#25 simplified auth->start, no uid=form stat

open
nobody
None
5
2002-05-28
2002-05-28
No

This is the new auth.inc.
You need to substitute this and the following
page.inc.

Changes in the API are being reduced at minimum.

The explanation follows
......

I was reflecting on the rationale behind this
intermediate state,
whenever a login or register form is showed out, The
auth object is
initialized with the
$auth->auth[uid]='form'
This is done in method start of auth class.
Then, only if this value is set to 'form', the
$auth->mode value
(reg/log) is tested, and a registration or a login is
attempted with the
data supplied.
This too is done within the start method of class auth.
All this is not taken into account if you provide your
own auth_preauth
function.

I don't know why this intermediate state has been
coded, I suppose there
can be some safety gains, and maybe you can point me to
some.
One I can think of is that you block
'post-and-register' submissions (in
fact is getsession-post-and-register), because that
value has to be set
to form.
What other can be the end of having that intermediate
state?
Is the end to forces you to have obtained already a
session before
sobmitting a login o register form.
As an aklternativa, to get the same, I think that you
could pass a
'session' input field, and the that has to contain a
valid session
value

But this causes a whole lot of problems, among which:
-you cannot simply show a login or register form
anywhere, 'cause it's
input won't be taken in consideration, not being
auth[uid]=='form'
-once a for is showed yu are stuck and need the
cancel_login button to
get clean

The auth->mode log/reg issue is very incumbrent too, at
least being it
handled from inside auth. You are stuck with the same
policy all over.
I'd prefer it to be decided by me, when I need to put
out a form. The
form should contain an input field, that can be named
'request', anv
value 'register' or 'authenticate' (the default).
Because otherwise, when the behavior is not the
intended, we have to dig
into method $auth->start, see what 'mode' value has
arrived down to
there (and hey, there are two $mode: one is auth->mode
the other is the
get param in the url ?mode=log that should serve to
force the show of a
form different from the one stated in $auth->mode...
quite complicated
at the moment).

Discussion

1 2 > >> (Page 1 of 2)
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    This is the latest version.
    default_auth is now a noop. Auth already does that

     
  • Giancarlo Pinerolo

    auth.inc with no more 'nobody' case handled

     
  • Giancarlo Pinerolo

    there's still something to be done

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    the SPLASHFORM behavior works with the unchanged
    showoff.php3 example from the distribution

     
  • Giancarlo Pinerolo

    minimal explaination of usage

     
  • Giancarlo Pinerolo

    example page.inc for global splash form behavior

     
  • Giancarlo Pinerolo

    minimal explaination & usage

     
  • Giancarlo Pinerolo

    new auth for php4 sess reg_glob off

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    This works with php 4 and register globals off. Both
    blocking behaviour, SPLASH or deferred/conditional, work.

    One single page inc for all cases, honours existing usage of
    auth or default_auth classes
    
    There exist a bug in actual auth resumption that prevents
    phplib3 passing correctli among pages of the two types.
    This should also fix that

     
  • Giancarlo Pinerolo

    Some more explainations about that

     
  • Giancarlo Pinerolo

    Some explaination and use, get this instead

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    This is the latest rationalized auth with the auth
    resumption bug fixed in page.inc, and the _sleep function
    to allow max compat with session4.

    It is based on latest cvs, as of 10 Oct 2002, with the
    patest patches applied to php-lib-stable, included support
    for session4 and session4_custom

    The new files with respect to the php-lib-stable are:

    auth.inc
    page.inc

    and are provided also as separate text files

    To try it, unpack under docroot, modify path in
    pages/prepend.php3, dbuser and passwd in php/local.inc

     
  • Giancarlo Pinerolo

    full pages and php dirs of latest session4 php-lib-stable

     
  • Giancarlo Pinerolo

    page.inc

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    page inc with the resumption bug fixed, behaves as usual
    (splashform).
    For back compat cancel_login can be fixed here.

     
  • Giancarlo Pinerolo

    auth.inc

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    auth inc with

    __sleep function (necessary for all session4+auth users)

    retionalized start method

    check_feature method, checks same feature as persisted
    auth.

    Fixed switch state from auth/default_auth
    fixed 'nobody' loginc
    eliminated session_blocking login_in_progress state
    (uid=form), can be enforced in page.inc
    reviewed log/reg form request logic
    and more

     
  • Giancarlo Pinerolo

    start_actions block for user start(?)

     
  • Giancarlo Pinerolo

    fixed start_actions

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    The results are really great.
    latest changes over Joe's snapshot of saturday:
    phplib-0.74.20021005.patches which already contains fixed
    for 'browser back button' and 'user4->register of
    uninitialized variables bug'

    Only the new files in php/ and pages/ are in this addendum.
    You must diwnload and install Joe Stewart's snapshot at

    http://phplib.sourceforge.net/snapshots/
    http://phplib.sourceforge.net/snapshots/phplib-0.74.20021005.patches.tar.gz

    then override the needed files from this
    fix php/local.inc for db user/pass
    modify pages/prepend.php3 for different phplib (3/4) version
    modify pages/.htaccess to try register_globals On or off
    open pages/defauth.php3

    CHANGES
    -fixed the login_if, it accept 3 values in get param, whose
    name can be spacified in the final page, and will be
    automatically parser away from the get QUERY_STRING
    -tere is a new $auth var, urlaction, that contains the name
    of this GET variable for the shunt loop Logout_and_Relogin
    click action. This is the name of the GET var (default
    "again"), that will be parsed and cleaned from QUERY_STRING
    on resubmit.
    -fixed session4.inc self_url(), to rely onto
    HTTP_POST_VARS[Query_String] instead of env(QUERY_STRING).
    this is because the HTTP_POST_VARS global can be rewritten,
    and is in fact, to be cleaned and ready for loginform.

    -a great default auth page, with logout/relogin in a single
    click, or as before.

    Guys, I worked months, included this cloudy sonday on it, my
    head haches, and I need some glory. Please give it a try.

    Gian

     
  • Giancarlo Pinerolo

    Logged In: YES
    user_id=163488

    eContains only the files to add to cvs php-lib-stable or
    snapshot.20021007
    News:
    -perm may exist before auth->start
    -expire calculated at start from persistent last_renewal
    instead of being inherited
    -no E_NOTICE noticed
    -defauth has more 'interesting variables'

     
1 2 > >> (Page 1 of 2)

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks