phplib-users Mailing List for PHPLIB (Page 59)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Layne W. <la...@if...> - 2002-06-06 15:18:21
|
> The perm->check feature I have to fix, to return true/false instead of > showing perminvalid (which was absurd anyway, you'd want a > login/register form instead) You don't have to 'fix' anything. That's exactly what $perm->have_perm() does. $perm->check() is a shortcut to test and then show perminvalid if have_perm() failed. No, it isn't absurd. The login/register form should be there if no valid $auth is in place. The perminvalid makes perfect sense if the user is already logged in and does not have permission to access the page. I assume that each user has only one user account, so showing them a login/register form is a waste of time. It sounds like you need to tweak your perminvalid(). If there is a valid auth, then show them perminvalid, otherwise show them the login form. Layne Weathers Ifworld Inc. |
|
From: Giancarlo P. <gia...@na...> - 2002-06-06 14:49:55
|
Michele Marcucci wrote:
>
> With this patch all works fine, i finally reach my scope, i can include
> now a loginform anywhere i want in my index page and it doesn't seem a
> stand-alone page, like it was before.
> I'm not sure if this patch is foundamental for the scope but now works,
> so many thanks Giancarlo and a question:
> Can i have problem now with the rest of "standard" phplib function and
> features?
>
The perm->check feature I have to fix, to return true/false instead of
showing perminvalid (which was absurd anyway, you'd want a
login/register form instead)
In the end you will not do
$perm->check()
but, same as for auth,
if(!$perm->check())
{
$auth->auth_loginform(); # or $perm->perminvalid, if you prefer
}
But I'ven't tried that yet.
If you already are logged with 'user' permissions, and submit a login
for an 'admin', will it work?
I've to try.
The rest should work, but I exhort you to try it very very well before.
Also I haven't tried it with the latest phplib-stable from cvs, which I
myself recently commited.
The two shouldn't interfere, 'cause the patch I applied to cvs is
related to session.
But better try it. And thanks for the feedback
Giancarlo
|
|
From: Michele M. <mic...@es...> - 2002-06-06 14:18:57
|
With this patch all works fine, i finally reach my scope, i can include now a loginform anywhere i want in my index page and it doesn't seem a stand-alone page, like it was before. I'm not sure if this patch is foundamental for the scope but now works, so many thanks Giancarlo and a question: Can i have problem now with the rest of "standard" phplib function and features? Have a nice day Michele Marcucci Giancarlo Pinerolo wrote: >Michele Marcucci wrote: > > >>Hi there, >>i'm looking for a method to put everywhere the loginform (like many >>site, like phpnuke for example) so i get this patch >>( >>https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613 >>) >>but i dont understand how it works, please can you help me? >> >> >> > >That is something supposed to be tried throughout first. > >You must understand that, if phplib is doing less, being less invadent, >there's something more you have to do. > >Phplib used to occupy a full page with its login/register forms, and >exit. >You don't want that, you don't want even to show the login form on top >of the page, when the auth class is started. >You simply want to set a switch, that you can use right on top of your >script, or in a fancy login box right down at the end. > >So I attach you 2 examples: >index.php3 is a modified 'simple page from the examples. >showoff.php3 is a modified authenticated page. It can have or not have >the user and perm classes > >correct the include prepend.php3 there. > >index is accessible to all users, but logged in ones will not see the >login form >showoff is only for registered users. > >Then you have to make a little change to new.page.inc. I coded it to >mantain the same behavior of before: show a full blown login/register >page, and exit. >The one I send you should instead only set a global switch $needform, >that you'd use later. >the auth.inc in the patch is OK. >In fact I realize that auth[uid] nobody has no more sense once you can >intercept the behaviour of auth itself. > >I will be back soon to this, if there's any interest. > >Giancarlo > >------------- showoff (protected page) -------------- ><?php > include("new.prepend.php3"); > include($_PHPLIB["libdir"] . "table.inc"); > > page_open(array("sess" => "Example_Session", > "auth" => "Example_Auth")); ## use this for no user >storage > >### use this if you want user storage too >/******+ > page_open(array("sess" => "Example_Session", > "auth" => "Example_Auth", > "perm" => "Example_Perm", > "user" => "Example_User")); >*///// >if ($needform) > { > $auth->auth_loginform(); > page_close(); ## You may want > exit; ## to exit here > } > >/* > // page access requires that the user is authenticated and has "admin" >permission >if (!$perm->check("admin")) ## you need to modify perm->check to return > ## true/false instead of >'perminvalid_page_and_exit > { > $auth->auth_loginform(); > exit; > } >*/ > > $sess->register("s"); > >?> > <a href="<?php $sess->purl("logout.php3") ?>">Logout</a> and delete >your authentication information.<br> > ><?php > // Demonstration of per session data: We are incrementing a scalar, >$s. > printf("<h1>Per Session Data: %s</h1>\n", ++$s); > // Show how to access the session and the user id. > printf("Your session id is %s<br>\n", $sess->id); >// printf("Your user id is %s<br>\n", $user->id); >// printf("This should be the same as %s<br>\n", $auth->auth["uid"]); > printf("You have the permissions %s<br>\n", $auth->auth["perm"]); >?> ><?php page_close() ?> >---------------------------- > >----- index page ------------ > ><?php > > include("new.prepend.php3"); > ># sess for session variables >// page_open(array("sess" => "Example_Session")); > page_open(array("sess" => "Example_Session", "auth" => >"Example_Auth")); > ># s is a per session variable, u is a per user variable. > if (!isset($s)) { $s=0; }; > $sess->register("s"); > > echo "<center><h1>some previous page content</h1></center>"; >echo "session ID ".$sess->id."<p>"; >echo "user ID ".$auth->auth['uid']."<p>"; >echo "user NAME ".$auth->auth['uname']."<p>"; > >if ($needform) > { > $auth->auth_loginform(); >// page_close(); ## You may want >// exit; ## to exit here > } > > // Demonstration of per session data: We are incrementing a scalar, >$s. > printf("<h1>Per Session Data: %s</h1>\n", ++$s); > // Save data back to database. > page_close() > ?> ><!-- $Id: index.php3,v 1.1.1.1 2000/04/17 16:40:06 kk Exp $ --> > >-------------- >-------- page.inc -------------- > ><?php >/* > * Session Management for PHP3 > * > * Copyright (c) 1998-2000 NetUSE AG > * Boris Erdmann, Kristian Koehntopp > * > * $Id: page.inc,v 1.4 2002/03/18 18:07:02 layne_weathers Exp $ > * > */ > >$needform=false; ### the switch > >function page_open($feature) { > global $_PHPLIB,$HTTP_GET_VARS; > > # enable sess and all dependent features. > if (isset($feature["sess"])) { > global $sess; > $sess = new $feature["sess"]; > $sess->start(); > > # the auth feature depends on sess > if (isset($feature["auth"])) { > global $auth; > > if (!is_object($auth)) { > $auth = new $feature["auth"]; > } > > if (!$auth->start()) > { > page_showform(); >// $sess->freeze(); ## here I don't exit >// exit; > } > > > # the perm feature depends on auth and sess > if (isset($feature["perm"])) { > global $perm; > > if (!is_object($perm)) { > $perm = new $feature["perm"]; > } > } > > # the user feature depends on auth and sess > if (isset($feature["user"])) { > global $user; > > if (!is_object($user)) { > $user = new $feature["user"]; > } > $user->start($auth->auth["uid"]); > } > } > > ## Load the auto_init-File, if one is specified. > if (($sess->auto_init != "") && !$sess->in) { > $sess->in = 1; > include($_PHPLIB["libdir"] . $sess->auto_init); > if ($sess->secure_auto_init != "") { > $sess->freeze(); > } > } > } >} > >function page_close() { > global $sess, $user; > > if (is_object($sess)) { > $sess->freeze(); > if (is_object($user)) { > $user->freeze(); > } > } >} > >function sess_load($session) { > reset($session); > while (list($k,$v) = each($session)) { > $GLOBALS[$k] = new $v; > $GLOBALS[$k]->start(); > } >} > >function sess_save($session) { > reset($session); > while (list(,$v) = each($session)) { > $GLOBALS[$v]->freeze(); > } >} >function page_showform() { > global $auth,$HTTP_GET_VARS; > $mode=$HTTP_GET_VARS['mode']; >global $needform; >$needform=true; ### here I don't show a form, but only set the switch > >/* > if ($mode=="reg") > {$auth->auth_registerform();} > else > {$auth->auth_loginform();} >*/ >} > >?> > > >_______________________________________________________________ > >Don't miss the 2002 Sprint PCS Application Developer's Conference >August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > >_______________________________________________ >Phplib-users mailing list >Php...@li... >https://lists.sourceforge.net/lists/listinfo/phplib-users > > -- ------------------------------------------------------- Michele Marcucci ESTREMI srl Advanced IT Consultant Via Emilia 310 mic...@es... 40026 Imola (BO) Phone +39 0542 615 888 nic-hdl: MM901-ITNIC Fax +39 0542 615 895 ------------------------------------------------------- |
|
From: Giancarlo P. <gia...@na...> - 2002-06-06 13:35:08
|
