phplib-users

[Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Michele M. <mic...@es...>]

Hi there,
i'm looking for a method to put everywhere the loginform (like many 
site, like phpnuke for example) so i get this patch 
(https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613) 
but i dont understand how it works, please can you help me?

-- 


Michele Marcucci		

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Joe S. <jo...@be...>]

On Thu, Jun 06, 2002 at 11:23:39AM +0200, Michele Marcucci wrote:
> Hi there,
> i'm looking for a method to put everywhere the loginform (like many 
> site, like phpnuke for example) so i get this patch 
> (https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613) 
> but i dont understand how it works, please can you help me?
> 
> -- 
> 

Another method that works without patching phplib is like this:

if(isset($HTTP_POST_VARS['username'])) { // this would be present if a login is in progress
      $auth->auth["uid"]= "form"; // this is what auth seems to want
      $auth->start();
}

$auth->login_if(!$perm->have_perm('user'));

Here is the original post:

   http://marc.theaimsgroup.com/?l=phplib&m=99114081209404&w=2

Here is a simple example:

   http://www.phpslash.org/index.php3?section_id=11

have fun,

Joe

> 
> Michele Marcucci		
> 

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

Joe Stewart wrote:
> 
> Another method that works without patching phplib is like this:
> 
> if(isset($HTTP_POST_VARS['username'])) { // this would be present if a login is in progress
>       $auth->auth["uid"]= "form"; // this is what auth seems to want
>       $auth->start();
> }
> 
> $auth->login_if(!$perm->have_perm('user'));
> 
> Here is the original post:
> 
>    http://marc.theaimsgroup.com/?l=phplib&m=99114081209404&w=2
> 
> Here is a simple example:
> 
>    http://www.phpslash.org/index.php3?section_id=11
> 
> have fun,

This code confirms that is common practice to smashe the very reason ot
the auth['form'] intermiediate status value: be assured that a form was
set 'before' input is accepted.

It osoletes keepeing that value and overrides it.
The 'form' value was supposed to be a prerequisite, something the code
needs to have *before*  considering any 'username' an 'password' input
fields.
The actual code logic is:
if there's form, see if there are the fields.
This does the reverse, if there's a field username, then force 'form'
and loop over start.

It simply checks for an existing input field 'username'. (If it  checks
for  'password' too, you can even smash the necessity of log/reg) 
Exactly as my auth does.
These lines of code show that people already chose to consider the whole
auth->start method, as it is, obsolete, comment.

Gian

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

Giancarlo Pinerolo wrote:
> 
> Joe Stewart wrote:
> >
> > Another method that works without patching phplib is like this:
> >
> > if(isset($HTTP_POST_VARS['username'])) { // this would be present if a login is in progress
> >       $auth->auth["uid"]= "form"; // this is what auth seems to want
> >       $auth->start();
> > }
> >
> > $auth->login_if(!$perm->have_perm('user'));
> > Here is a simple example:
> >
> >    http://www.phpslash.org/index.php3?section_id=11
> >
> > have fun,

Ya. I too have adopted, this patch you show, for years, transmitted over
from generation to generation of phplib ;-)

That's why I decided to cut short the whole stuff.
Nevertheless, you can much more easily and cleanly 
place it back in my page.inc (the one in the patch 'simplifying auth'),
as a prior/post trigger to the form exibit . 

Gian

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

> 
> Ya. I too have adopted, this patch you show, for years, transmitted over
> from generation to generation of phplib ;-)
> 
> That's why I decided to cut short the whole stuff.
> Nevertheless, you can much more easily and cleanly
> place it back in my page.inc (the one in the patch 'simplifying auth'),
  ^^^^^^^^^^^^^^

I meant the auth['form']'value trigger

> as a prior/post trigger to the form exibit .

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

Michele Marcucci wrote:
> 
> Hi there,
> i'm looking for a method to put everywhere the loginform (like many
> site, like phpnuke for example) so i get this patch
> (
> https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613
> )
> but i dont understand how it works, please can you help me?
> 

That is something supposed to be tried throughout first.

You must understand that, if phplib is doing less, being less invadent,
there's something more you have to do.

Phplib used to occupy a full page with its login/register forms, and
exit.
You don't want that, you don't want even to show the login form on top
of the page, when the auth class is started.
You simply want to set a switch, that you can use right on top of your
script, or in a fancy login box right down at the end.

So I attach you 2 examples:
index.php3 is a modified 'simple page from the examples.
showoff.php3 is a modified authenticated page. It can have or not have
the user and perm classes

correct the include prepend.php3 there.

index is accessible to all users, but logged in ones will not see the
login form
showoff is only for registered users.

Then you have to make a little change to new.page.inc. I coded it to
mantain the same behavior of before: show a full blown login/register
page, and exit.
The one I send you should instead only set a global switch $needform,
that you'd use later. 
the auth.inc in the patch is OK. 
In fact I realize that  auth[uid] nobody has no more sense once you can
intercept the behaviour of auth itself. 

I will be back soon to this, if there's any interest.

Giancarlo

-------------  showoff (protected page) --------------
<?php
 include("new.prepend.php3");
  include($_PHPLIB["libdir"] . "table.inc");

  page_open(array("sess" => "Example_Session",
                  "auth" => "Example_Auth"));  ## use this for no user
storage

### use this if you want user storage too
/******+
  page_open(array("sess" => "Example_Session",
                  "auth" => "Example_Auth",
                  "perm" => "Example_Perm",
                  "user" => "Example_User"));
*/////
if ($needform)
         {
         $auth->auth_loginform();
         page_close();   ## You may want
         exit;           ## to  exit here
         }

/*
  // page access requires that the user is authenticated and has "admin"
permission
if (!$perm->check("admin"))  ## you need to modify perm->check to return
                             ## true/false instead of
'perminvalid_page_and_exit
   {
   $auth->auth_loginform();
   exit;
   }
*/

  $sess->register("s");

?>
  <a href="<?php $sess->purl("logout.php3") ?>">Logout</a> and delete
your authentication information.<br>

<?php
  // Demonstration of per session data: We are incrementing a scalar,
$s.
  printf("<h1>Per Session Data: %s</h1>\n", ++$s);
  // Show how to access the session and the user id.
  printf("Your session id is %s<br>\n", $sess->id);
//  printf("Your user id is %s<br>\n", $user->id);
//  printf("This should be the same as %s<br>\n", $auth->auth["uid"]);
  printf("You have the permissions %s<br>\n", $auth->auth["perm"]);
?>
<?php page_close() ?>
----------------------------

----- index page ------------

<?php

 include("new.prepend.php3");

#  sess   for session variables
//  page_open(array("sess" => "Example_Session"));
  page_open(array("sess" => "Example_Session", "auth" =>
"Example_Auth"));

# s is a per session variable, u is a per user variable.
  if (!isset($s)) { $s=0; };
  $sess->register("s");

        echo "<center><h1>some previous page content</h1></center>";
echo "session ID ".$sess->id."<p>";
echo "user ID ".$auth->auth['uid']."<p>";
echo "user NAME ".$auth->auth['uname']."<p>";

if ($needform)
         {
         $auth->auth_loginform();
//       page_close();   ## You may want
//       exit;           ## to  exit here
         }

  // Demonstration of per session data: We are incrementing a scalar,
$s.
  printf("<h1>Per Session Data: %s</h1>\n", ++$s);
  // Save data back to database.
  page_close()
 ?>
<!-- $Id: index.php3,v 1.1.1.1 2000/04/17 16:40:06 kk Exp $ -->

--------------
-------- page.inc --------------

<?php
/*
 * Session Management for PHP3
 *
 * Copyright (c) 1998-2000 NetUSE AG
 *                    Boris Erdmann, Kristian Koehntopp
 *
 * $Id: page.inc,v 1.4 2002/03/18 18:07:02 layne_weathers Exp $
 *
 */ 

$needform=false;     ### the switch

function page_open($feature) {
  global $_PHPLIB,$HTTP_GET_VARS;

  # enable sess and all dependent features.
  if (isset($feature["sess"])) {
    global $sess;
    $sess = new $feature["sess"];
    $sess->start();
    
    # the auth feature depends on sess
    if (isset($feature["auth"])) {
      global $auth;
      
      if (!is_object($auth)) {
        $auth = new $feature["auth"];
      }
      
      if (!$auth->start())
         {
         page_showform();
//         $sess->freeze();  ## here I don't exit
//         exit;         
         }
  
      
      # the perm feature depends on auth and sess
      if (isset($feature["perm"])) {
        global $perm;
        
        if (!is_object($perm)) {
          $perm = new $feature["perm"];
        }
      }

      # the user feature depends on auth and sess
      if (isset($feature["user"])) {
        global $user;
        
        if (!is_object($user)) {
          $user = new $feature["user"];
        }
        $user->start($auth->auth["uid"]);
     }
    }

    ## Load the auto_init-File, if one is specified.
    if (($sess->auto_init != "") && !$sess->in) {
      $sess->in = 1;
      include($_PHPLIB["libdir"] . $sess->auto_init);
      if ($sess->secure_auto_init != "") {
        $sess->freeze();
      }
    } 
  }
}

function page_close() {
  global $sess, $user;

  if (is_object($sess)) {
    $sess->freeze();
    if (is_object($user)) {
      $user->freeze();
    }
  }
}

function sess_load($session) {
  reset($session);
  while (list($k,$v) = each($session)) {
    $GLOBALS[$k] = new $v;
    $GLOBALS[$k]->start();
  }
}

function sess_save($session) {
  reset($session);
  while (list(,$v) = each($session)) {
    $GLOBALS[$v]->freeze();
  }
}
function page_showform() {
   global $auth,$HTTP_GET_VARS;
   $mode=$HTTP_GET_VARS['mode'];
global $needform;
$needform=true;  ### here I don't show a form, but only set the switch

/*
   if ($mode=="reg")
      {$auth->auth_registerform();}
   else
      {$auth->auth_loginform();}
*/
}

?>

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Michele M. <mic...@es...>]

With this patch all works fine, i finally reach my scope, i can include 
now a loginform anywhere i want in my index page and it doesn't seem a 
stand-alone page, like it was before.
I'm not sure if this patch is foundamental for the scope but now works, 
so many thanks Giancarlo and a question:
Can i have problem now with the rest of "standard" phplib function and 
features?

Have a nice day

Michele Marcucci


Giancarlo Pinerolo wrote:

>Michele Marcucci wrote:
>  
>
>>Hi there,
>>i'm looking for a method to put everywhere the loginform (like many
>>site, like phpnuke for example) so i get this patch
>>(
>>https://sourceforge.net/tracker/index.php?func=detail&aid=561500&group_id=31885&atid=403613
>>)
>>but i dont understand how it works, please can you help me?
>>
>>    
>>
>
>That is something supposed to be tried throughout first.
>
>You must understand that, if phplib is doing less, being less invadent,
>there's something more you have to do.
>
>Phplib used to occupy a full page with its login/register forms, and
>exit.
>You don't want that, you don't want even to show the login form on top
>of the page, when the auth class is started.
>You simply want to set a switch, that you can use right on top of your
>script, or in a fancy login box right down at the end.
>
>So I attach you 2 examples:
>index.php3 is a modified 'simple page from the examples.
>showoff.php3 is a modified authenticated page. It can have or not have
>the user and perm classes
>
>correct the include prepend.php3 there.
>
>index is accessible to all users, but logged in ones will not see the
>login form
>showoff is only for registered users.
>
>Then you have to make a little change to new.page.inc. I coded it to
>mantain the same behavior of before: show a full blown login/register
>page, and exit.
>The one I send you should instead only set a global switch $needform,
>that you'd use later. 
>the auth.inc in the patch is OK. 
>In fact I realize that  auth[uid] nobody has no more sense once you can
>intercept the behaviour of auth itself. 
>
>I will be back soon to this, if there's any interest.
>
>Giancarlo
>
>-------------  showoff (protected page) --------------
><?php
> include("new.prepend.php3");
>  include($_PHPLIB["libdir"] . "table.inc");
>
>  page_open(array("sess" => "Example_Session",
>                  "auth" => "Example_Auth"));  ## use this for no user
>storage
>
>### use this if you want user storage too
>/******+
>  page_open(array("sess" => "Example_Session",
>                  "auth" => "Example_Auth",
>                  "perm" => "Example_Perm",
>                  "user" => "Example_User"));
>*/////
>if ($needform)
>         {
>         $auth->auth_loginform();
>         page_close();   ## You may want
>         exit;           ## to  exit here
>         }
>
>/*
>  // page access requires that the user is authenticated and has "admin"
>permission
>if (!$perm->check("admin"))  ## you need to modify perm->check to return
>                             ## true/false instead of
>'perminvalid_page_and_exit
>   {
>   $auth->auth_loginform();
>   exit;
>   }
>*/
>
>  $sess->register("s");
>
>?>
>  <a href="<?php $sess->purl("logout.php3") ?>">Logout</a> and delete
>your authentication information.<br>
>
><?php
>  // Demonstration of per session data: We are incrementing a scalar,
>$s.
>  printf("<h1>Per Session Data: %s</h1>\n", ++$s);
>  // Show how to access the session and the user id.
>  printf("Your session id is %s<br>\n", $sess->id);
>//  printf("Your user id is %s<br>\n", $user->id);
>//  printf("This should be the same as %s<br>\n", $auth->auth["uid"]);
>  printf("You have the permissions %s<br>\n", $auth->auth["perm"]);
>?>
><?php page_close() ?>
>----------------------------
>
>----- index page ------------
>
><?php
>
> include("new.prepend.php3");
>
>#  sess   for session variables
>//  page_open(array("sess" => "Example_Session"));
>  page_open(array("sess" => "Example_Session", "auth" =>
>"Example_Auth"));
>
># s is a per session variable, u is a per user variable.
>  if (!isset($s)) { $s=0; };
>  $sess->register("s");
>
>        echo "<center><h1>some previous page content</h1></center>";
>echo "session ID ".$sess->id."<p>";
>echo "user ID ".$auth->auth['uid']."<p>";
>echo "user NAME ".$auth->auth['uname']."<p>";
>
>if ($needform)
>         {
>         $auth->auth_loginform();
>//       page_close();   ## You may want
>//       exit;           ## to  exit here
>         }
>
>  // Demonstration of per session data: We are incrementing a scalar,
>$s.
>  printf("<h1>Per Session Data: %s</h1>\n", ++$s);
>  // Save data back to database.
>  page_close()
> ?>
><!-- $Id: index.php3,v 1.1.1.1 2000/04/17 16:40:06 kk Exp $ -->
>
>--------------
>-------- page.inc --------------
>
><?php
>/*
> * Session Management for PHP3
> *
> * Copyright (c) 1998-2000 NetUSE AG
> *                    Boris Erdmann, Kristian Koehntopp
> *
> * $Id: page.inc,v 1.4 2002/03/18 18:07:02 layne_weathers Exp $
> *
> */ 
>
>$needform=false;     ### the switch
>
>function page_open($feature) {
>  global $_PHPLIB,$HTTP_GET_VARS;
>
>  # enable sess and all dependent features.
>  if (isset($feature["sess"])) {
>    global $sess;
>    $sess = new $feature["sess"];
>    $sess->start();
>    
>    # the auth feature depends on sess
>    if (isset($feature["auth"])) {
>      global $auth;
>      
>      if (!is_object($auth)) {
>        $auth = new $feature["auth"];
>      }
>      
>      if (!$auth->start())
>         {
>         page_showform();
>//         $sess->freeze();  ## here I don't exit
>//         exit;         
>         }
>  
>      
>      # the perm feature depends on auth and sess
>      if (isset($feature["perm"])) {
>        global $perm;
>        
>        if (!is_object($perm)) {
>          $perm = new $feature["perm"];
>        }
>      }
>
>      # the user feature depends on auth and sess
>      if (isset($feature["user"])) {
>        global $user;
>        
>        if (!is_object($user)) {
>          $user = new $feature["user"];
>        }
>        $user->start($auth->auth["uid"]);
>     }
>    }
>
>    ## Load the auto_init-File, if one is specified.
>    if (($sess->auto_init != "") && !$sess->in) {
>      $sess->in = 1;
>      include($_PHPLIB["libdir"] . $sess->auto_init);
>      if ($sess->secure_auto_init != "") {
>        $sess->freeze();
>      }
>    } 
>  }
>}
>
>function page_close() {
>  global $sess, $user;
>
>  if (is_object($sess)) {
>    $sess->freeze();
>    if (is_object($user)) {
>      $user->freeze();
>    }
>  }
>}
>
>function sess_load($session) {
>  reset($session);
>  while (list($k,$v) = each($session)) {
>    $GLOBALS[$k] = new $v;
>    $GLOBALS[$k]->start();
>  }
>}
>
>function sess_save($session) {
>  reset($session);
>  while (list(,$v) = each($session)) {
>    $GLOBALS[$v]->freeze();
>  }
>}
>function page_showform() {
>   global $auth,$HTTP_GET_VARS;
>   $mode=$HTTP_GET_VARS['mode'];
>global $needform;
>$needform=true;  ### here I don't show a form, but only set the switch
>
>/*
>   if ($mode=="reg")
>      {$auth->auth_registerform();}
>   else
>      {$auth->auth_loginform();}
>*/
>}
>
>?>
>
>
>_______________________________________________________________
>
>Don't miss the 2002 Sprint PCS Application Developer's Conference
>August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
>  
>

