other secured page, $auth sends the browser back to > loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and > HTTP_POST_VARS[password] are getting wiped out. Of course that's not the > root of the problem, only "collateral damage". I'm guessing my UID is > getting clobbered somewhere. Why it's happening is beyond me and I could > really use some help here! > > ...now if I log on to this second call to loginform.ihtml, all is well! The > session works as expected, secured pages work as they should, my different > permission levels all work normally. > > Any suggestions and insight you'd like to share will be greatly appreciated! |
|
From: Nathaniel P. <np...@te...> - 2003-08-14 17:44:51
|
Are you calling page_close() on the page where you first log in at? If you don't, that would produce exactly the behavior you describe, since page_close() saves all the authentication data into the current session. _________________________________ Nathaniel Price Webmaster <http://www.tesseract.net> ----- Original Message ----- From: "T. Riedel" <Te...@Te...> To: <php...@li...> Sent: Thursday, August 14, 2003 10:23 AM Subject: [Phplib-users] Reauthentication Woes [snip] > I go ahead and logon, and the secured page comes up as expected. > > If I call up any other secured page, $auth sends the browser back to > loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and > HTTP_POST_VARS[password] are getting wiped out. Of course that's not the > root of the problem, only "collateral damage". I'm guessing my UID is > getting clobbered somewhere. Why it's happening is beyond me and I could > really use some help here! > > ...now if I log on to this second call to loginform.ihtml, all is well! The > session works as expected, secured pages work as they should, my different > permission levels all work normally. > > Any suggestions and insight you'd like to share will be greatly appreciated! |
|
From: T. R. <Te...@Te...> - 2003-08-14 17:27:26
|
First let me say that I am very impressed with PHPLib! I've been beating my head against my desk and going through the documentation and sourceforge archives looking for some help. When I log out, and log back in, my authentication is only valid for that first page view - I'm prompted to reauthenticate on the second secured page view. From that point on, the application works normally. I'm sure that made little sense, so I'll try to be more explicit: My logout script calls $sess->delete(); $auth->logout(); and then redirects the user to the secured home page - which naturally fails. $auth->auth_loginform() gets called and validLoginForm.ihtml draws a login form. The target of the login form is $this->url(). If the user enters their username/password the secured home page displays. I go ahead and logon, and the secured page comes up as expected. If I call up any other secured page, $auth sends the browser back to loginform.ihtml! My logs show that somehow HTTP_POST_VARS[username] and HTTP_POST_VARS[password] are getting wiped out. Of course that's not the root of the problem, only "collateral damage". I'm guessing my UID is getting clobbered somewhere. Why it's happening is beyond me and I could really use some help here! ...now if I log on to this second call to loginform.ihtml, all is well! The session works as expected, secured pages work as they should, my different permission levels all work normally. Any suggestions and insight you'd like to share will be greatly appreciated! Terry R. |
|
From: Gaetano G. <giu...@se...> - 2003-07-31 14:06:17
|
Beside adding the DirectoryIndex directive, you should also verify that = PHP files are handled correctly by Apache. It seems like your webserver = is passing back the PHP files to the client without having them = interpreted by php. On windows you should do something like: LoadModule php4_module c:/php/sapi/php4apache2.dll AddModule mod_php4.c AddType application/x-httpd-php .php In linux it's almost the same, except for the module name. One more note: when accessing directories, always use the trailing = slash. Users usually don't do that, and it's the responsability of the = webmaster to configure Apache for working around this - there is a = directive for that, albeit I cannot rememebre it right now. Hope it helps, Gaetano P.S. This list is about phplib, not php + apache config problems... > -----Messaggio originale----- > Da: php...@li... > [mailto:php...@li...]Per conto di Angelo > Marcos Rigo > Inviato: gioved=EC 31 luglio 2003 15:50 > A: php...@li... > Oggetto: [Phplib-users] Basic newbye question (php3) >=20 >=20 >=20 > Hi=20 >=20 > I have mod_php 4.2.2 in apache 2.0 running in linux=20 > So i change the DirectoryIndex diretive in apache including=20 > index.php3=20 >=20 > but when i try to acces the page directory in my webserver=20 > this directory get listed=20 > when i clicl in any php3 file it open showing the code=20 >=20 > How can i fix it? >=20 > Thank=B4s in advance >=20 > =C2ngelo Marcos Rigo > Webmaster=20 > Col=E9gio Anchieta > Fone: (51) 3328.7455 Fax: (51) 3328.1120 > Visite nosso site: > http://www.colegioanchieta.g12.br >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet _072303_01/01 _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Angelo M. R. <an...@co...> - 2003-07-31 13:50:16
|
Hi=20 I have mod_php 4.2.2 in apache 2.0 running in linux=20 So i change the DirectoryIndex diretive in apache including index.php3=20 but when i try to acces the page directory in my webserver this = directory get listed=20 when i clicl in any php3 file it open showing the code=20 How can i fix it? Thank=B4s in advance =C2ngelo Marcos Rigo Webmaster=20 Col=E9gio Anchieta Fone: (51) 3328.7455 Fax: (51) 3328.1120 Visite nosso site: http://www.colegioanchieta.g12.br |
|
From: Virilo T. <vi...@su...> - 2003-07-27 15:46:14
|
Hi Darcy:
Thanks for help me.
I've readed your solution, I dont know if I have understand at all. =
Its possible that I use it when it renders to me (I feel that I'm near
to my own solution).
I could have the behavior that I was looking for asking if auth was=20
started where I used to ask if there was a registered user or was =
nobody.
And it could scape to the feared "loginform.ihtml" with the =
$_POST["email"]
check when a user can't login.
Then It's perfect for me!
I have some questions:
- I'm supossed to turn off $login_not_required when user login. =
Isn't true?
- Why are calling is_authenticated()? It's for the refresh time?
=20
Greetings,
Virilo Tejedor. Email: vi...@su...