Michele Marcucci wrote: > > Hi there, > i'm looking for a method to put everywhere the loginform (like many > site, like phpnuke for example) so i get this patch > ( > https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613 > ) > but i dont understand how it works, please can you help me? > That is something supposed to be tried throughout first. You must understand that, if phplib is doing less, being less invadent, there's something more you have to do. Phplib used to occupy a full page with its login/register forms, and exit. You don't want that, you don't want even to show the login form on top of the page, when the auth class is started. You simply want to set a switch, that you can use right on top of your script, or in a fancy login box right down at the end. So I attach you 2 examples: index.php3 is a modified 'simple page from the examples. showoff.php3 is a modified authenticated page. It can have or not have the user and perm classes correct the include prepend.php3 there. index is accessible to all users, but logged in ones will not see the login form showoff is only for registered users. Then you have to make a little change to new.page.inc. I coded it to mantain the same behavior of before: show a full blown login/register page, and exit. The one I send you should instead only set a global switch $needform, that you'd use later. the auth.inc in the patch is OK. In fact I realize that auth[uid] nobody has no more sense once you can intercept the behaviour of auth itself. I will be back soon to this, if there's any interest. Giancarlo ------------- showoff (protected page) -------------- <?php include("new.prepend.php3"); include($_PHPLIB["libdir"] . "table.inc"); page_open(array("sess" => "Example_Session", "auth" => "Example_Auth")); ## use this for no user storage ### use this if you want user storage too /******+ page_open(array("sess" => "Example_Session", "auth" => "Example_Auth", "perm" => "Example_Perm", "user" => "Example_User")); *///// if ($needform) { $auth->auth_loginform(); page_close(); ## You may want exit; ## to exit here } /* // page access requires that the user is authenticated and has "admin" permission if (!$perm->check("admin")) ## you need to modify perm->check to return ## true/false instead of 'perminvalid_page_and_exit { $auth->auth_loginform(); exit; } */ $sess->register("s"); ?> <a href="<?php $sess->purl("logout.php3") ?>">Logout</a> and delete your authentication information.<br> <?php // Demonstration of per session data: We are incrementing a scalar, $s. printf("<h1>Per Session Data: %s</h1>\n", ++$s); // Show how to access the session and the user id. printf("Your session id is %s<br>\n", $sess->id); // printf("Your user id is %s<br>\n", $user->id); // printf("This should be the same as %s<br>\n", $auth->auth["uid"]); printf("You have the permissions %s<br>\n", $auth->auth["perm"]); ?> <?php page_close() ?> ---------------------------- ----- index page ------------ <?php include("new.prepend.php3"); # sess for session variables // page_open(array("sess" => "Example_Session")); page_open(array("sess" => "Example_Session", "auth" => "Example_Auth")); # s is a per session variable, u is a per user variable. if (!isset($s)) { $s=0; }; $sess->register("s"); echo "<center><h1>some previous page content</h1></center>"; echo "session ID ".$sess->id."<p>"; echo "user ID ".$auth->auth['uid']."<p>"; echo "user NAME ".$auth->auth['uname']."<p>"; if ($needform) { $auth->auth_loginform(); // page_close(); ## You may want // exit; ## to exit here } // Demonstration of per session data: We are incrementing a scalar, $s. printf("<h1>Per Session Data: %s</h1>\n", ++$s); // Save data back to database. page_close() ?> <!-- $Id: index.php3,v 1.1.1.1 2000/04/17 16:40:06 kk Exp $ --> -------------- -------- page.inc -------------- <?php /* * Session Management for PHP3 * * Copyright (c) 1998-2000 NetUSE AG * Boris Erdmann, Kristian Koehntopp * * $Id: page.inc,v 1.4 2002/03/18 18:07:02 layne_weathers Exp $ * */ $needform=false; ### the switch function page_open($feature) { global $_PHPLIB,$HTTP_GET_VARS; # enable sess and all dependent features. if (isset($feature["sess"])) { global $sess; $sess = new $feature["sess"]; $sess->start(); # the auth feature depends on sess if (isset($feature["auth"])) { global $auth; if (!is_object($auth)) { $auth = new $feature["auth"]; } if (!$auth->start()) { page_showform(); // $sess->freeze(); ## here I don't exit // exit; } # the perm feature depends on auth and sess if (isset($feature["perm"])) { global $perm; if (!is_object($perm)) { $perm = new $feature["perm"]; } } # the user feature depends on auth and sess if (isset($feature["user"])) { global $user; if (!is_object($user)) { $user = new $feature["user"]; } $user->start($auth->auth["uid"]); } } ## Load the auto_init-File, if one is specified. if (($sess->auto_init != "") && !$sess->in) { $sess->in = 1; include($_PHPLIB["libdir"] . $sess->auto_init); if ($sess->secure_auto_init != "") { $sess->freeze(); } } } } function page_close() { global $sess, $user; if (is_object($sess)) { $sess->freeze(); if (is_object($user)) { $user->freeze(); } } } function sess_load($session) { reset($session); while (list($k,$v) = each($session)) { $GLOBALS[$k] = new $v; $GLOBALS[$k]->start(); } } function sess_save($session) { reset($session); while (list(,$v) = each($session)) { $GLOBALS[$v]->freeze(); } } function page_showform() { global $auth,$HTTP_GET_VARS; $mode=$HTTP_GET_VARS['mode']; global $needform; $needform=true; ### here I don't show a form, but only set the switch /* if ($mode=="reg") {$auth->auth_registerform();} else {$auth->auth_loginform();} */ } ?> |
|
From: Michael K. <ko...@ib...> - 2002-06-06 13:27:42
|
Hello
Have install PhpLib and set all optiona as described in manual.
Have load test.php3 from my brovswer and it prints php settings.
Have load index.php3. No errors. Per session data increments when I reload page.
I can monitor active_sessions DB
-------
....
Per Session Data: 13
Per Session Data is referenced by session id. The session id is propagated using either a
cookie stored in the users browser or as a GET style parameter
appended to the current URL.
Per Session Data is available only on pages using the feature "sess" in their page_open()
call.
-------
Have load showoff.php3. Entering username: kris, password: test.
Getting error page...
-------
Server error!
Error message:
handler "httpd/unix-directory" not found for: /home/kochini/public_html/phptest/
-------
Any suggestions, please.
Thank you
--
Michael Kochiashvili
http://www.iberiapac.ge/~kochini/
|
|
From: Giancarlo P. <gia...@na...> - 2002-06-06 13:03:50
|
I realize that the index.php3, as it contains valid html, may not show correctly in the mailer. Try to look at the message source sorry. Gian |
|
From: Joe S. <jo...@be...> - 2002-06-06 12:18:51
|
On Thu, Jun 06, 2002 at 11:23:39AM +0200, Michele Marcucci wrote: > Hi there, > i'm looking for a method to put everywhere the loginform (like many > site, like phpnuke for example) so i get this patch > (https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613) > but i dont understand how it works, please can you help me? > > -- > Another method that works without patching phplib is like this: if(isset($HTTP_POST_VARS['username'])) { // this would be present if a login is in progress $auth->auth["uid"]= "form"; // this is what auth seems to want $auth->start(); } $auth->login_if(!$perm->have_perm('user')); Here is the original post: http://marc.theaimsgroup.com/?l=phplib&m=99114081209404&w=2 Here is a simple example: http://www.phpslash.org/index.php3?section_id=11 have fun, Joe > > Michele Marcucci > |
|
From: Michele M. <mic...@es...> - 2002-06-06 09:23:52
|
Hi there, i'm looking for a method to put everywhere the loginform (like many site, like phpnuke for example) so i get this patch (https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613) but i dont understand how it works, please can you help me? -- Michele Marcucci |
|
From: Marko K. <Mar...@mc...> - 2002-06-06 07:36:58
|
Hi, > unset one at a time? you so crazy! why? what's so crazy about me? Marko |
|
From: Giancarlo P. <gia...@na...> - 2002-06-05 08:44:22
|
I'd add to what I wrote: > The tests I am doing are with cookies cleaned and enabled, and SID > provided in URL. > > php 4.06 gets the SID from the URL, but leaves a cookie and keeps on > relying on that keep on in cookie mode, different from phplib > > php 4.2.1 gets the sid from the URL, leaves no cookie and keeps relying > on the SID in url. switches to 'get' mode, as phplib did Gian |
|
From: Giancarlo P. <gia...@na...> - 2002-06-05 08:35:33
|
Maxim Derkachev wrote: > > Hello Giancarlo, > > Wednesday, June 05, 2002, 12:08:44 AM, you wrote: > GP> if cookies are disabled, and there's no session in the URL, it seems > GP> PHP4 session will not generate a new session and append anything to the > GP> hyperlinks or the URL, both with trans_sid enabled or disabled. That's a > GP> way different from phplib behavior. > GP> In practice, with php4 session, there's no fallback_mode. Get > GP> mode(session.use_cookies=0 and cookies disabled) only works if the user > GP> provides session in the url (which is bad!), otherwise there's no > GP> generation of sid whithout cookies. Am I right? > > I suppose you're wrong. If the PHP4 session is started and trans-sid is active, > SID is automatically appended to the urls. In Session4, when trans-sid > is disabled, url() and purl() are used to append SID. By the way, SID > is only defined when there's no cookie yet. > If there's no session cookie (named by session_name() or session.name parameter > in php.ini), but there is a get variable with the same name as the > session name, PHP assumes that cookies are disabled, quit setting > cookies and rely on GET. The tests I am doing are with cookies cleaned and enabled, and SID provided in URL. php 4.06 gets the SID from the URL, but leaves a cookie and keeps on relying on that php 4.2.1 gets the sid from the URL, leaves no cookie and