Re: [Phpslash-devel] Dumb auth question
Brought to you by:
joestewart,
nhruby
From: Joe S. <joe...@us...> - 2003-04-02 14:26:10
|
On Tue, Apr 01, 2003 at 08:44:27PM -0800, nathan r. hruby wrote: > > This is really dumb. I have a site, I login as god (with 'root'perm) or > as my admin user will all but root and nobody set. $auth->nobody is > always 1. Clues? > slashAuthCR.class: var $nobody = true; > I don't see anyplace where's is explicitly unset, so I;m wondering if it;s > not jsut carrying over from the session. > auth->nobody allows public access. The "nobody" user is used after someone is identified. Then what public access is allowed can be changed by the "nobody" group's permissions. What happens is: The session is created. The auth starts. If the uid is "nobody" the uid is changed to the "nobody" user's uid and perms. It is possible at this point if the "remember me" option was used, a cookie is read and the uid is changed to the particular users's uid. does this help? thanks, Joe > -n > > > -- > ------ > nathan hruby > na...@ds... > ------ > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ValueWeb: > Dedicated Hosting for just $79/mo with 500 GB of bandwidth! > No other company gives more support or power for your dedicated server > http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > |