MO: [Phplib-users] three tier auth made possible

[Giancarlo <giancarlo@na...>]

Il 00:12, venerd=EC 1 novembre 2002, Giancarlo ha scritto:

> How do you accomplish that if not by decoupling the registration proces=
s
                                                      ^^^^^^^^^^^^
                                                      authentication

> from the actual interaction with the client, included keeping the state
> propagation?
>
> So you see that  you can only accomplish this by keeping the authentica=
tion
> functions callable separately (not a cascade), unrelated to the input
> provided (abstract), not even related with any interaction with the cli=
ent
> (no splash forms) etc. Auth becomes a service.
> Page.inc at this point (because it happens *before*calling the auth
> methods)can be a local interface that interacts with the local client, =
or a
> wire interface that handles thos XML/SOAP/.NET remota calls.
>


Gian

[Phplib-users] three tier auth made possible

[Giancarlo <giancarlo@na...>]

Now I go with my examples (and needs).
Suppose I want Site A to release authentication based on being registered to 
Site B. All users registered at Site B are automatically authenticated for 
Site A too.
The auth resides on Site B. Site B has an XMLRPC or SOAP or .NET xml 
interface that accepts  authentication info in the form of XML data, it has a 
services that, upon receiving XML credentials, replies with som XML data 
containing a kind of session token. Or, as an alternative, the XML 
credentials containing the login info are always passed back and forth with 
each request
It can also receive some XML data to accomplish a registration.

How could accomplish this using the existing phplib auth feature?
I think by decoupling the testing of the user-provided input from the action 
itself. 
Site A gets the input via a form. Then SiteA calls the authentication service 
on SiteB and passes to it the values and a precisse request: authenticate 
this guy, or register this guy.
SiteB replies with some token that Site A will keep in the session, and 
always will pass this over to  SiteB when requesting his features for the guy.

So Site A propagates the session, but Site B does the authentication.
Site B knows nothing of the input fields that are used in Site A pages. It 
only performs certain action upon receiving certain fields accompaigned with 
a certain request. Still the same authentication service of Site B should be 
used for visitors of his own site.

Other examples, always in the same modulation:

-All users that register at Site A will get automatically registersed also at 
Site B.
-Users registered at Site A will then pull down some personalized content 
from their user profile at Site B

How do you accomplish that if not by decoupling the registration process from 
the actual interaction with the client, included keeping the state 
propagation?

So you see that  you can only accomplish this by keeping the authentication 
functions callable separately (not a cascade), unrelated to the input 
provided (abstract), not even related with any interaction with the client 
(no splash forms) etc. Auth becomes a service. 
Page.inc at this point (because it happens *before*calling the auth 
methods)can be a local interface that interacts with the local client, or a 
wire interface that handles thos XML/SOAP/.NET remota calls.


 

MO: MO: [Phplib-users] auth url question

[Giancarlo <giancarlo@na...>]

> I can think more,
>
>  ## no cascade
>    if((!$auth->start('authenticate'))
>      {
>      if( ($whatever_trigger == 'login' && !$auth->start('login'))
>
>          ||($whatever_trigger == 'register')&& (!$auth->start('register'))
>
>          {
>          page_showform();
>          }
>      }
>


The point is also that we should still be able of calling auth->start() the 
usual way, without any parameter, and be compatible with existing sites.

Gian

MO: [Phplib-users] auth url question

[Giancarlo <giancarlo@na...>]

> > Single, two-phase, and approval based registration
>
> as you said, could easliy be added like this, in page inc
>

### this mimics the auth->auth[uid]=='form' blocking login state
 if($sess_login_in_progress) 
     {
     if(!$auth->start('login') 
        {
        page_showform();
        }
     else
        {
        unset ($sess_login_in_progress);
        }
     }




>
> ## this mimics the actual behavior
>   if( ! $auth->start('authenticate') && (!$auth->start('login'))
>     $auth->start('register')

actually, the latter should be so:

 ## this mimics the actual behavior: cascade
   if((!$auth->start('authenticate')) 
     && (!$auth->start('login'))
     && (!$auth->start('register')) {
      page_showform();
   }

I can think more, 

 ## no cascade 
   if((!$auth->start('authenticate'))
     { 
     if( ($whatever_trigger == 'login' && !$auth->start('login'))
         ||($whatever_trigger == 'register')&& (!$auth->start('register')) 
         {
         page_showform();
         }
     }         
     

What do you mean by 'two phase' and 'approval based' registration? What 
should be the steps?


Gian



> By having these three functionalities at hand, *separately, we can combine
> them to get the  behaviors we want *out of, and apart from, the start
> method*
>
> Gian

Re: [Phplib-users] auth url question

[Giancarlo <giancarlo@na...>]

Il 22:17, gioved=EC 31 ottobre 2002, Rob Hutton ha scritto:
> Why do all three need to be run, the example that I sent handles all th=
ree,
> but it does so in a structured fashion.  The only one that gets run is =
what
> is asked for.  And that is the whole point.  Auth should try only what =
it
> is inetentionally told to try.  Not try everything until something work=
s...

Then I prefer to call exactly what I want auth->start to do.

So, eg (quick code), in page.inc:

  if($whatever_we_want =3D=3D "auth")
   $auth->start('authenticate')
  elsif ($whatever_we_want =3D=3D "login")
   $auth->start('login')
  elsif ($whatever_we_want =3D=3D "register")
   $auth->start('register')

That gives a lot more possibilities, because is done before and instead o=
f=20
calling the whole auth->start, and doesn't rely on any cascade logic, nor=
=20
defers the trigger testing, to auth->start. I want to decide what auth=20
function to call  case by case.
With thsi structure it it more feasable to pilot the behaviour of auth, e=
g=20

> Single, two-phase, and approval based registration=20

as you said, could easliy be added like this, in page inc

### this mimics the auth->auth[uid]=3D=3D'form' blocking login state
if($sess_login_in_progress) {=20
    if(!$auth->start('login') {
       page_showform();
    }
}

## this mimics the actual behavior
  if( ! $auth->start('authenticate') && (!$auth->start('login'))
    $auth->start('register')

etc.

By having these three functionalities at hand, *separately, we can combin=
e=20
them to get the  behaviors we want *out of, and apart from, the start met=
hod*

Gian





>
> > -----Original Message-----
> > From: Giancarlo [mailto:giancarlo@...]
> > Sent: Thursday, October 31, 2002 4:08 PM
> > To: rob.hutton@...
> > Cc: Phplib-Users
> > Subject: Re: [Phplib-users] auth url question
> >
> > Il 15:23, gioved=EC 31 ottobre 2002, Rob Hutton ha scritto:
> > > The more I think about this, the less I agree, because I think that
> > > auth logic was/is flawed.  But attached is a version that I think
> >
> > will drop in.
> >
> > > IMHO, auth should have a definite structure.  It should not be
> > > something where this and that gets tried until something happens to
> > > work.
> >
> >  And in the
> >
> > > case of registration, you could type an existing user name and
> >
> > password and
> >
> > > get in.  And that is not acceptable on a site that deals with
> >
> > credit cards,
> >
> > > or business presentation, or a lot of things.
> >
> > auth_validatelogin and auth_doregister are in userland local.inc.
> > A register
> > form and a auth_doregister function is not even provided as an exampl=
e.
> > Add an input field to the register form, eg
> > <input name=3Daction value=3Dregister> and test it in auth_doregister=
=2E
> > Same for validating the login, add
> > <input name=3Dactio value=3Dlogin> in the loginform and test it in
> > auth_validatelogin.
> >
> > Otherwise we cannot simply call auth->start and pretend it will do, b=
y
> > itself, any/everything needed. We'll need to call the three main star=
t
> > functions separately, as auth->start(authenticate), auth->start(login=
),
> > auth->start(register). And this is definetely what I'd prefer.
> >
> > G

RE: [Phplib-users] auth url question

[Rob Hutton <rob.hutton@ws...>]

> >
>
> I perfectly agree with this you said.
> The least we get HTTP_GET/POST_VARS hardcoded in the main start()
> function,
> the better it is for people to extend phplib to their needs.
> I myself like to have the possibility, from my proper version of page.inc
> (this means BEFORE invoking auth->start) to invoke separately,
> depending on
> my needs, any and each of the 3 main function start does:
> authenticate/login/register
>
But the URL is not hardcoded into anything!  It is a variable, and with the
duplicated functionality of login_if, then it can be called at start or
afterwards.  My concern is not how it is called, it is that start as it is
in the snapshot is unstructured.  It just calls stuff until something
happens.  And that is not good.

Re: [Phplib-users] auth url question

[Giancarlo <giancarlo@na...>]

Il 15:53, gioved=EC 31 ottobre 2002, Matt Williams ha scritto:
> On Thursday 31 October 2002 14:23, Rob Hutton wrote:
> > The more I think about this, the less I agree, because I think that a=
uth
> > logic was/is flawed.  But attached is a version that I think will dro=
p
> > in.
>
> hi all
>
> I've missed most of this thread so forgive me if I've missed something =
or
> am heading off in the wrong direction.
>
> From what I gather a summary of this thread is about using mode=3Dreg o=
r
> something similar in the url to invoke registration, is this correct?
>
> From my point of the view this would be a waste of time. Each applicati=
on
>  that I use phplib on invariably has different requirements for
> registration. For me it is easier to keep registration to it's own page
> where I can control error checking on the form fields, add/remove field=
s as
> I wish without having to worry about anything in phplib that might get
>  broken/compromised in the process.
>

I perfectly agree with this you said.=20
The least we get HTTP_GET/POST_VARS hardcoded in the main start() functio=
n,=20
the better it is for people to extend phplib to their needs.
I myself like to have the possibility, from my proper version of page.inc=
=20
(this means BEFORE invoking auth->start) to invoke separately, depending =
on=20
my needs, any and each of the 3 main function start does:=20
authenticate/login/register

Gian

RE: [Phplib-users] auth url question

[Rob Hutton <rob.hutton@ws...>]

Why do all three need to be run, the example that I sent handles all three,
but it does so in a structured fashion.  The only one that gets run is what
is asked for.  And that is the whole point.  Auth should try only what it is
inetentionally told to try.  Not try everything until something works...

> -----Original Message-----
> From: Giancarlo [mailto:giancarlo@...]
> Sent: Thursday, October 31, 2002 4:08 PM
> To: rob.hutton@...
> Cc: Phplib-Users
> Subject: Re: [Phplib-users] auth url question
>
>
> Il 15:23, giovedì 31 ottobre 2002, Rob Hutton ha scritto:
> > The more I think about this, the less I agree, because I think that auth
> > logic was/is flawed.  But attached is a version that I think
> will drop in.
> >
> > IMHO, auth should have a definite structure.  It should not be something
> > where this and that gets tried until something happens to work.
>  And in the
> > case of registration, you could type an existing user name and
> password and
> > get in.  And that is not acceptable on a site that deals with
> credit cards,
> > or business presentation, or a lot of things.
>
> auth_validatelogin and auth_doregister are in userland local.inc.
> A register
> form and a auth_doregister function is not even provided as an example.
> Add an input field to the register form, eg
> <input name=action value=register> and test it in auth_doregister.
> Same for validating the login, add
> <input name=actio value=login> in the loginform and test it in
> auth_validatelogin.
>
> Otherwise we cannot simply call auth->start and pretend it will do, by
> itself, any/everything needed. We'll need to call the three main start
> functions separately, as auth->start(authenticate), auth->start(login),
> auth->start(register). And this is definetely what I'd prefer.
>
> G
>
>

Re: [Phplib-users] auth url question

[Giancarlo <giancarlo@na...>]

Il 15:23, gioved=EC 31 ottobre 2002, Rob Hutton ha scritto:
> The more I think about this, the less I agree, because I think that aut=
h
> logic was/is flawed.  But attached is a version that I think will drop =
in.
>
> IMHO, auth should have a definite structure.  It should not be somethin=
g
> where this and that gets tried until something happens to work.  And in=
 the
> case of registration, you could type an existing user name and password=
 and
> get in.  And that is not acceptable on a site that deals with credit ca=
rds,
> or business presentation, or a lot of things.=20

auth_validatelogin and auth_doregister are in userland local.inc. A regis=
ter=20
form and a auth_doregister function is not even provided as an example.=20
Add an input field to the register form, eg=20
<input name=3Daction value=3Dregister> and test it in auth_doregister.
Same for validating the login, add=20
<input name=3Dactio value=3Dlogin> in the loginform and test it in=20
auth_validatelogin.

