A function that can be used in auth_loginform() and auth_registerform. It returns the appropriate "action=" attribute to the form tag.
A function that can be used in auth_loginform() and auth_registerform. It prints the appropriate "action=" attribute to the form tag.
A function that can be used to change the current user identity from nobody in using default authentication mode. See the section and example on using default authentication below.
This function destroys the authentication information in $this->auth, forcing the user to relogin the next time a protected page is being loaded.
$this->auth["uname"] is being kept, so that the correct username is available as a default.
Since V6: To give the user the credentials of `nobody', pass true as the first parameter to unauth. This will also change $this->auth["uname"].
Since V7.2: Passing $nobody to this method is deprecated.
This function destroy all authentication information in $this->auth, forcing the user to relogin the next time a protected page is being loaded.
Most applications want to use $this->unauth() instead.
Since V6: To give the user the credentials of `nobody', pass true as the first parameter to logout. This defaults to the value you set in the class definition ($nobody). logout() will call unauth() (passing $nobody), so the behaviour is identical (except logout() will always clear $this->auth["uname"] and unregister the auth class).
Since V7.2: Passing $nobody to this method is deprecated.
Will return false, if the current authentication is invalid or expired. Will return the authenticated uid otherwise.
This function can be overridden in a subclass to Auth. It is being called as the very first step in the authentication process and has the opportunity to authenticate the user without a loginform being displayed (by deriving all necessary information telepathically, or by using cookies, or divining the user identities from the incestines of a dead squirrel).
If it returns a UID value, the user is authenticated and neither auth_loginform() nor auth_validatelogin() are called. If it returns false, all goes on as usual.
This function must be overridden by a subclass to Auth. It should output HTML that creates a login screen for the user. We recommend that you use an include() statement to include your HTML file.
This function is called when the user submits the login form created by auth_loginform(). It must validate the user input.
If the user authenticated successfully, it must set up several fields within the $auth[] instance variable:
must not be tampered with (field is maintained by start(), contains the time when the login expires).
if you want to use the permission feature, you must store the permissions of the validated user here. (Hint: due to a name conflict with sybase, "perm" is called "perms" in all the databases tables. Look for this small difference!).
See the example below for more information.
Initialization function, does the authentication. If we are in log (login) mode, auth_loginform() is called to draw a login screen. When the login screen is submitted back, auth_validatelogin() is called to validate the login. If the validation was successful, the actual page content is shown, otherwise we're back at auth_loginform().
In reg mode, auth_registerform() is called to draw a registration form. When the registration form is submitted back, auth_doregister() is called to register the user and to validate the session. If registration was successful, the actual page content is shown, otherwise we're back at auth_registerform().