On Mon, Sep 30, 2002 at 12:48:21AM +0200, Giancarlo wrote:
> At the moment an auth class can have mode = log or reg, and we intend it as
> a default about which form to show.
>
> This value can be overridden by a ?mode= as a GET param
>
> But at a deeper exam, I came to a different conclusion, and wondere if some
> oddieties of phplib's logic, in regard, weren't due to an original
> consideration of this $auth->mode different than the I think we intend, and
> can be with good reasons
>
> In fact there is no need to specify that a protected page is mode=log, every
> protected page must be accessible by a login_page.
>
> But what if the programmer does nmot want to concede the possibility to
> 'register' for a certain class of auth, let's say admins.
> In this case, wasn't auth->mode="reg"n intended to say:
>
> for this page is alsopossible to register? So ?I'll listen to the ?mode=reg
> param?
I agree this should have been the way it worked inside the class instead
of the way it actually works ( always displays the form related to the
mode variable).
Reg mode should have only allowed a registration form, while log mode
would never show a registration form.
> What about the auth->mode==log meaning 'any', you can register to this
> service too by overriding with by ?mode=reg ??
>
> Or how, anyhow, can you prevent registering to a particular auth
class?
>
You may have seen how I did this.
In a configuration file I have:
; allow self registration.
; set to 'reg' for self registration, 'log' otherwise.
authmode = "reg"
This gets set to $_PSL['authmode'] in the application.
In the class extending auth, I have this conditional:
var $mode = "log";
...skip...
if ($HTTP_GET_VARS['mode']=='reg') {
if( !empty($_PSL['authmode'])) {
$this->mode = $_PSL['authmode'];
} else {
$this->mode='reg';
}
} else {
$this->mode='log';
}
in auth.inc
So, if regmode is requested and regmode is allowed a registration form
will be shown. Otherwise only the loginform will be shown.
Joe
> Gian
>
|