-- 

-------------------------------------------------------
Michele Marcucci		ESTREMI srl
Advanced IT Consultant		Via Emilia 310
mic...@es...	40026 Imola (BO)
				Phone +39 0542 615 888
nic-hdl: MM901-ITNIC		Fax +39 0542 615 895
-------------------------------------------------------

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

Michele Marcucci wrote:
> 
> With this patch all works fine, i finally reach my scope, i can include
> now a loginform anywhere i want in my index page and it doesn't seem a
> stand-alone page, like it was before.
> I'm not sure if this patch is foundamental for the scope but now works,
> so many thanks Giancarlo and a question:
> Can i have problem now with the rest of "standard" phplib function and
> features?
> 

The perm->check feature I have to fix, to return true/false instead of
showing perminvalid (which was absurd anyway, you'd want a
login/register form instead)

In the end you will not do
$perm->check()

but, same as for auth,

if(!$perm->check())
   {
   $auth->auth_loginform();  # or $perm->perminvalid, if you prefer
   }

But I'ven't tried that yet.
If you already are logged with 'user' permissions, and submit a login
for an 'admin', will it work?
I've to try.

The rest should work, but I exhort you to try it very very well before.

Also I haven't tried it with the latest phplib-stable from cvs, which I
myself recently commited.
The two shouldn't interfere, 'cause the patch I applied to cvs is
related to session.
But better try it. And thanks for the feedback


Giancarlo

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Admin <ad...@go...>]

Just for saying that functions like $perm->check() and 
$perm->have_perm() work fine with your patch.
Good job.

|If you already are logged with 'user' permissions, and submit a login
|for an 'admin', will it work?

Yes I try but it doesn't work, but it isn't a problem for me, infact if 
someone logged in, the login form is substituted by a logout link.

Have fun


Michele Marcucci


Giancarlo Pinerolo wrote:

>Michele Marcucci wrote:
>  
>
>>With this patch all works fine, i finally reach my scope, i can include
>>now a loginform anywhere i want in my index page and it doesn't seem a
>>stand-alone page, like it was before.
>>I'm not sure if this patch is foundamental for the scope but now works,
>>so many thanks Giancarlo and a question:
>>Can i have problem now with the rest of "standard" phplib function and
>>features?
>>
>>    
>>
>
>The perm->check feature I have to fix, to return true/false instead of
>showing perminvalid (which was absurd anyway, you'd want a
>login/register form instead)
>
>In the end you will not do
>$perm->check()
>
>but, same as for auth,
>
>if(!$perm->check())
>   {
>   $auth->auth_loginform();  # or $perm->perminvalid, if you prefer
>   }
>
>But I'ven't tried that yet.
>If you already are logged with 'user' permissions, and submit a login
>for an 'admin', will it work?
>I've to try.
>
>The rest should work, but I exhort you to try it very very well before.
>
>Also I haven't tried it with the latest phplib-stable from cvs, which I
>myself recently commited.
>The two shouldn't interfere, 'cause the patch I applied to cvs is
>related to session.
>But better try it. And thanks for the feedback
>
>
>Giancarlo
>
>_______________________________________________________________
>
>Don't miss the 2002 Sprint PCS Application Developer's Conference
>August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
>_______________________________________________
>Phplib-users mailing list
>Php...@li...
>https://lists.sourceforge.net/lists/listinfo/phplib-users
>  
>

Re: [Phplib-users] Giancarlo Pinerolo (pingus) auth patch

[Giancarlo P. <gia...@na...>]

Admin wrote:
> 
> Just for saying that functions like $perm->check() and
> $perm->have_perm() work fine with your patch.
> Good job.
> 
> |If you already are logged with 'user' permissions, and submit a login
> |for an 'admin', will it work?
> 
> Yes I try but it doesn't work, but it isn't a problem for me, infact if
> someone logged in, the login form is substituted by a logout link.
> 

You need a session->delete or what the heck session->destroy, before. 
Apart from that, did you check it with the various register_globals off,
php 4.2.1, etc?

Really I have no time for this, at the moment. 
I am in the uneasy position of having to shout around to 'advertise'
that big hole.. which is something I hate to do. 
That patch is for solely test purposes, don't use it for anything else.

Giancarlo



> Have fun
> 
> Michele Marcucci
> 
> Giancarlo Pinerolo wrote:
> 
> >Michele Marcucci wrote:
> >
> >
> >>With this patch all works fine, i finally reach my scope, i can include
> >>now a loginform anywhere i want in my index page and it doesn't seem a
> >>stand-alone page, like it was before.
> >>I'm not sure if this patch is foundamental for the scope but now works,
> >>so many thanks Giancarlo and a question:
> >>Can i have problem now with the rest of "standard" phplib function and
> >>features?
> >>
> >>
> >>
> >
> >The perm->check feature I have to fix, to return true/false instead of
> >showing perminvalid (which was absurd anyway, you'd want a
> >login/register form instead)
> >
> >In the end you will not do
> >$perm->check()
> >
> >but, same as for auth,
> >
> >if(!$perm->check())
> >   {
> >   $auth->auth_loginform();  # or $perm->perminvalid, if you prefer
> >   }
> >
> >But I'ven't tried that yet.
> >If you already are logged with 'user' permissions, and submit a login
> >for an 'admin', will it work?
> >I've to try.
> >
> >The rest should work, but I exhort you to try it very very well before.
> >
> >Also I haven't tried it with the latest phplib-stable from cvs, which I
> >myself recently commited.
> >The two shouldn't interfere, 'cause the patch I applied to cvs is
> >related to session.
> >But better try it. And thanks for the feedback
> >
> >
> >Giancarlo
> >
> >_______________________________________________________________
> >
> >Don't miss the 2002 Sprint PCS Application Developer's Conference
> >August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> >
> >_______________________________________________
> >Phplib-users mailing list
> >Php...@li...
> >https://lists.sourceforge.net/lists/listinfo/phplib-users
> >
> >