Re: [Phpslash-devel] Dumb auth question
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
Re: [Phpslash-devel] Dumb auth question
|
From: Joe S. <joe...@us...> - 2003-04-02 22:01:35
|
On Wed, Apr 02, 2003 at 01:19:28PM -0800, nathan r. hruby wrote:
> On Wed, 2 Apr 2003, Joe Stewart wrote:
>
> > On Tue, Apr 01, 2003 at 08:44:27PM -0800, nathan r. hruby wrote:
> > >
> > > This is really dumb. I have a site, I login as god (with 'root'perm) or
> > > as my admin user will all but root and nobody set. $auth->nobody is
> > > always 1. Clues?
> > >
> >
> > slashAuthCR.class:
> >
> > var $nobody = true;
> >
> >
> > > I don't see anyplace where's is explicitly unset, so I;m wondering if it;s
> > > not jsut carrying over from the session.
> > >
> >
> > auth->nobody allows public access.
> >
> > The "nobody" user is used after someone is identified. Then what
> > public access is allowed can be changed by the "nobody" group's
> > permissions.
> >
>
> I think this is me being dyslexic. IIRC, in phplib $auth->nobody was a
> boolean shorthand to determine if the current $auth object is
> authenticated as a user, or if we're operating as a default user and
> looking through the auth.inc class seems to beack this up. this may have
> chnaged recently, at this point Joe, youd know better than I.
>
It is a boolean to set if nobody access is allowed.
false or unset - login is required.
true - public access is allowed.
> So the correct method for determinig the user is still to check
> $auth->['uid'] == 'nobody'
Well it would have worked before :)
Now the uid of nobody is changed to that of the phpSlash nobody user.
This is done to have a easy method to control the name and access of
the public user.
The way we're checking for login status in phpSlash is if they have
the "user" permission.
perm->have_perm("user")
> I though phplib did away with this a longtime
> ago (maybe now we're supposed to check $auth->['username']?)
>
no.
If it helps -
There are a couple of methods in Author.class that can get author info
from the uid.
getName, getRealName and getAuthor
> Again, me being kinda stupid.
>
nope. It's about three things happening right together.
Joe
> -n
> --
> ------
> nathan hruby
> na...@ds...
> ------
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ValueWeb:
> Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
> No other company gives more support or power for your dedicated server
> http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
> _______________________________________________
> Phpslash-devel mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpslash-devel
>
|