----- Original Message -----=20
From: darcy w.christ=20
To: Virilo Tejedor=20
Cc: php...@li...=20
Sent: Saturday, July 26, 2003 10:37 PM
Subject: Re: [Phplib-users] phplib & portals: default authentication =
and login form
hi virilo,
i've done what you are asking about. here's my solution.
i set a variable $login_not_required =3D 1; on any page which does not =
need to be blocked. This way a user can be logged into a public page and =
i still have all their auth information. The code below need to be added =
to the page_open function in page.inc. look to replace the line with =
$auth->start(); You will also notice that i check for $_POST['email']. =
This is the name of my login field, which if i receive i go to the login =
system, which handles the login with the preauth function.
global $login_not_required;
if ( $login_not_required && !$_POST['email']) { // addition - dwc
$auth->is_authenticated();
} else {
$auth->start();
}
i'm in the process of changing the way i work with phplib right now. =
i've found a way to use phplib classes directly without the need for the =
page_open function. This enables the extending of the class without =
changing it in page.inc file, as i do above. Hopefully, it will make my =
life easier trying to do things like what i've described above.
hope this helps.
On Saturday, July 26, 2003, at 11:08 AM, Virilo Tejedor wrote:
Im interested in use phplib authentication in a different way,
i would like it seems like portals where you can enter without
login and you decide when do authentication (default auth).
But i would like too have a login form in every page, instead of a =
button
for login (using login_if) that interrupts your visit with a login =
form and
lets you continue the visit after login.
I have tryed to understand auth.inc, local.inc and page.inc. I have =
also
searched in 'older mailing list archive' posts. I cant search in =
present
mailing list because there isnt a search function (is there any =
way?).
Im doing some attempts, and i have found some good information in
older mailing list, but it worries me that i have loosed better =
information
in present mailing list.
For these reasons im interested in view (or recieve at =
vi...@su... )
some examples of portal aspect. Im interested too in register form =
examples.
Thanks in advance. Sorry for my english, my spanish is better.
Virilo Tejedor. Email: vi...@su...
=20
~darcy w. christ
1000camels
|
|
From: Virilo T. <vi...@su...> - 2003-07-27 11:08:05
|
I've readed README.md5_passwords where idicates a vulnerability:=20
"When you change your password, the MD5-hash
of your PW is transmitted down the wire. An enterprising cracker could
manage to fake a login form and supply the page with the MD5-hashed
password, which would then authenticate them. "
In the same way, i think that md5 crypt storage isnt a good system when
the user password is md5 crypted in client side. The cracker who has =
readed
database passwords has the same possibilites than with clearly text =
storage
without the necessity of "break" md5 hash. He only have to manage the =
fake=20
login form as in the readme example using directly pasword hash.
Im thinking in use two passwords for authentication. One using =
Challenge_Auth
with clear storage, and other using md5 storage but clear send in the =
form.
The second password will be crypted in server side before comparison.
Thus both attacks will be necessary: database read for the first =
password and=20
sniffering for the second.
Observe that sniffering the register form send or a password change will =
get
the first password (if we allow it) and a second sniffering during =
authentication
could get the second.
If its correct, i'll use it for admins authentication. I think its so =
hard for customers
whose usually one password is enough.
If somebody wants see the code, i could post it.
Readme file also say:
" If you need security you should consider running SSL or no webserver =
at all.
I looked into public-key encrypting the form response when changing
passwords..."
I'm interested in SSL authentication examples or pk encryption. Using =
phplib
or php only (i'm newbye at php too).
Thanks,
Virilo Tejedor. Email: vi...@su...
|
|
From: Virilo T. <vi...@su...> - 2003-07-27 10:12:38
|
I'm using default authentication included in phplib 7.2d, isn't it?
If there are more portal aspect features in 7.4pre2, perhaps i must
upgrade.
Thanks
Virilo Tejedor. Email: vi...@su...
----- Original Message -----
From: "Dr Tarique Sani" <ta...@sa...>
To: "Virilo Tejedor" <vi...@su...>
Cc: <php...@li...>
Sent: Sunday, July 27, 2003 3:49 AM
Subject: Re: [Phplib-users] phplib & portals: default authentication and
login form
> On Sat, 26 Jul 2003, Virilo Tejedor wrote:
>
> > Im interested in use phplib authentication in a different way,
> > i would like it seems like portals where you can enter without
> > login and you decide when do authentication (default auth).
>
> The current CVS snapshot of phpLib allows you to do what you want.
>
> Tarique
>
> --
> ===================================================================
> PHP Applications for E-Biz: http://www.sanisoft.com -o)
> /\\
> Indian PHP User Group: http://groups.yahoo.com/group/in-phpug _\_v
> ===================================================================
>
|
|
From: Dr T. S. <ta...@sa...> - 2003-07-27 02:28:16
|
On Sat, 26 Jul 2003, Virilo Tejedor wrote: > Im interested in use phplib authentication in a different way, > i would like it seems like portals where you can enter without > login and you decide when do authentication (default auth). The current CVS snapshot of phpLib allows you to do what you want. Tarique -- =================================================================== PHP Applications for E-Biz: http://www.sanisoft.com -o) /\\ Indian PHP User Group: http://groups.yahoo.com/group/in-phpug _\_v =================================================================== |
|
From: Virilo T. <vi...@su...> - 2003-07-26 20:07:58
|
I've found next post: http://marc.theaimsgroup.com/?l=3Dphplib&m=3D98656116102896&w=3D2 -------------------------------------------------------------------------= ------- Here's a bit of code that someone sent me. Works for me. Add this to your auth class in local.inc --------------------------------------------- function login_if($attempt) { global $sess, $username, $password; $challenge =3D md5(uniqid($this->magic)); $sess->register("challenge"); if ($attempt && ( "nobody" =3D=3D $this->auth["uid"])) { $uid =3D false; $uid =3D $this->auth_validatelogin(); } if($uid) { $this->auth["uid"] =3D $uid; $this->auth["uname"] =3D $username; } return $challenge; } ----------------------------------------------- The put this after page open ----------------------------------------------- $challenge =3D $auth->login_if($username); ----------------------------------------------- If the username/password is wrong check if username is set to = print the error. ie. if(isset($username)) { // wrong username/password message } HTH M@ -------------------------------------------------------------------------= ------- ... and it works! I've preferred put $uid =3D false; before if sentece. And i have = allow login as new user although was already logged as another user (different to nobody): $uid =3D false; if ($attempt) { $uid =3D $this->auth_validatelogin(); } ... and it works! =BFIs enough to re-login as other user? =BFIs this = correct? If its interesting for somebody (not for me, i hope) i was trying = the same, but i was attempting to simulate 'login in progress'... but it dont works! It works = irregularly only some times. It was the code: $challenge var was registered in main page. function login_if( $t ) { if ( $t ) { $this->unauth(); # We have to relogin, so clear current auth info $this->nobody =3D false; # We are forcing login, so default auth = is=20 # disabled // Indicamos que la informacion de login viene en el formulario $this->auth["uid"] =3D "form"; $this->auth["exp"] =3D 0x7fffffff; $this->auth["refresh"] =3D 0x7fffffff; $this->start(); # Call authentication code } } Thanks in advance: Virilo Tejedor. Email: vi...@su... |
|
From: Virilo T. <vi...@su...> - 2003-07-26 15:09:10
|
Im interested in use phplib authentication in a different way,
i would like it seems like portals where you can enter without=20
login and you decide when do authentication (default auth).
But i would like too have a login form in every page, instead of a =
button
for login (using login_if) that interrupts your visit with a login form =
and=20
lets you continue the visit after login.
I have tryed to understand auth.inc, local.inc and page.inc. I have =
also
searched in 'older mailing list archive' posts. I cant search in =
present=20
mailing list because there isnt a search function (is there any way?).
Im doing some attempts, and i have found some good information in
older mailing list, but it worries me that i have loosed better =
information
in present mailing list.
For these reasons im interested in view (or recieve at =
vi...@su... )
some examples of portal aspect. Im interested too in register form =
examples.
Thanks in advance. Sorry for my english, my spanish is better.
Virilo Tejedor. Email: vi...@su...
|
|
From: Nathaniel P. <np...@te...> - 2003-07-22 20:00:40
|
Hmmm... I don't personally use default authentication much in any of my apps, and haven't yet done anything with it that involves self-registration, but, as far as I can tell, 'reg' mode with default auth works just like 'log' mode with default auth. In other words, it shouldn't matter what mode you use with default auth, logging in should work just the same with either. As with 'log' mode, you will still need to make sure there is a link or something to allow the user to start the login/registration process when s/he is on a page with default auth, but that should work exactly the same in either case. You'll want to experiment with it to see what works, of course, but I don't see any reason why it shouldn't. Hope that helps... _________________________________ Nathaniel Price <np...@te...> Webmaster ----- Original Message ----- From: "Virilo Tejedor Aguilera" <vi...@su...> To: "Nathaniel Price" <np...@te...>; <php...@li...> Sent: Tuesday, July 22, 2003 11:46 AM Subject: Re: [Phplib-users] User Self-Registration > Thanks for your help. > I've already seem the scheme ( > http://www.drostan.org/Application/webdev/uod/auth_phplib.php ). It's so > explanatory. > > My problem is that im using default authentication -all users begin being > user: nobody- and I want allow users register/login when they prefer. In > this manner you can visit the page without login, and you arent forced to > register/login as first step. > > I've understood that I'm supposed to write a register form, and a register > script (that I would like to auto login user as the new identity -like > Daniel Cunningham example-) without the necessity to write doregister() > function. Perhaps I will have to do the same with login form. > > In other words, i haven't seen in the scheme the path using reg mode and > default authentication at the same time (there is no scheme for default > authentication). > > I think that this escapes to the normal way to use phplib authentication > with 'reg' mode. I would like to be mistaken! > > Thanks again. > > Virilo Tejedor. Email: vi...@su... > > > ----- Original Message ----- > From: "Nathaniel Price" <np...@te...> > To: "Virilo Tejedor" <vi...@su...>; > <php...@li...> > Sent: Tuesday, July 22, 2003 6:51 PM > Subject: Re: [Phplib-users] User Self-Registration > > > > > > ----- Original Message ----- > > From: "Virilo Tejedor" <vi...@su...> > > To: <php...@li...> > > Sent: Monday, July 21, 2003 2:41 PM > > Subject: [Phplib-users] User Self-Registration > > > > > > > Some years ago Daniel Cunningham wrote: > > > > > > (this is an extract from the original message: > > > http://marc.theaimsgroup.com/?l=phplib&m=94101973230198 ) > > > > > > > ... > > > > > > > > > > > I'd like for my users to be able to push a button and go to another > > > > form and setup a username/password for their account. In > > > > other words, self-registration, using a form, and overrides of the > > > > auth_registerform() and auth_doregister() methods. > > > > > > > There are great examples of the former ( auth_loginform() and > > > > auth_validatelogin() ) but not the latter ( auth_registerform() > > > > and auth_doregister() ). There are also examples for an admin > > > > type user to add user records, but that's not what we want. > > > > > > > We just want a form with straight-forward self-service > non-privileged > > > > "enter your own test username and password" , and once we've > > > > validated the username against other entries in the auth_users > table, > > > > we would setup a username/password and priv="user" entry. > > > > > > > And also hopefully synchronize this auth_user entry with the > > > > existing session ID so that the user is not forced to re-login via > > > > the auth_login() and auth_validatelogin() methods. > > > > > > Im interested in the same. Finally he ofers us his own implementation. > Has > > > anybody a better solution? anymore about it? > > > > > > > > > Thanks in advance. Sorry for my english, my spanish is better. > > > > > > Virilo Tejedor. Email: vi...@su... > > > > > > > If all you are doing is wanting to use the same form for both user login > and > > user registration, it should be fairly straightforward. In your Auth > > subclass, you would set the $mode to 'reg', setup auth_registerform() to > > display the registration form (if this is the same as the normal login > form, > > you could probably just have it in turn call auth_loginform() to display > > it), then you would set up auth_doregister() to first check to see if the > > login name and password provided are valid, and if they aren't, then go > > ahead and register the user in the system. > > > > The code might look something like this. > > > > ExampleAuth extends Auth { > > //...other settings variables go here > > var $mode = 'reg'; > > > > function auth_registerform() { > > //code to display the registration form goes here; usually you can > > just copy > > //and modify the code for auth_loginform() to suit your purposes. > > } > > > > function auth_doregister() > > //validate the login... you can probably use the existing > > //auth_validatelogin to do this > > if (!