keeps relying on the SID in url. This beahviour is the same with either trans_sid 0 or 1. The php.ini are the same for both. I am not checking the url rewriting at the moment, too many tests (but on one occcasion I saw double SID in URL, can't tell you more, sorry), I am testing just the mode behaviour. > If PHP see a cookie with the session's name, > it does not define SID and rely on cookies. > This is just the same thing as fallback mode in PHPlib, but > implemented without url(), purl() and the first redirect. > You are right. Excuse me, but I am running quite a lot of parallel tests, with both php 4.06 and 4.2.1, and many variations of the php.ini settings and phplib settings. Apart from the absence in the location URL of the SID, that only affects reload button, everything is as phplib was. Giancarlo |
|
From: Marko K. <Mar...@mc...> - 2002-06-05 08:26:19
|
Hi Daniel, > I had the same problem when I upgraded to 4.1. I see. > $foo is an array > unset($foo) does not work same symptom. > $foo = array() does work. Oh gosh, life can be so easy. I actually tried the same, but BEFORE this array() assignment I did a unset($foo), where $foo was a variable defined as global inside that function. That obviously caused that the variable disappeared in global namespace and was just locally created with array(). So eventually I came to this solution: for($j=0;$j<count($ExpNames);$j++) unset($ExpNames[$j],$ExpNr[j]); unsetting each element of the array. It works! But of course your solution is so much nicer. ;) Thanks for the hint! Marko |
|
From: <so...@gm...> - 2002-06-05 07:42:50
|
hi,
can i do this in one command?
if ($perm->have_perm("user") || $perm->have_perm("admin"))
thx
MAREK.
|
|
From: Giancarlo P. <gia...@na...> - 2002-06-05 01:40:17
|
Well, given that I took that peep of session.inc out of my shoe, now I'd like to go back to the auth problem, which was at the origin of all of this. There are a few 'user addressed' problems and a more 'designer addressed' one with the auth->start method as it is today. *First the user-addressed problems with auth. 1) auth[uid]='form' The way auth was designed, it uses the auth[uid] variable to keep the uid after a successful login, OR, before a user is logged, other values that can be 'form', 'nobody', and I think 'deleted' too. 'form' has been obviously added first in the code, and later someone thought to add 'nobody' as well. The purpose of this flag is to set an overall status for your session, that says 'this guy is being shown a login/reg form, and we all have to wait until he completes that'. That's the reason why you have to have a cancel_login button, and can't simply go back. Your auth class is blocked. That's the reason why is so complicated to show a login box everywhere. But what about nobody? What about if I want to go back to a page that has the default_user auth class, or open it in another browser window? No way. Because once auth[uid] is 'form', it cannot be nobody unless you do some tricks in the code. So the form status blocks all pages that have default auth too. But then, if I want to show 'a login box in every page', as usual, what should I do? I have to set auth[uid]=form, but also it has to be 'nobody'... problem. Even supposed I don't use default_auth (nobody), I have to set auth[uid]=form before any form input is accepted for login. So if I want to show a login box everywhere, auth[uid] is always 'form'. Better initialize it to 'form' from the beginning, 'nobody' problem apart (joke). But what's the use of the auth[uid]=='form' status flag? Be assured that input is coming after a form has been shown somewhere? Do those who adopt their auth_preauth function (which doesn't need that 'form' value) adopt a similar approach? I don't think so. Most probably they check for a determinate form field (can be operation=login/register), which surely doesn't assure that a form has been shown, but is ok. Now that I (hope) have introduced a patch that prevents obtaining 'any' user provided session, a check for a session while receiving the form fields does exactly the same job as the auth[uid]=form value: prevent that someone can register with a single http post (maybe done by a batch script), without having really entered the site. By eliminating the auth[uid]=form status we solve many problems: the clash with nobody, the need of a cancel_login action, the mess that the start method in auth has become, the handling of the interaction with the client from deep inside such a complicate function, the problem of showing a login form by yourself, not commanded by auth. If you want that status flag, it can be moved outside of method auth->start, and I think the best place, being it a 'page handling problem', in page.inc. You may never know, one day you have clients that interact differently than a web page (xml, SOAP, whatever), and you want to use you auth service without entering in it to modify just the interaction with the client. 