Otherwise we cannot simply call auth->start and pretend it will do, by=20
itself, any/everything needed. We'll need to call the three main start=20
functions separately, as auth->start(authenticate), auth->start(login),=20
auth->start(register). And this is definetely what I'd prefer.

G
=20

RE: [Phplib-users] Regex and Templates

[Rob Hutton <rob.hutton@ws...>]

I figured as much, I just wanted to make sure I wasn't missing something.  I
added a [:punct:] tp the two pregs in template->finish() to exclude anything
with punctuation in it.

> -----Original Message-----
> From: phplib-users-admin@...
> [mailto:phplib-users-admin@...]On Behalf Of Björn
> Schotte
> Sent: Thursday, October 31, 2002 2:43 PM
> To: Phplib-Users
> Subject: Re: [Phplib-users] Regex and Templates
>
>
> * Rob Hutton wrote:
> > The regex {6,32} expression to match 6 to 32 times gets eaten by the
> > templates when remove_unknowns is on.
>
> That's because it preg_replace()s all between { and }.
> Solution: set remove_unknowns to off, this should be
> sufficient (and, if there are any keywords that won't
> get replaced, manually set_var() them with "KEYWORD" => ""
> in order to remove it).
>
> Same for stylesheets you have in your template (of
> course one should define them via <link rel ...>
> so that browsers can cache them).
>
> HTH, Björn.
> --
> 35 Kundenportale mit mehreren tausend Nutzern erstellen.
> Bei geringen Kosten und einer großen Anzahl an Modulen
> (DMS, CMS, CRM, Community-Funktionen). Wie das geht?
> => http://testthesystem.com/     *      team@...
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
> _______________________________________________
> Phplib-users mailing list
> Phplib-users@...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>

RE: [Phplib-users] Patch to page.inc

[Rob Hutton <rob.hutton@ws...>]

Yes, because repeated calls to login without cleaning up from the previous
ones leaves you with a url like
 http://www.url.com?test=one&&&&&&&&; which is ugly and I would bet would cause
problems with some browser out there...

> -----Original Message-----
> From: phplib-users-admin@...
> [mailto:phplib-users-admin@...]On Behalf Of Giancarlo
> Sent: Thursday, October 31, 2002 3:54 PM
> To: Marko Kaening; phplib-users list
> Subject: Re: [Phplib-users] Patch to page.inc
>
>
> Il 10:33, giovedì 31 ottobre 2002, Marko Kaening ha scritto:
> > Hi, the following removes even doubled ampersands following the
> parameter
> > test and wipes it and its value away, leaving the rest of the string
>
> Are we going to correct wrong urls too?
> If we get an url with double ampersands, it is a wrong one, and
> we'll leave
> the double ampersands.
>
> Gian
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
> _______________________________________________
> Phplib-users mailing list
> Phplib-users@...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>
>

Re: [Phplib-users] Patch to page.inc

[Giancarlo <giancarlo@na...>]

Il 10:33, gioved=EC 31 ottobre 2002, Marko Kaening ha scritto:
> Hi, the following removes even doubled ampersands following the paramet=
er
> test and wipes it and its value away, leaving the rest of the string

Are we going to correct wrong urls too?
If we get an url with double ampersands, it is a wrong one, and we'll lea=
ve=20
the double ampersands.

Gian

[Phplib-users] Fwd: login_if ereg_replace improved

[Giancarlo <giancarlo@na...>]

For me this worked perfectly, with a single ereg_replace.



  function login_if( $trig ) { ### you can use auth->login_if("log") or "reg"
     if ( (bool) ($trig) ) {
        global $sess, $HTTP_SERVER_VARS;
       // Remove the "again=yes" from QUERY_STRING. This is required
       // because the login form will be submitted to the URL of this
       // page. This URL is constructed from $PHP_SELF and $QUERY_STRING.
       // So, we need to remove this parameter from QUERY_STRING or else
       // after the user submits a username and password, we will unauth
       // them before they even get logged in!
echo "BEFORE ". $HTTP_SERVER_VARS["QUERY_STRING"] ."<br>";

        $HTTP_SERVER_VARS["QUERY_STRING"] = ereg_replace(
         "(^|&)".$this->urlaction."=([[:alpha:]]*)(&|$)",
         "\\1", $HTTP_SERVER_VARS["QUERY_STRING"]);


echo "AFTER ". $HTTP_SERVER_VARS["QUERY_STRING"] ."<br>";


        if ( "$trig" == "logout" ) {

            ...
-------------------------------------

-------------------------------------------------------

RE: [Phplib-users] Invalid Regex

[Rob Hutton <rob.hutton@ws...>]

This is the regex being generated:

  var reg = new RegExp("^[A-Za-z0-9]+$", "gi");

and it fails everything...

> -----Original Message-----
> From: Matt Williams [mailto:lists@...]
> Sent: Thursday, October 31, 2002 2:39 PM
> To: rob.hutton@...; Phplib-Users
> Subject: Re: [Phplib-users] Invalid Regex
> 
> 
> On Thursday 31 October 2002 19:00, Rob Hutton wrote:
> 
> > This will match 123$abc.  It should fail if there are any other 
> characters
> > besides alphanumeric.
> 
> I just tried 
> -----------------
> $string = '123$abc';
> if(!eregi("^[a-z0-9]+$",$string))
>   echo 'no good';
> else 
>   echo 'you rock';
> -----------------
> and it outputs
> -----------------
> X-Powered-By: PHP/4.2.1 
> Content-type: text/html 
>  
> no good
> ----------------
> removing the $ outputs as valid
> unless oohforms is doing something different to it
> sorry I missed the + off before
> 
> 

Re: [Phplib-users] Regex and Templates

[Schotte <bjoern@ba...>]

* Rob Hutton wrote:
> The regex {6,32} expression to match 6 to 32 times gets eaten by the
> templates when remove_unknowns is on.

That's because it preg_replace()s all between { and }.
Solution: set remove_unknowns to off, this should be
sufficient (and, if there are any keywords that won't
get replaced, manually set_var() them with "KEYWORD" => ""
in order to remove it).

Same for stylesheets you have in your template (of
course one should define them via <link rel ...>
so that browsers can cache them).

HTH, Björn.
-- 
35 Kundenportale mit mehreren tausend Nutzern erstellen.
Bei geringen Kosten und einer großen Anzahl an Modulen
(DMS, CMS, CRM, Community-Funktionen). Wie das geht?
=> http://testthesystem.com/     *      team@...

Re: [Phplib-users] Invalid Regex

[Matt Williams <lists@ye...>]

On Thursday 31 October 2002 19:00, Rob Hutton wrote:

> This will match 123$abc.  It should fail if there are any other charact=
ers
> besides alphanumeric.

I just tried=20
-----------------
$string =3D '123$abc';
if(!eregi("^[a-z0-9]+$",$string))
  echo 'no good';
else=20
  echo 'you rock';
-----------------
and it outputs
-----------------
X-Powered-By: PHP/4.2.1=20
Content-type: text/html=20
=20
no good
----------------
removing the $ outputs as valid
unless oohforms is doing something different to it
sorry I missed the + off before

Re: [Phplib-users] OOHForms and Templates

[Schotte <bjoern@ba...>]

* Rob Hutton wrote:
> Just looked at the docs from the SaniSoft site and the only place I can find
> it is in the user comments.

Sorry, I have to apologize: it isn't either in the docs
of v7.2b.

Björn.

[Phplib-users] Regex and Templates

[Rob Hutton <rob.hutton@ws...>]

The regex {6,32} expression to match 6 to 32 times gets eaten by the
templates when remove_unknowns is on.  Is there a way to escape this or
something to prevent that?

Rob Hutton
Web Safe
 http://www.wsafe.com

RE: [Phplib-users] OOHForms and Templates

[Rob Hutton <rob.hutton@ws...>]

Just looked at the docs from the SaniSoft site and the only place I can find
it is in the user comments.

> -----Original Message-----
> From: Björn Schotte [mailto:bjoern@...]
> Sent: Thursday, October 31, 2002 2:00 PM
> To: Rob Hutton
> Cc: Phplib-Users
> Subject: Re: [Phplib-users] OOHForms and Templates
>
>
> * Rob Hutton wrote:
> > I have been using the docs in the snapshot because I am on a dialup
> > connection and it is a pain to get online to check the user
> comments.  Can
> > this be added to the docs?  Can the user comments be added to the
> > downloadable docs?
>
> At least get_element() and ge() were documented in the documentation
> of 7.2d. So it should be also there in newer versions.
>
> --
> 35 Kundenportale mit mehreren tausend Nutzern erstellen.
> Bei geringen Kosten und einer großen Anzahl an Modulen
> (DMS, CMS, CRM, Community-Funktionen). Wie das geht?
> => http://testthesystem.com/     *      team@...
>
>

Re: [Phplib-users] OOHForms and Templates

[Schotte <bjoern@ba...>]

* Rob Hutton wrote:
> I have been using the docs in the snapshot because I am on a dialup
> connection and it is a pain to get online to check the user comments.  Can
> this be added to the docs?  Can the user comments be added to the
> downloadable docs?

At least get_element() and ge() were documented in the documentation
of 7.2d. So it should be also there in newer versions.

-- 
35 Kundenportale mit mehreren tausend Nutzern erstellen.
Bei geringen Kosten und einer großen Anzahl an Modulen
(DMS, CMS, CRM, Community-Funktionen). Wie das geht?
=> http://testthesystem.com/     *      team@...

RE: [Phplib-users] Invalid Regex

[Rob Hutton <rob.hutton@ws...>]

This will match 123$abc.  It should fail if there are any other characters
besides alphanumeric.

> -----Original Message-----
> From: Matt Williams [mailto:lists@...]
> Sent: Thursday, October 31, 2002 1:36 PM
> To: rob.hutton@...; Phplib-Users
> Subject: Re: [Phplib-users] Invalid Regex
>
>
> On Thursday 31 October 2002 18:32, Rob Hutton wrote:
>
> > I am trying to validate the username field, and just to make up some
> > arbitrary rules, it has to be between 6 and 25 characters long
> and have no
> > punctuation.  So my valid regex looks something like
> "[A-Za-z0-9]{6,}" but
> > how do I tell it to fail if is has anything else?  Like invalid_regex =
> > "[^A-Za-z0-9]"?
>
> Hi Rob
>
> to check for alphanumeric chars between 6 and 25 chars use
>
> "^[a-zA-Z0-9]{6,25}$"
>
> This will bail if it's not like that.
>
> You can drop A-Z bit depending on whether you're using ereg or eregi
>
> matt
>
>

RE: [Phplib-users] OOHForms and Templates

[Rob Hutton <rob.hutton@ws...>]

I have been using the docs in the snapshot because I am on a dialup
connection and it is a pain to get online to check the user comments.  Can
this be added to the docs?  Can the user comments be added to the
downloadable docs?

Thanks
Rob Hutton
Web Safe
 http://www.wsafe.com

> -----Original Message-----
> From: phplib-users-admin@...
> [mailto:phplib-users-admin@...]On Behalf Of Björn
> Schotte
> Sent: Thursday, October 31, 2002 1:27 PM
> To: Phplib-Users
> Subject: Re: [Phplib-users] OOHForms and Templates
>
>
> * Rob Hutton wrote:
> > Then buffering the output to calling start(), show_element(),
> and finish()
>
> Yes, by reading the documentation and finding get_start(),
> get_element() (or ge()) and get_finish() which is exactly
> that what you want to use:
>
> $t->set_var(array(
> 	"MYFORM_TEXT" => $f->ge("txt"),
> 	"MYFORM_ADDRESS" => $f->ge("address"),
> 	.
> 	.
> 	.
> ));
>
> --
> 35 Kundenportale mit mehreren tausend Nutzern erstellen.
> Bei geringen Kosten und einer großen Anzahl an Modulen
> (DMS, CMS, CRM, Community-Funktionen). Wie das geht?
> => http://testthesystem.com/     *      team@...
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
> _______________________________________________
> Phplib-users mailing list
> Phplib-users@...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>
>

Re: [Phplib-users] Invalid Regex

[Matt Williams <lists@ye...>]

On Thursday 31 October 2002 18:32, Rob Hutton wrote:

> I am trying to validate the username field, and just to make up some
> arbitrary rules, it has to be between 6 and 25 characters long and have=
 no
> punctuation.  So my valid regex looks something like "[A-Za-z0-9]{6,}" =
but
> how do I tell it to fail if is has anything else?  Like invalid_regex =3D
> "[^A-Za-z0-9]"?

Hi Rob

to check for alphanumeric chars between 6 and 25 chars use

"^[a-zA-Z0-9]{6,25}$"

This will bail if it's not like that.

You can drop A-Z bit depending on whether you're using ereg or eregi

matt

RE: [Phplib-users] auth url question

[Rob Hutton <rob.hutton@ws...>]

I disagree on two points.

1) I am new to the php-lib world, but from what I have been told, the 7.2
stuff is much more structured that the curent development stuff, and this is
the core issue that I see.

2) Registration may have special needs, but this is the point of having
local.inc.  Single, two-phase, and approval based registration can easliy be
offered as examples, and probably be used "off the shelf" in a lot of
circumstances...

> -----Original Message-----
> From: phplib-users-admin@...
> [mailto:phplib-users-admin@...]On Behalf Of Matt
> Williams
> Sent: Thursday, October 31, 2002 9:54 AM
> To: Phplib-Users
> Subject: Re: [Phplib-users] auth url question
>
>
>
> On Thursday 31 October 2002 14:23, Rob Hutton wrote:
> > The more I think about this, the less I agree, because I think that auth
> > logic was/is flawed.  But attached is a version that I think
> will drop in.
>
> hi all
>
> I've missed most of this thread so forgive me if I've missed
> something or am
> heading off in the wrong direction.
>
> From what I gather a summary of this thread is about using mode=reg or
> something similar in the url to invoke registration, is this correct?
>
> From my point of the view this would be a waste of time. Each application
>  that I use phplib on invariably has different requirements for
> registration.
>  For me it is easier to keep registration to it's own page where I can
>  control error checking on the form fields, add/remove fields as I wish
>  without having to worry about anything in phplib that might get
>  broken/compromised in the process.
>
> IMHO it seems like that the project has lost it's way a little in terms of
> what it should do, what it needs to do as a project as a whole and what
> people feel it should do to best help them.
>
> What I think needs to happen is to maybe have a more defined development
>  path, possibly. For someone to say, right that's it for new
> stuff to go in,
>  let's get it tested and out.
> Just looking at the task manager on sourceforge shows the is very
> little in
> the way of defined goals for each release. If something good comes up from
> feature requests or from someones own development, then fine add it in as
> long as it's not gonna put too much on the next release and only
> if it's for
> the benefit of the project as a whole.
>
> So for example it has been discussed about getting the latest dev out for
> testing then release. I think this would be a good idea, but only
> as long as
> no more extra stuff keeps getting added in in the meantime. If we do this
> we'll never get it our of the door.
>
> The main aim of the next release seems to be to get it working with php4
> sessions and register globals off. So we should get this tested,
> debugged and
> released. Then and, only then would it be time to move on.
>
> my 2p
>
> matt
>
> -------------------------------------------------------
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
> _______________________________________________
> Phplib-users mailing list
> Phplib-users@...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>

[Phplib-users] Invalid Regex

[Rob Hutton <rob.hutton@ws...>]

I am trying to validate the username field, and just to make up some
arbitrary rules, it has to be between 6 and 25 characters long and have no
punctuation.  So my valid regex looks something like "[A-Za-z0-9]{6,}" but
how do I tell it to fail if is has anything else?  Like invalid_regex =
"[^A-Za-z0-9]"?

Thanks,

Rob Hutton
Web Safe
 http://www.wsafe.com