Use a subclass of Auth to provide parameters for your authentication class and to implement your own auth_* functions.

class My_Auth extends Auth {
  var $classname        = "My_Auth"; # Object serialization support

  var $lifetime         =  15;

  ## DB_Sql subclass and database table to use
  var $database_class = "DB_Session";
  var $database_table = "auth_user";

  ## Some magic value to make our uids harder to guess.
  var $magic = "Abracadabra";

  ## Use an own login form
  function auth_loginform() {
    global $sess;
    include("loginform.ihtml");
  }

  function auth_validatelogin() {
    global $username, $password;    ## form variables from loginform.ihtml

    ## If authentication fails, loginform.html will
    ## find $this->auth["uname"] set and use it.
    $this->auth["uname"]=$username;

    ## Value to return in case auth fails.
    $uid   = false;

    ## Check the database for this user and password pair.
    $query = sprintf(
      "select * from %s where username = '%s' and password = '%s'",
      $this->database_table,
      addslashes($username),
      addslashes($password)
    );
    $this->db->query($query);

    ## If we found a matching user, grab the uid and permissions...
    while($this->db->next_record()) {
      ## Required.
      $uid = $this->db->f("uid");

      ## Optional, for the perm feature.
      $this->auth["perm"] = $this->db->f("perms");
      ## if you use perm feature be aware, that the db-field in our
      ## example table is called "perms" due to a name conflict with sybase
    }

    return $uid;
  }
}
    

Your loginform.ihtml contains HTML and PHP code to draw a login form. $this->auth["uname"] will be empty on the first login attempt and set on all further login attempts. You can use this to detect repeated login attempts and display an appropriate error message. You must print the result of $this->url() to create your forms action attribute.

See the provided loginform.ihtml for an example.

Use the page management functions (see above) to use your authentication subclass. The feature name for authentication management is auth; provide the name of your Auth subclass as a parameter to the auth feature. The auth feature requires the sess feature:

	  page_open(array("sess" => "My_Session", "auth" => "My_Auth"));