2) mode = log/reg This is similarly handled into method start of auth. And is now deeply interlaced with the form/nobody cases. Read the actual code! Is a mess, and a repetition of equal statements. But why do we want the log/reg mode to be hardcoded in the class? This prevents from showing what form, login/register, we really need at any moment, and obliges to stick or mess with that auth->mode value from our scripts. Isn't this something we want to 'move out' of that method start? Isn't this all related to 'interaction with the client' too? Cannot we be free to decide case by case what form to show? What not just use a get value to show the form we want? It all becomes more easy, clear, and gives more freedom. *Design-addressed problems with auth. So now look at the method start of auth, take away all the mess generated by the interlace of these two variables, and we can get a quite clean method, that we can at least understand. In the end is nothing complicate. And a method we can reuse for different ways of interacting with clients, as I said, because the interaction has been moved out of the core method start, whose behavior should resemble that of a service, that replies yes/no, logged_in_this_is_your_id/not_logged_in. Think it as a three tier app. This is the inner tier, the outer tier (interaction with the client) is moved out of the core method. And maybe one day you can reuse it for a real three-tier architecture. The same logic I'd apply to the perm class, where the 'Permission denied' page should be handled out of the class, but that's a breeze in comparison with auth. Did I convince you? If you are interested, please, please take a look at the patch I published on the auth->start rationalization, try it, and tell me something Thanks Gian |
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 19:12:13
|
Maxim Derkachev wrote: > > If fallback mode is defined and trans_id_enabled is set to false, the > session will be propagated using url() and purl() - they will add > SID if no session cookies are installed. The only thing that is > missing is the first redirect which is used in session3 to determine > if the session cookies are used. Well, I spoke too early in saying it's OK. if cookies are disabled, and there's no session in the URL, it seems PHP4 session will not generate a new session and append anything to the hyperlinks or the URL, both with trans_sid enabled or disabled. That's a way different from phplib behavior. In practice, with php4 session, there's no fallback_mode. Get mode(session.use_cookies=0 and cookies disabled) only works if the user provides session in the url (which is bad!), otherwise there's no generation of sid whithout cookies. Am I right? am actually trying various setups and php versions, so I might be makin some confusion around. > The reason it is missing coming from my opinion that this redirect is not > needed at all - if the cookies are used, SID will disappear from urls Well, phplib does the same when mode and fallback are both 'cookie'. It's actually fallback_mode (or mode) 'get' that imposes to have he session it the url as well > > BTW, there are some more serious incompatibilities. Look in README for > them. I know, but now I am focusing on this cookie/get problem. Thanks, Maxim Gian |
|
From: Daniel B. <bo...@io...> - 2002-06-04 16:55:04
|
I had the same problem when I upgraded to 4.1. unset was working on the page, but was not being saved if the var was registered as a session variable. I ended up having to assign the var to null to get it to work. $foo is an array unset($foo) does not work $foo = array() does work. On Tue, 2002-06-04 at 03:53, Marko Kaening wrote: > Hi, > > I found solutions myself. It's eventually not related to phplib, rather to > PHP itself. > > > unset($ExpNames[],$ExpNr[]); > > php 4.2.1 doesn't like (in contradiction to 4.0.4) such an unset() > command. If I skip the [] brackets it doesn't throw an error message > anymore. But unfortunately the assignments down the snipout to these 2 > arrays do not work as expected anyway... Well, have to investigate that. > > Another thing was that I had somewhere in my code a typo. One ";" at a > line end was followed by a ":"! The funny thing was that php 4.2.1 didn't > give me an error message in the browser. nothing, just blank screen and > stopped processing the php script. I was totally irritated. Only when I > reinstalled 4.0.4 I saw an error message pointing me to the type. Strange, > isn't it? > > Hope I didn't bother somebody. > > Marko > > > _______________________________________________________________ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 14:55:39
|
Maxim Derkachev wrote: > > Hello Giancarlo, > > Tuesday, June 04, 2002, 6:07:26 PM, you wrote: > > GP> But PHP4 session doesn't handle that. If there's no cookie nor > GP> session-URL, simply session is started but not propagated. > GP> So in practice there no fallback possibility with session4. > GP> Am I right? > GP> I am wondering if the initial Header:302 trick can be performed with > GP> session4, to accomplish that compatibility. > > If fallback mode is defined and trans_id_enabled is set to false, the > session will be propagated using url() and purl() - they will add > SID if no session cookies are installed. The only thing that is > missing is the first redirect which is used in session3 to determine > if the session cookies are used. > The reason it is missing coming from my opinion that this redirect is not > needed at all - if the cookies are used, SID will disappear from urls > automatically after the second click, but we'll save a reload. If > there is no cookies, url() and purl() will do the job. Of course, we'll > have SID in links at the first click, but it's only aesthetics. Moreover, > this behavior (the first redirect) is not supported by native PHP4 session > module, and even if we try to be compatible with the good old PHPlib, we > can not ignore changes. I guess the better way is to use the standard > trans-sid feature. Yes, in practice it doesn't work only if you do a realod. It works with whatever link you click. Sorry, but I got stuck looping in the example page, and normally use to hit reload to see the counter increase... The link on top is OK. Gian |
|
From: Maxim D. <max...@bo...> - 2002-06-04 14:41:47
|
Hello Giancarlo, Tuesday, June 04, 2002, 6:07:26 PM, you wrote: GP> But PHP4 session doesn't handle that. If there's no cookie nor GP> session-URL, simply session is started but not propagated. GP> So in practice there no fallback possibility with session4. GP> Am I right? GP> I am wondering if the initial Header:302 trick can be performed with GP> session4, to accomplish that compatibility. If fallback mode is defined and trans_id_enabled is set to false, the session will be propagated using url() and purl() - they will add SID if no session cookies are installed. The only thing that is missing is the first redirect which is used in session3 to determine if the session cookies are used. The reason it is missing coming from my opinion that this redirect is not needed at all - if the cookies are used, SID will disappear from urls automatically after the second click, but we'll save a reload. If there is no cookies, url() and purl() will do the job. Of course, we'll have SID in links at the first click, but it's only aesthetics. Moreover, this behavior (the first redirect) is not supported by native PHP4 session module, and even if we try to be compatible with the good old PHPlib, we can not ignore changes. I guess the better way is to use the standard trans-sid feature. Nevertheless, it is only my opinion, and such a thing can be easily implemented to accomplish the compatibility. BTW, there are some more serious incompatibilities. Look in README for them. -- Best regards, Maxim Derkachev mailto:max...@bo... IT manager, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru |
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 14:40:11
|
I am also noticing a difference in behaviour betwee PHP4 and phplib (as it was before my recent patch), in this case: Cookies enabled, phplib has mode=cookie, fallback_get open the URL http://whatever/index.php3?Example_Session=ciao -PHPLIB4 (and PHP4 btw): accepts the sid value 'ciao', lets a cookie by that value and creates relative session 'ciao', URL is ignored from this moment on. -PHPLIB (before my patch): supposes cookies are disbled, leaves no cookie, creates session 'ciao', goes on in get mode from this moment on. -PHPLIB now (with default block_alien_sid=true in session.inc): ignores URL, and session name, leaves his own cookie and uses that sid to create the session, goes on in cookie mode from now on Giancarlo Giancarlo Pinerolo wrote: > > Hi. > This question is in particular for Maxim's session4 implementation. > > I've noticed a slight difference between the behavior of stable phplib > and session4 phplib. In fact the real difference is between php4 session > and the way phplib handled that. > > In phplib, when mode is cookie and fallback is get, if there's no cookie > nor session in the URL, we are left a cookie and immediately redirected > (Header 302) to a URL with the session in it. That's why phplib needs > the session in the URL the very first visit. > But PHP4 session doesn't handle that. If there's no cookie nor > session-URL, simply session is started but not propagated. > So in practice there no fallback possibility with session4. > Am I right? > I am wondering if the initial Header:302 trick can be performed with > session4, to accomplish that compatibility. > > Giancarlo > |
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 14:40:10
