Many applications want to use $auth and $perm objects to protect functionality on a page, but do want to make the unprotected part of this page available to users with no account. This presents a kind of dilemma, because you need $auth and $perm objects to protect functionality on a page, but you don't want a login screen to appear by default.

Default authentication solves this dilemma by providing a special uid and uname "nobody", which is guaranteed to fail every permission check. If you set the nobody flag, $auth will not create a login screen to force a user to authenticate, but will authenticate the user silently as nobody. The application must offer a login button or other facility for users with accounts to change from that id to their real user id.

To use default authentication, create a subclass of My_Auth as shown above with the nobody flag set (Note: No need to extend in two steps. The only important thing here is that the nobody flag is set.)

	class My_Default_Auth extends My_Auth {
	  var $classname = "My_Default_Auth";

	  var $nobody = true;
	}
   

To create a page that uses default authentication, use the page management functions. Check for relogin requests with the login_if() function. Create a relogin link on your page.

         <?php
	  // using Default Authentication
	  page_open(array("sess" =>; "My_Session", "auth" => "My_Default_Auth"));
	  $auth->login_if($again);

	  if ($auth->auth["uid"] == "nobody"):
	?>
	  <A HREF="<?php $sess->purl('$PHP_SELF?again=yes') ?>">Relogin</A>
	  to this page.
	<?php endif ?>;