$uid = $this->auth_validatelogin()) { > > //A valid uid wasn't returned, so go ahead and register the > > user. > > //...registration code goes here; be sure to set the uid and > > perms for the new > > //user > > ... > > $uid = (something); > > $this->auth['perm'] = 'user'; > > } > > return $uid; //return the uid to PHPlib so that it recognizes the > > user as valid. > > } > > > > function auth_validatelogin() { > > //Code to login a user goes here > > return $uid; > > } > > > > ... > > } > > > > I have also found in working with the Auth class that this flow chart has > > helped me immensely: > > http://www.drostan.org/Application/webdev/uod/auth_phplib.php > > > > P.D. Si necesita algu'n explanacio'n en espan~ol, puedo intentar > clarificar > > lo que dije. Quizas tendre' que buscar mi diccionario. :) > > > > _________________________________ > > Nathaniel Price <np...@te...> > > Webmaster > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: VM Ware > > With VMware you can run multiple operating systems on a single machine. > > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > > _______________________________________________ > > Phplib-users mailing list > > Php...@li... > > https://lists.sourceforge.net/lists/listinfo/phplib-users > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > |
|
From: Virilo T. A. <vi...@su...> - 2003-07-22 18:47:34
|
Thanks for your help. I've already seem the scheme ( http://www.drostan.org/Application/webdev/uod/auth_phplib.php ). It's so explanatory. My problem is that im using default authentication -all users begin being user: nobody- and I want allow users register/login when they prefer. In this manner you can visit the page without login, and you arent forced to register/login as first step. I've understood that I'm supposed to write a register form, and a register script (that I would like to auto login user as the new identity -like Daniel Cunningham example-) without the necessity to write doregister() function. Perhaps I will have to do the same with login form. In other words, i haven't seen in the scheme the path using reg mode and default authentication at the same time (there is no scheme for default authentication). I think that this escapes to the normal way to use phplib authentication with 'reg' mode. I would like to be mistaken! Thanks again. Virilo Tejedor. Email: vi...@su... ----- Original Message ----- From: "Nathaniel Price" <np...@te...> To: "Virilo Tejedor" <vi...@su...>; <php...@li...> Sent: Tuesday, July 22, 2003 6:51 PM Subject: Re: [Phplib-users] User Self-Registration > > ----- Original Message ----- > From: "Virilo Tejedor" <vi...@su...> > To: <php...@li...> > Sent: Monday, July 21, 2003 2:41 PM > Subject: [Phplib-users] User Self-Registration > > > > Some years ago Daniel Cunningham wrote: > > > > (this is an extract from the original message: > > http://marc.theaimsgroup.com/?l=phplib&m=94101973230198 ) > > > > > ... > > > > > > > > I'd like for my users to be able to push a button and go to another > > > form and setup a username/password for their account. In > > > other words, self-registration, using a form, and overrides of the > > > auth_registerform() and auth_doregister() methods. > > > > > There are great examples of the former ( auth_loginform() and > > > auth_validatelogin() ) but not the latter ( auth_registerform() > > > and auth_doregister() ). There are also examples for an admin > > > type user to add user records, but that's not what we want. > > > > > We just want a form with straight-forward self-service non-privileged > > > "enter your own test username and password" , and once we've > > > validated the username against other entries in the auth_users table, > > > we would setup a username/password and priv="user" entry. > > > > > And also hopefully synchronize this auth_user entry with the > > > existing session ID so that the user is not forced to re-login via > > > the auth_login() and auth_validatelogin() methods. > > > > Im interested in the same. Finally he ofers us his own implementation. Has > > anybody a better solution? anymore about it? > > > > > > Thanks in advance. Sorry for my english, my spanish is better. > > > > Virilo Tejedor. Email: vi...@su... > > > > If all you are doing is wanting to use the same form for both user login and > user registration, it should be fairly straightforward. In your Auth > subclass, you would set the $mode to 'reg', setup auth_registerform() to > display the registration form (if this is the same as the normal login form, > you could probably just have it in turn call auth_loginform() to display > it), then you would set up auth_doregister() to first check to see if the > login name and password provided are valid, and if they aren't, then go > ahead and register the user in the system. > > The code might look something like this. > > ExampleAuth extends Auth { > //...other settings variables go here > var $mode = 'reg'; > > function auth_registerform() { > //code to display the registration form goes here; usually you can > just copy > //and modify the code for auth_loginform() to suit your purposes. > } > > function auth_doregister() > //validate the login... you can probably use the existing > //auth_validatelogin to do this > if (!$uid = $this->auth_validatelogin()) { > //A valid uid wasn't returned, so go ahead and register the > user. > //...registration code goes here; be sure to set the uid and > perms for the new > //user > ... > $uid = (something); > $this->auth['perm'] = 'user'; > } > return $uid; //return the uid to PHPlib so that it recognizes the > user as valid. > } > > function auth_validatelogin() { > //Code to login a user goes here > return $uid; > } > > ... > } > > I have also found in working with the Auth class that this flow chart has > helped me immensely: > http://www.drostan.org/Application/webdev/uod/auth_phplib.php > > P.D. Si necesita algu'n explanacio'n en espan~ol, puedo intentar clarificar > lo que dije. Quizas tendre' que buscar mi diccionario. :) > > _________________________________ > Nathaniel Price <np...@te...> > Webmaster > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the > same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Nathaniel P. <np...@te...> - 2003-07-22 16:46:22
|
----- Original Message ----- From: "Virilo Tejedor" <vi...@su...> To: <php...@li...> Sent: Monday, July 21, 2003 2:41 PM Subject: [Phplib-users] User Self-Registration > Some years ago Daniel Cunningham wrote: > > (this is an extract from the original message: > http://marc.theaimsgroup.com/?l=phplib&m=94101973230198 ) > > > ... > > > > > I'd like for my users to be able to push a button and go to another > > form and setup a username/password for their account. In > > other words, self-registration, using a form, and overrides of the > > auth_registerform() and auth_doregister() methods. > > > There are great examples of the former ( auth_loginform() and > > auth_validatelogin() ) but not the latter ( auth_registerform() > > and auth_doregister() ). There are also examples for an admin > > type user to add user records, but that's not what we want. > > > We just want a form with straight-forward self-service non-privileged > > "enter your own test username and password" , and once we've > > validated the username against other entries in the auth_users table, > > we would setup a username/password and priv="user" entry. > > > And also hopefully synchronize this auth_user entry with the > > existing session ID so that the user is not forced to re-login via > > the auth_login() and auth_validatelogin() methods. > > Im interested in the same. Finally he ofers us his own implementation. Has > anybody a better solution? anymore about it? > > > Thanks in advance. Sorry for my english, my spanish is better. > > Virilo Tejedor. Email: vi...@su... > If all you are doing is wanting to use the same form for both user login and user registration, it should be fairly straightforward. In your Auth subclass, you would set the $mode to 'reg', setup auth_registerform() to display the registration form (if this is the same as the normal login form, you could probably just have it in turn call auth_loginform() to display it), then you would set up auth_doregister() to first check to see if the login name and password provided are valid, and if they aren't, then go ahead and register the user in the system. The code might look something like this. ExampleAuth extends Auth { //...other settings variables go here var $mode = 'reg'; function auth_registerform() { //code to display the registration form goes here; usually you can just copy //and modify the code for auth_loginform() to suit your purposes. } function auth_doregister() //validate the login... you can probably use the existing //auth_validatelogin to do this if (!$uid = $this->auth_validatelogin()) { //A valid uid wasn't returned, so go ahead and register the user. //...registration code goes here; be sure to set the uid and perms for the new //user ... $uid = (something); $this->auth['perm'] = 'user'; } return $uid; //return the uid to PHPlib so that it recognizes the user as valid. } function auth_validatelogin() { //Code to login a user goes here return $uid; } ... } I have also found in working with the Auth class that this flow chart has helped me immensely: http://www.drostan.org/Application/webdev/uod/auth_phplib.php P.D. Si necesita algu'n explanacio'n en espan~ol, puedo intentar clarificar lo que dije. Quizas tendre' que buscar mi diccionario. :) _________________________________ Nathaniel Price <np...@te...> Webmaster |
|
From: Nathaniel P. <np...@te...> - 2003-07-22 16:21:44
|
Better solutions exist; see the user-contributed notes in the PHP manual: http://www.php.net/manual/en/language.types.array.php Of particular interest is this one by t dot kloppenburg at billiton dot de: [snip] >The solution? Use this: >document.forms.FormNameHere.elements["Settings[Name]"].value >"Settings[Name]" is looked up in the elements array, and is found... The elements array >is a hash, so strings can be used as keys! which avoids ambiguity as well as keeping your forms from breaking if you change them. There is also a note in there (somewhere) that says you can reference form elements by an id="{whatever}" attribute as well, which can be useful in some cases. _________________________________ Nathaniel Price <np...@te...> Webmaster ----- Original Message ----- From: "Ernest Beinrohr" <Er...@Be...> To: "phplib-users" <php...@li...> Sent: Tuesday, July 22, 2003 8:33 AM Subject: SOLVED: Re: [Phplib-users] When [] in OOHForm element, cannot use javascript > Well, I've found out, direct addressing of elements which contains '[' > in their names cannot be done in javascript. However, one can use > indirect addressing like document.form.elements[17], which isn't > bulletproof, but it works. > > have a nice day > |
|
From: Ernest B. <Er...@Be...> - 2003-07-22 15:33:39
|
Well, I've found out, direct addressing of elements which contains '['
in their names cannot be done in javascript. However, one can use
indirect addressing like document.form.elements[17], which isn't
bulletproof, but it works.
have a nice day
Peter Termaten wrote:
> Try this:
>
> $f->add_element(array("type"=>"checkbox",
> "name"=>"test",
> "multiple"=>1));
>
>
> The 'multiple' makes that 'name' can be accessed as an array. No need
> to use the brackets [].
>
> Peter
>
> A t 00:44 06-07-2003, Ernest Beinrohr wrote:
>
>> Hi, I am using ooh forms checkbox elements. It's a multiline
>> same-named checkbox. I had to use for it's name something like
>> "name"=>"test[]", so that PHP recognizes it as multiple value.
>>
>> But, I cannot access that element from javascript. Until now I used,
>> document.formname.element[i] , but I cannot do this with the
>> brackets in element name. Does anyone has a solution ?
>>
--
Ernest Beinrohr, OERNii
eAdmin @ axonpro.sk, http://www.axonpro.sk/
+421-2--6241-0360, +421-903--482-603
HomePage: http://www.OERNii.sk/ ICQ: 28153343
-----
Opportunity is missed by most people because it is
dressed in overalls and looks like work.
- Thomas Edison
|
|
From: Virilo T. <vi...@su...> - 2003-07-21 21:42:38
|
Some years ago Daniel Cunningham wrote: (this is an extract from the original message: http://marc.theaimsgroup.com/?l=phplib&m=94101973230198 ) > ... > > I'd like for my users to be able to push a button and go to another > form and setup a username/password for their account. In > other words, self-registration, using a form, and overrides of the > auth_registerform() and auth_doregister() methods. > There are great examples of the former ( auth_loginform() and > auth_validatelogin() ) but not the latter ( auth_registerform() > and auth_doregister() ). There are also examples for an admin > type user to add user records, but that's not what we want. > We just want a form with straight-forward self-service non-privileged > "enter your own test username and password" , and once we've > validated the username against other entries in the auth_users table, > we would setup a username/password and priv="user" entry. > And also hopefully synchronize this auth_user entry with the > existing session ID so that the user is not forced to re-login via > the auth_login() and auth_validatelogin() methods. Im interested in the same. Finally he ofers us his own implementation. Has anybody a better solution? anymore about it? Thanks in advance. Sorry for my english, my spanish is better. Virilo Tejedor. Email: vi...@su... (See original message in http://marc.theaimsgroup.com/?l=phplib&m=94116860709576 ) Hi All: Regarding the user self-registration, I am glad to see other developers were wondering the same. Before I received the example from Mr. Masserelli, I pushed through with my own code to get the same effect. But I am not confident that I worked entirely with the flow of how things are done in PHPLIB, so I am eager to review Mr. Masserelli's work. Here's how I (ahem) "solved" it for our particular application: (1) We already had routines to register information on "customers" (using a different table than the PHPLIB user object does). In one of these routines, I do the following: <?php require( "../include/nbdcPhpLib-7/php/prepend.php3" ); page_open( array( "sess" => "nbdcSession", "auth" => "nbdcAuth", "perm" => "nbdcPerm" ) ); ?> <?php // We do more stuff, and we include a file with this // code inside its "createInitialAccount(...) routine. ?> <?php // Inside the utilityTblCustomers.inc file, we call // this createInitialAccount(...) routine: function createInitialAccount( $strTestLID, // Login ID $strTestPWD, // Password $strTestReminder ) { global $bDebug; global $nbdcSession; global $sess; if ( $bDebug ) { print( "\n<BR>Entering createInitialAccount..." ); echo "\n<BR>nbdcSession=$nbdcSession"; echo "\n<BR>strTestLID=$strTestLID"; echo "\n<BR>strTestPWD=$strTestPWD"; echo "\n<BR>strTestReminder=$strTestReminder"; } // $u_id = md5( uniqid( $nbdcSession ) ); $u_id = $nbdcSession; // Assume the proposed op will fail! $bIsValid = FALSE; if ( testUniqueLID( $strTestLID, 0 ) == TRUE ) { // String-ify (and eliminate spurious quotes in) the SQL fields: $fieldUID = s( $u_id ); $fieldLID = s( $strTestLID ); $fieldPWD = s( $strTestPWD ); $fieldReminder = s( $strTestReminder ); $fieldPerm = s( "user" ); // Deal with the fact that we might be *modifying* // an account (especially if the user is clicking a // back button to perform a "re-do" on their info. if ( testUniqueUID( $nbdcSession, 0 ) == TRUE ) { // Setup the query: $strQuery = "INSERT INTO auth_user VALUES ( "; $strQuery .= " $fieldUID "; $strQuery .= ", $fieldLID "; $strQuery .= ", $fieldPWD "; $strQuery .= ", $fieldReminder "; $strQuery .= ", $fieldPerm "; $strQuery .= " )"; } else { $strQuery = "UPDATE auth_user SET "; $strQuery .= " password = $fieldPWD"; $strQuery .= ", reminder = $fieldReminder"; $strQuery .= " WHERE username = $fieldLID"; } // Prolog: Prepare for upcoming SQL calls!... openDBConnection(); // NB: Ensure closeDBConnection() gets called! // NB This is a local routine, *not* PHPLIB code! // Output a pre-query diagnostic Trace in HTML: if ( $bDebug ) { echo( "\n<P>Query = " ); echo( "\"$strQuery\"...<BR>" ); } // Run the freakin' query, already! $result = doQuery( $strQuery ); if ( $result ) { $bIsValid = TRUE; $nResultingCustID = a( mysql_insert_id() ); // Output a post-query diagnostic Trace in HTML: if ( $bDebug ) { printf( "\n<BR>...created Customer ID: %d", $nResultingCustID ); } // Make a new auth object so the newly // created username/password will NOT // be forced to re-login. Note that we're // we push the expiration time forward // by a minute to avoid being invalidated. // This whole section needs review to // make sure it's being done the "best" // way for working within PHPLIB!... global $auth; $auth = new nbdcAuth; $auth->auth["uname"] = $fieldLID; $auth->auth["uid"] = $fieldUID; $tsNewTime = time() + 600; $auth->auth["exp"] = $tsNewTime; $auth->auth["perm"] = "user"; $sess->register("auth"); } else { print "\n<BR>Could not initiate creation of customer account!"; } // Epilogue: Close the connection AFTER the table is displayed closeDBConnection(); // Equiv. to: mysql_close(); } // end of re-test for testUniqueLID(...) if ( $bDebug ) { print( "\n<BR>...Exiting createInitialAccount." ); } return $bIsValid; } // end of function createInitialAccount(...) ?> Also, more thought need to be given to users who "go back" in their page sequences to "correct" things. For example, at our site, we pre-validate the proposed login ID by checking it against existing usernames. Well, if the user decides to click back, then our local testUniqueLID(...) routine will fail. This is easily corrected with a parallel routine function createInitialAccount( $strTestLID, // Login ID $strTestPWD, // Password $strTestReminder ) that makes a call to test for the existing (hopefully) singleton Login ID, namely: if ( testUniqueUID( $nbdcSession, 1 ) == TRUE ) ...instead of: if ( testUniqueUID( $nbdcSession, 0 ) == TRUE ) Hopefully, we'll get to that soon. If anyone would like details, I could make it available within a few more days (as soon as the site I am working on this for is done with its "shake down" of the initial development phase)? But actually, I am hoping to re-do this in a more "elegant" manner, once I understand PHPLIB better (in other words, I feel like I brute-forced it instead of finessing it!). Thanks to everybody for the help they provided. My thoughts? PHPLIB is pretty damn "Kewel" (as we say out here on the west coast of California). Uhhhhh, that's a good thing! :-) -- Daniel Cunningham |
|
From: Daniel B. <bo...@io...> - 2003-07-18 23:28:15
|
I've gone through all the steps below and I've tracked down the problem = to IE 6 All other browsers are behaving as they should. cookies are being set as lifetime =3D 0 path =3D / domain =3D=20 secure =3D=20 Has anyone else run into this problem. thanks -----Original Message----- From: Nathaniel Price [mailto:np...@te...] Sent: Tuesday, July 15, 2003 12:04 PM To: Daniel Bondurant; php...@li... Subject: Re: [Phplib-users] killing sessions when closing browser ----- Original Message -----=20 From: "Daniel Bondurant" <bo...@io...> To: <Php...@li...> Sent: Monday, July 14, 2003 11:45 AM Subject: [Phplib-users] killing sessions when closing browser > After I upgraded to phplib 7.4-pre2, and can't seem to get sessions to = be destroyed when a browser is closed and then reopened. Before the user = would have to log in again, now they are still logged in. > > How do I force the login when the browser is closed and then = re-opened. > > I have Session set to: > $allowcache =3D no > $lifetime =3D 0 (for session cookies) Well, you can't really force an explicit logout when the browser is = closed (unless you resort to some somewhat unreliable Javascript trickery, as someone else already mentioned). However, using session cookies (as = opposed to persistent cookies) for the PHPlib session ID should, in effect, = cause a 'logout' of sorts (in reality what happens is that the old, = authenticated session is abandoned, and a new one is created when the browser opens). Your settings appear to be correct for the desired behavior, although = you might want to make sure that $mode is set to 'cookie' as well. You might also want to take a look at the cookie that PHPlib sets to make sure = that it is a 'session' cookie instead of a persistent cookie. If it's setting a persistant cookie, take a look through your subclass(es) of Session and = make sure that the instance variables are being set correctly (i.e. if you = set these settings in session.inc's Session, but use a different setting in = the subclass of Session in local.inc, the local.inc subclass would override = the settings in the session.inc class). Use the subclass in local.inc to set these settings whenever possible. If that's not the problem, make sure there aren't any problems in your 'auth' scheme. Pay special attention to your auth_validatelogin()/auth_doregister() and auth_preauth() methods in = your Auth subclass to make sure that there isn't something there that is = logging in your users some other way, which doesn't rely on PHPlib's sessions. Also, you'll want to make sure that if your app is using 'get' as the default mode, or for some reason $fallback_mode is being used instead of $mode, that the browser isn't automatically appending the session id to = the URL after the browser is closed. Normally, this shouldn't happen, = however it is possible that bookmarks/favorites with the session id in the url or a 'start browser on the last page I visited' setting could cause an old session to be used. Unfortunately there's not much you can do about this kind of problem (since you can't control whether a client bookmarks a = page or uses different settings), although to help alleviate it, you'll want = to set $gc_time to a relatively low value. This will garbage-collect old sessions automatically, and make it so that an old session cannot be ressurected if it is older than $gc_time minutes old. (at least that's = the way I understand it). If you're using 'cookie' mode (and it is working = as it should) this paragraph shouldn't apply to you. Check the docs here: http://www.sanisoft.com/phplib/manual/session.php Although it is not set up in the default install of PHPlib, if you have = a customized auto_init file for Session, you might want to look through = that to make sure that it doesn't reset the cookies or anything. As I said, = if you haven't mucked around with it, it shouldn't be a problem. For more = info see: http://www.sanisoft.com/phplib/manual/using_autoinit.php Also, poorly behaved web-proxies might cause the behavior you described. = If you use a web proxy, try disabling it (if you can) or talk to your = system administrator. Hope this helps... _________________________________ Nathaniel Price <np...@te...> Webmaster |
|
From: Richard A. <rh...@ju...> - 2003-07-16 23:16:54
|
At 15:02 -0700 16/7/03, Liberty Young wrote: >Why are you inputting primary keys? Few RDBMS don't have the option to >auto-increment your primary key field. I rarely find myself in a >situation where i'm inputing the value for a primary key field. Foreign >keys, yes, but never primary keys!!! If you're inserting a new record, >let your server do that for you. I _know_ MySQL will do that for you But MySQL doesn't make it very easy to work out what the ID of the just-inserted record was. And this mechanism varies from DB to DB. By using next_id() you know ahead of time what the ID is. I use next_id() quite often for this reason. ...R. |
|
From: Peter T. <pte...@te...> - 2003-07-16 22:51:45
|
There is similar functionality in MySQL.
The equivalent for the PostgreSQL /Oracle sequence is the AUTO_INCREMENT
column type. (Although the implementation works slightly different).
The LAST_INSERT_ID() function is tied to AUTO_INCREMENT and could be
helpful building a 'next sequence' mechanism with MySQL. Check the MySQL
docs for the specifics.
If your goal is building a database independent solution, I would opt for
the PHPLIB solution.
Peter
At 00:29 17-07-2003, Nathaniel Price wrote:
>----- Original Message -----
>From: "Liberty Young" <li...@em...>
>To: "Neha Mathur" <ne...@sp...>
>Cc: <php...@li...>
>Sent: Wednesday, July 16, 2003 3:02 PM
>Subject: Re: [Phplib-users] nextid - how does it work?
>
>
> > I can't answer your question..though i do have a few comments.
> >
> > Why are you inputting primary keys? Few RDBMS don't have the option to
> > auto-increment your primary key field. I rarely find myself in a
> > situation where i'm inputing the value for a primary key field. Foreign
> > keys, yes, but never primary keys!!! If you're inserting a new record,
> > let your server do that for you. I _know_ MySQL will do that for you
>
>There are some instances where it is useful or even necessary to know ahead
>of time what primary key will be assigned to a given record when it is
>inserted. This function provides one means of doing that.
>
>I don't know about MySQL, but in PostgreSQL you can use built-in sequences
>and find out the primary key that will be used by querying the database
>using "select nextval('sequence_name');", however, since this is not part of
>the SQL standard, it is likely not portable to other databases. This method
>would be portable across all the databases PHPlib supports. It also results
>in a bit cleaner code; using PostgreSQL, I have to do this to get a primary
>key from the database:
>
>$db->query("select nextval('sequence_name');");
>$db->next_record();
>$my_id = $db->f('nextval');
>
>whereas with PHPlib it would become:
>
>$my_id = $db->nextid('sequence_name');
>
>_________________________________
>Nathaniel Price <np...@te...>
>Webmaster
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: VM Ware
>With VMware you can run multiple operating systems on a single machine.
>WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
>same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
----------
TERIS Information Services BV
Peter Termaten Phone: +31 23 565 2682
Aagje Dekenstraat 43 Fax: +31 23 565 2676
2135 RJ Hoofddorp Mobile: +31 653 65 8686
www.teris.nl
----------
|
|
From: Layne W. <la...@dr...> - 2003-07-16 22:48:39
|
> There are some instances where it is useful or even necessary to know > ahead > of time what primary key will be assigned to a given record when it is > inserted. This function provides one means of doing that. Here are some other uses for nextid() from personal experience: 1. Reference IDs based on date in the format YYYYMMxxxx (where xxxx provides for enough IDs). At the beginning of each month I can set my counter to e.g. 2003070000 and increment from there, skipping unused 200306xxxx IDs. 2. Non-primary keys. For instance, the primary key for an employee table is the SSN, but if I also want to know that I was the first employee, Fred was the second employee, etc. I need to keep another counter. 3. Force Unique IDs. MySQL's auto-increment feature creates an ID one greater than the largest ID currently in the table. If I create a new record and then delete it before another record is created, MySQL will reuse the ID. Occasionally I will duplicate table structures in two databases (one for editing, one for holding currently published data). MySQL's behavior eliminates any chance of data integrity when publishing newly edited data. I'm sure there are more reasons out there... Layne Weathers |
|
From: Nathaniel P. <np...@te...> - 2003-07-16 22:24:53
|
----- Original Message -----
From: "Liberty Young" <li...@em...>
To: "Neha Mathur" <ne...@sp...>
Cc: <php...@li...>
Sent: Wednesday, July 16, 2003 3:02 PM
Subject: Re: [Phplib-users] nextid - how does it work?
> I can't answer your question..though i do have a few comments.
>
> Why are you inputting primary keys? Few RDBMS don't have the option to
> auto-increment your primary key field. I rarely find myself in a
> situation where i'm inputing the value for a primary key field. Foreign
> keys, yes, but never primary keys!!! If you're inserting a new record,
> let your server do that for you. I _know_ MySQL will do that for you
There are some instances where it is useful or even necessary to know ahead
of time what primary key will be assigned to a given record when it is
inserted. This function provides one means of doing that.
I don't know about MySQL, but in PostgreSQL you can use built-in sequences
and find out the primary key that will be used by querying the database
using "select nextval('sequence_name');", however, since this is not part of
the SQL standard, it is likely not portable to other databases. This method
would be portable across all the databases PHPlib supports. It also results
in a bit cleaner code; using PostgreSQL, I have to do this to get a primary
key from the database:
$db->query("select nextval('sequence_name');");
$db->next_record();
$my_id = $db->f('nextval');
whereas with PHPlib it would become:
$my_id = $db->nextid('sequence_name');
_________________________________
Nathaniel Price <np...@te...>
Webmaster
|
|
From: Nathaniel P. <np...@te...> - 2003-07-16 22:13:47
|
----- Original Message -----
From: "Neha Mathur" <ne...@sp...>
To: <php...@li...>
Sent: Wednesday, July 16, 2003 2:20 PM
Subject: [Phplib-users] nextid - how does it work?
> Hello,
>
> I'm trying to use nextid but even after reading the documentation notes on
> it, I'm still quite confused on how to use it.
>
> I have a db_sql instanced and I need to find out the next primary key in
> sequence in a table in my database so I can insert a row with this data as
> such -
>
> $db = new DB_SQL_SubClass(connection params);
> $nextIDinSeq = nextid("???"); \\ i have no clue what goes within the
parens
> there
>
> $insertQuery = "insert into xyztable ('Next in Sequence') values
> ($nextIDinSeq)";
> $db->query($insertQuery);
> etc etc...
Hmm, interesting question... I admit that in my apps, I just use the
sequence system provided by the database (PostgreSQL, in my case), so I
don't know much about it either...
Looking at the code for db_pgsql.inc and db_mysql.inc it looks like this is
what it does:
There is a table defined by the class variable $Seq_Table in DB_Sql, which
is by default set to use a table named 'db_sequence'. From what I can tell
from the code, it looks like this table would have a schema that looks like
this:
db_sequence
-------------
seq_name (varchar, primary key)
nextid (int)
Note that this table isn't set up with the SQL scripts included with the
PHPlib distribution. You'll have to set it up yourself. Once it's set up,
however, you should be able to do something like this in your code:
$db = new DB_Sql_subclass
$my_id = $db->nextid('unique_seq_name');
$db->query("insert into my_table values ($my_id, $my_data);");
$my_2nd_id = $db->nextid('unique_seq_name');
$db->query("insert into my_table values ($my_2nd_id, $more_data);");
...
Obviously, you can adapt it for loops or whatever to be more efficient, but
hey, I'm just demoing it here.
What will happen is the first time $db->nextid('unique_seq_name') is called,
PHPlib will check to see if a sequence by the name of 'unique_seq_name'
exists in the db_sequence table. If there isn't one, it will insert a record
into the db_sequence table to keep track of the id number, then return 1 as
its first id number. On subsequent calls, it will find the sequence name,
lock the table to prevent concurrent accesses which could corrupt your
sequences, increment the sequence by one, update it back to the database
with the incremented value, unlock the table, then return the incremented
value back to your script.
It seems to be a nice solution for developing cross-platform scripts that
don't depend on a specific database for sequences, but it lacks some of the
sequence manipulation functionality that is present in PostgreSQL, for
example; although I imagine that one could add back some of that
functionality by extending the class with additional methods. Or even
convert it to be an abstraction layer over DB-specific sequences.
Anyway, hope this helps.
_________________________________
Nathaniel Price <np...@te...>
Webmaster
|
17 messages has been excluded from this view by a project administrator.
