simplified auth->start, no uid=form stat
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
#25 simplified auth->start, no uid=form stat
This is the new auth.inc.
You need to substitute this and the following
page.inc.
Changes in the API are being reduced at minimum.
The explanation follows
......
I was reflecting on the rationale behind this
intermediate state,
whenever a login or register form is showed out, The
auth object is
initialized with the
$auth->auth[uid]='form'
This is done in method start of auth class.
Then, only if this value is set to 'form', the
$auth->mode value
(reg/log) is tested, and a registration or a login is
attempted with the
data supplied.
This too is done within the start method of class auth.
All this is not taken into account if you provide your
own auth_preauth
function.
I don't know why this intermediate state has been
coded, I suppose there
can be some safety gains, and maybe you can point me to
some.
One I can think of is that you block
'post-and-register' submissions (in
fact is getsession-post-and-register), because that
value has to be set
to form.
What other can be the end of having that intermediate
state?
Is the end to forces you to have obtained already a
session before
sobmitting a login o register form.
As an aklternativa, to get the same, I think that you
could pass a
'session' input field, and the that has to contain a
valid session
value
But this causes a whole lot of problems, among which:
-you cannot simply show a login or register form
anywhere, 'cause it's
input won't be taken in consideration, not being
auth[uid]=='form'
-once a for is showed yu are stuck and need the
cancel_login button to
get clean
The auth->mode log/reg issue is very incumbrent too, at
least being it
handled from inside auth. You are stuck with the same
policy all over.
I'd prefer it to be decided by me, when I need to put
out a form. The
form should contain an input field, that can be named
'request', anv
value 'register' or 'authenticate' (the default).
Because otherwise, when the behavior is not the
intended, we have to dig
into method $auth->start, see what 'mode' value has
arrived down to
there (and hey, there are two $mode: one is auth->mode
the other is the
get param in the url ?mode=log that should serve to
force the show of a
form different from the one stated in $auth->mode...
quite complicated
at the moment).
only files to add to cvs or snapshot.20021007
restructured start
Logged In: YES
user_id=163488
Changes in auth.inc of 5 Dic 2002
Now start can accept a $request, default is ""
when request is "", it calls method check_request, and upon
the result calls a certain function(suthentcate/login/others).
When the request is speciafied, as $auth->start("register")
also calls a certain function.
Better checked $user object unsetting, now both unath() and
logout()clear it.
5 new functions:
authenticate()
preauth()
login()
register()
check_request
Tried to place preauth in the correct place with this new
design of start. Check it please.
Gian