Nice library with lots of power and potential. However, I must disagree with calling it "made easy". Documentation is bad and of no use. Onehas to go deep into the source to understand it and possibly make it work.
Glitches:
- bd documentation. It is realy a must to provide better explanations about how to install and implement library. Tehre is alos need for documentation how to do simple jobs like reading user name or checking i user has some kind of permissions within already authenticated page. It is a must to provide names, description and data structures for UMA session varables available within document.
- mepath.php is not working. I had to remove it at all and implement simplier method to manage paths.
- User authentification system must be centralized. All the job has to be done in single place. Generally, using authenticator.php for each single module that needs authentification is wrong. There should be just one authentificator that does the job and obeys parameters. I also changed that, and my site uses one authenticate.php and sets parameters for service and permission level.
- package is confusing. There are far to many directories, even empty ones. There are modules that works independently (root, example, mysql and postressql admin and tools) so if one wants to use them he must configure and set each one separately. Especialy, if there is support for MySQL and PostgresSQL which is excellent, then application should use simple switch to decide which oen to use, not to force user to alter source to make it work.
- there should be single file to include to implement authentification od page, and login, logout, error and other pages should be already avaliable through athentification library. How things are done now, each module must have its own login.php. logout.php and other pages. If one wants this to be centralizet he must change library source.
I managed to to almost everything of that. I have one authenticarot.php that must be included in page that needs authentification. Permissions are set bu setting $service and $permissionLevel before authenticator.php is called (this means cote that sets them within authentificator.php is removed).
I have removed mepath.php from code and implemented simplier method to manage paths. It alows librry to be called from any path within site and it can find all its libraries corectly.
I altered admin section (for MySQL since I do not use PostgresSQL) to use the same authentification as the rest of the site.
Afer i did all of this I managed to make library to work on my site.
However I have small issue I noted:
When I have several modules on site authenticated through different service library anduser is already authenticated, lubrary forces new login.
For instance, i have main admin menu, and service admin menu. Each admin is member of that sevice and allowed to access manu. There are options that lead to administration to several modules. Each module belongs to other service so only admins that belong to that service may access it. I even managet to hide modules that are not allowd for currently logged admin. This all works fine. But, if admin is logged and he has permision to use module belonging to other service (which admin belongs too), after he tries to access mdule, he is asked to login agan even if he is alredy logged in.
I am not sure what the problem is. My wild guess is that code in authenticator.php has problem to checkif user who is currently logged in has permision to access different service. ode i suspect is:
since I do not understand function and structure for $_SESSION[UMA_SESSION] I can only guess if this is a problem, but it sems to me that this code checks if just service/level already authenticated is checked instead all sevice/permission settings for current user.
Theother possible couse may be in session management. It seems that session is recreated each time authenticator.php is loaded and I am not sure if it manages to correctly get data from previous session...
Has anyone meet similar problem in his site? Any experience from other users is wellcome.
Pedja
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Nice library with lots of power and potential. However, I must disagree with calling it "made easy". Documentation is bad and of no use. Onehas to go deep into the source to understand it and possibly make it work.
Glitches:
- bd documentation. It is realy a must to provide better explanations about how to install and implement library. Tehre is alos need for documentation how to do simple jobs like reading user name or checking i user has some kind of permissions within already authenticated page. It is a must to provide names, description and data structures for UMA session varables available within document.
- mepath.php is not working. I had to remove it at all and implement simplier method to manage paths.
- User authentification system must be centralized. All the job has to be done in single place. Generally, using authenticator.php for each single module that needs authentification is wrong. There should be just one authentificator that does the job and obeys parameters. I also changed that, and my site uses one authenticate.php and sets parameters for service and permission level.
- package is confusing. There are far to many directories, even empty ones. There are modules that works independently (root, example, mysql and postressql admin and tools) so if one wants to use them he must configure and set each one separately. Especialy, if there is support for MySQL and PostgresSQL which is excellent, then application should use simple switch to decide which oen to use, not to force user to alter source to make it work.
- there should be single file to include to implement authentification od page, and login, logout, error and other pages should be already avaliable through athentification library. How things are done now, each module must have its own login.php. logout.php and other pages. If one wants this to be centralizet he must change library source.
I managed to to almost everything of that. I have one authenticarot.php that must be included in page that needs authentification. Permissions are set bu setting $service and $permissionLevel before authenticator.php is called (this means cote that sets them within authentificator.php is removed).
I have removed mepath.php from code and implemented simplier method to manage paths. It alows librry to be called from any path within site and it can find all its libraries corectly.
I altered admin section (for MySQL since I do not use PostgresSQL) to use the same authentification as the rest of the site.
Afer i did all of this I managed to make library to work on my site.
However I have small issue I noted:
When I have several modules on site authenticated through different service library anduser is already authenticated, lubrary forces new login.
For instance, i have main admin menu, and service admin menu. Each admin is member of that sevice and allowed to access manu. There are options that lead to administration to several modules. Each module belongs to other service so only admins that belong to that service may access it. I even managet to hide modules that are not allowd for currently logged admin. This all works fine. But, if admin is logged and he has permision to use module belonging to other service (which admin belongs too), after he tries to access mdule, he is asked to login agan even if he is alredy logged in.
I am not sure what the problem is. My wild guess is that code in authenticator.php has problem to checkif user who is currently logged in has permision to access different service. ode i suspect is:
if ($_SESSION[UMA_SESSION][$service]['permission'] < $permissionLevel) {
if (POST_METHOD == 'POST') {
$requestedUsername = $_POST[POST_USERNAME_NAME];
$requestedPassword = $_POST[POST_PASSWORD_NAME];
} else {
$requestedUsername = $_GET[POST_USER_NAME];
$requestedPassword = $_GET[POST_PASSWORD_NAME];
}
since I do not understand function and structure for $_SESSION[UMA_SESSION] I can only guess if this is a problem, but it sems to me that this code checks if just service/level already authenticated is checked instead all sevice/permission settings for current user.
Theother possible couse may be in session management. It seems that session is recreated each time authenticator.php is loaded and I am not sure if it manages to correctly get data from previous session...
Has anyone meet similar problem in his site? Any experience from other users is wellcome.
Pedja