|
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 13:10:55
|
Hi. This question is in particular for Maxim's session4 implementation. I've noticed a slight difference between the behavior of stable phplib and session4 phplib. In fact the real difference is between php4 session and the way phplib handled that. In phplib, when mode is cookie and fallback is get, if there's no cookie nor session in the URL, we are left a cookie and immediately redirected (Header 302) to a URL with the session in it. That's why phplib needs the session in the URL the very first visit. But PHP4 session doesn't handle that. If there's no cookie nor session-URL, simply session is started but not propagated. So in practice there no fallback possibility with session4. Am I right? I am wondering if the initial Header:302 trick can be performed with session4, to accomplish that compatibility. Giancarlo |
|
From: Marko K. <Mar...@mc...> - 2002-06-04 12:38:49
|
> the URL is http://www.geocrawler.com/lists/3/SourceForge/14730/0/ , it > shows " I checked this link a couple of times, after the list on marc (or however it was called those times) wasn't updated anymore, but it was exactly the same result. The geocrawler seems not to be maintained at all! Unfortunately I also don't know where you can find the actual archive of the phplib discussion list. It's quite odd that they point us to a certain archive, but it's not valid at all. Marko |
|
From: <pet...@ph...> - 2002-06-04 11:03:26
|
hi, chris, the URL is http://www.geocrawler.com/lists/3/SourceForge/14730/0/ , it shows " No Results Found in This Month " after I load the URL. actually this comes from the Phplib-user info page(https://lists.sourceforge.net/lists/listinfo/phplib-users), there is an archive link. best regards, Hu, Yayin (Peter) ============================================================ Web Developer der Philips Semiconductors GmbH Stresemannallee 101 D-22529 Hamburg, Germany Tel: +49-40-5613-1659 Fax: +49-40-5613-1766 e-mail: pet...@ph... "Chris Johnson" <ch...@ch... To: Peter Hu/HBG/SC/PHILIPS@EMEA1 m> <php...@li...> cc: 06/04/2002 12:02 Subject: Re: [Phplib-users] achive link AM Please respond Classification: to "Chris Johnson" If I'm trying the same link you are, it works for me OK. Can you give us the URL you are trying? Thanks. ..chris ----- Original Message ----- From: <pet...@ph...> To: <php...@li...> Sent: Monday, June 03, 2002 9:45 AM Subject: [Phplib-users] achive link I am wondering why I cannot go through the Phplib-users Archive link on the Phplib-users info page. Anybody has idea? cheers, Hu, Yayin (Peter) ============================================================ Web Developer der Philips Semiconductors GmbH Stresemannallee 101 D-22529 Hamburg, Germany Tel: +49-40-5613-1659 Fax: +49-40-5613-1766 e-mail: pet...@ph... |
|
From: Marko K. <Mar...@mc...> - 2002-06-04 10:53:33
|
Hi, I found solutions myself. It's eventually not related to phplib, rather to PHP itself. > unset($ExpNames[],$ExpNr[]); php 4.2.1 doesn't like (in contradiction to 4.0.4) such an unset() command. If I skip the [] brackets it doesn't throw an error message anymore. But unfortunately the assignments down the snipout to these 2 arrays do not work as expected anyway... Well, have to investigate that. Another thing was that I had somewhere in my code a typo. One ";" at a line end was followed by a ":"! The funny thing was that php 4.2.1 didn't give me an error message in the browser. nothing, just blank screen and stopped processing the php script. I was totally irritated. Only when I reinstalled 4.0.4 I saw an error message pointing me to the type. Strange, isn't it? Hope I didn't bother somebody. Marko |
|
From: Marko K. <Mar...@mc...> - 2002-06-04 08:02:26
|
Hello Maxim, > Yes, I use the class in production. The changes above could be easily > applied, but they'll break functionality under PHP pre-4.1 ($_SESSION > and direct assignment to register session vars was introduced in 4.1). I see. > I suppose, Session4 should be subclassed to change its behavior > reflecting PHP version information, overriding register() and friends. Given the speed of development in PHP I think soon one wouldn't need to support versions below 4.1, but I think that will take anyway still a few months... I am working myself with 4.0.4/4.0.6 and still struggle to go to 4.2.1. > Unfortunately, I have not much time now to apply and properly test the > changes, so I don't promise the changes to be fast. I understand. It's the same for me. > I suppose, the custom storage would be a bit slower (it depends on the > DB speed at most). But you've the advantage to store information in a more reliable data format than in php's temporary session files, I guess. OK, thanks for your response Maxim. Poka, Marko |
17 messages has been excluded from this view by a project administrator.
