[prev in list] [next in list] [prev in thread] [next in thread] 

List:       phplib-dev
Subject:    Re: [PHPLIB-DEV] "nobody" default authentication after login_if()
From:       Massimiliano Masserelli <negro () sgabanaz ! interim ! it>
Date:       1999-11-24 10:05:24
[Download RAW message or body]

On Wed, Nov 24, 1999 at 02:15:09AM -0600, Adam N. Thompson, MCNE wrote:
 AT> If we call login_if() to allow a "nobody" user to log in, then the
 AT> user clicks the "back" button... 
 AT> They aren't returned to "nobody" status - they are forced to log in. 
 AT> The call to unauth() inside login_if() causes this, of course, but is
 AT> there any way to prevent it? 

Yes, but it is a bit tricky. I mean, when the login form is displayed, the
uid is no longer "nobody" or "2097vdskjh0ds09dus" or "", but "auth". This
means that we have presented a form and we should validate the form
input. To exit from this state, you have to set a global, which by default
is $cancel_login (but you may change the name via $auth->$cancel_login) in
all public pages. If you think your users are a bit smarter, provide a
"cancel" button in the loginform.ihtml which calls 
$sess->url("a/public/page.php3?cancel_login=1").

Bye.
--
     Massimiliano Masserelli       |     URL:    http://www.interim.it/
     Internet Images S.r.l.        |     Tel:    +39-051-3390671
     vicolo Viazzolo, 3            |     Fax:    +39-051-557890
     40124 - Bologna - Italy       |
-------------------------------------------------------------------------------
Uva, s.f.:
	Frutta che abbronza.
		-- Da it.hobby.umorismo
-
PHPLIB Developers Mailing List. Send messages to <phplib-dev@lists.netuse.de>.
To unsubscribe, send "unsubscribe" to <phplib-dev-request@lists.netuse.de> in
the body, not the subject, of your message.

[prev in list] [next in list] [prev in thread] [next in thread]