PHPLIB auth.
IM just getting started with phplib and have created a simple code like below.
<?php
page_open(
array("sess"=>"CS_Session"
"auth"=>"Example_Auth",
"perm"=>"Example_Perm"));
$perm->check("admin");
echo "inloggad";
// $auth= unauth($nobody=false);
// $auth = logout();
page_close();
?>
I get the user/pass dialog, and if i enter an user that doesnt have admin i get the
Permission denied
Your session 344e8c2385b4106154faaaf5c0
To access this page, the following permissions are required: admin.
I won't let you access this page, because you have these permissions: .
However, from this point on, reloading the page gives me the above dialog, i am never asked to re-auth. (running IE5, set to "check page on every load")
1. How do i return to the login screen if the above happens?
2. How do i log a user out? Neither $auth= unauth($nobody=false); or $auth = logout(); Seems to work.
(yes, i know they are commented out in the above code, im trying to fix the auth dialog thing first)
<?php
page_open(
array("sess"=>"CS_Session"
"auth"=>"Example_Auth",
"perm"=>"Example_Perm"));
$perm->check("admin");
echo "inloggad";
// $auth= unauth($nobody=false);
// $auth = logout();
page_close();
?>
I get the user/pass dialog, and if i enter an user that doesnt have admin i get the
Permission denied
Your session 344e8c2385b4106154faaaf5c0
To access this page, the following permissions are required: admin.
I won't let you access this page, because you have these permissions: .
However, from this point on, reloading the page gives me the above dialog, i am never asked to re-auth. (running IE5, set to "check page on every load")
1. How do i return to the login screen if the above happens?
2. How do i log a user out? Neither $auth= unauth($nobody=false); or $auth = logout(); Seems to work.
(yes, i know they are commented out in the above code, im trying to fix the auth dialog thing first)
ASKER
how do i implement your example?
Edit your local.inc file and find definition of your Example_Perm class
(I take name of class from your line
page_open(
array("sess"=>"CS_Session"
"auth"=>"Example_Auth",
"perm"=>"Example_Perm"));
Then just add function I suggested to it's definition (it will override default function)
(I take name of class from your line
page_open(
array("sess"=>"CS_Session"
"auth"=>"Example_Auth",
"perm"=>"Example_Perm"));
Then just add function I suggested to it's definition (it will override default function)
ASKER
No difference, i am still not given a chance to "revalidate".
ASKER
Ok, So, is there any way to atleast put a "re-logon" link/button on the "access denied" page then? :)
What was the result of inserting this function to Example_Perm class ?
function perm_invalid($does_have, $must_have) {
$GLOBALS["auth"]->logout()
Header("Location: /");
printf("Access denied.\n");
}
What about the "logout" link, I use something like that for my logout.php3:
<?
page_open(....);
$auth->logout();
Header("Location: /");
page_close();
?>
function perm_invalid($does_have, $must_have) {
$GLOBALS["auth"]->logout()
Header("Location: /");
printf("Access denied.\n");
}
What about the "logout" link, I use something like that for my logout.php3:
<?
page_open(....);
$auth->logout();
Header("Location: /");
page_close();
?>
ASKER
"What was the result of inserting this function to Example_Perm class ?"
No change whatsoever.
"What about the "logout" link, I use something like that for my logout.php3:"
Whats the easiest way to link that to the access denied entry?
No change whatsoever.
"What about the "logout" link, I use something like that for my logout.php3:"
Whats the easiest way to link that to the access denied entry?
"No change whatsoever. "
You mean that wrong permission message was the same as in your first original message ? Then something wrong, because you must simply get
"Access denied" message. Make sure there is only one function perm_invalid
in your Example_Perm class, so you replaced original version with mine one.
To insert link to this page (if you use my function) use the following code:
function perm_invalid($does_have, $must_have) {
$GLOBALS["auth"]->logout()
Header("Location: /login.php3");
printf("Access denied. Please <A HREF='/logout.php3'>relogi
}
You mean that wrong permission message was the same as in your first original message ? Then something wrong, because you must simply get
"Access denied" message. Make sure there is only one function perm_invalid
in your Example_Perm class, so you replaced original version with mine one.
To insert link to this page (if you use my function) use the following code:
function perm_invalid($does_have, $must_have) {
$GLOBALS["auth"]->logout()
Header("Location: /login.php3");
printf("Access denied. Please <A HREF='/logout.php3'>relogi
}
ASKER
I got this from a person on the phplib mailinglist. Does it make any sense?
i have found that msie 5.01 won't stop caching things when it gets both
content-control: no-cache
and
pragma: no-cache
so i changed session.inc by commenting out the pragma: line... msie 5.01
seems to have responded well to that. havn't had a chance to test it in
msie 4 or below yet.
regarding your question #1, i quit using $perm->check() and went to my own
code in each page, using have_perm()... this allows me to generate a login
form and display a nicer message related to the page they're accessing.
for logging out, i'm using $auth->login_if($again); i seem to recall
something on here about not using that exact construct, but i probably
hacked the actual phplib code to get around that as i made several changes
to the phplib code to adjust the login system...
i have found that msie 5.01 won't stop caching things when it gets both
content-control: no-cache
and
pragma: no-cache
so i changed session.inc by commenting out the pragma: line... msie 5.01
seems to have responded well to that. havn't had a chance to test it in
msie 4 or below yet.
regarding your question #1, i quit using $perm->check() and went to my own
code in each page, using have_perm()... this allows me to generate a login
form and display a nicer message related to the page they're accessing.
for logging out, i'm using $auth->login_if($again); i seem to recall
something on here about not using that exact construct, but i probably
hacked the actual phplib code to get around that as i made several changes
to the phplib code to adjust the login system...
Well, your problem is solved ?
ASKER
I am not sure yet. I am on a buisness trip and have not had a chance to test it , just thought i would share what i have learned. However, if this should be the answer, the points are still yours, since you have given me a better insight in how the auth mechanism works.
Cheers.
Cheers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The cache problem seem to have been the major issue.. Now when i get a "permission denied" i can use the logout link and get a new "login dialog" However, your code has been very helpful, so here are the points.
$perm->check("admin");
function.
To logout user when he don't have permissions, try the following code:
class Example_Perm{
// a lot of stuff ...
function perm_invalid($does_have, $must_have) {
global $auth;
$auth->logout();
printf("Access denied.\n");
}
};
Hope, this helps.