[pLog-general] user authenication by filter

Oscar Renalias oscar at renalias.net
Thu Nov 4 18:02:06 GMT 2004 

but... did you even try this code? Did it work for you? Because for me,  
it won't work as it is :(

First of all, there were a few errors in the code...

function securityCheck(){
         $pipeline = new Pipeline( $request, $this->_blogInfo );
...

$request doesn't exist in the scope of this function so it should be  
$this->_request

Also later on in the same line:

         $pipeline = new Pipeline( $request, $this->_blogInfo );

it could be that $this->_blogInfo doesn't even exist (try logging out  
completely and then try typing admin?op=newResource for example) and  
see what you get... Try installing first the 'hostblock' plugin, you'll  
see that it crashes because it's trying to process a request through  
the pipieline whose BlogInfo object is null. Not good :)

Also. you moved the call to the following method too high in the  
AdminAction constructor:

	$this->_locale = $this->getLocale();

It cannot be moved so high up because otherwise it won't work...:

         function getLocale()
         {
         	// don't like this so much...
         	if( $this->_blogInfo != "" ) {
         		$this->_blogSettings = $this->_blogInfo->getSettings();
             	$locale =& Locales::getLocale(  
$this->_blogSettings->getValue("locale"));
             }
             else {
             	$locale =& Locales::getLocale(  
$this->_config->getValue("default_locale"));
             }
			
	return $locale;
         }

if you call this method *before* you call $this->_getBlogInfo(), then  
the first condition of the if(...) will never be true because we don't  
really have a $blogInfo object loaded yet from the session :( And we  
will always create a Locale object based on the value of the  
default_locale setting instead of the blog's own locale.

So either we fix the pipeline so that all objects check if the  
$blogInfo parameter is null or empty, or we do this in another way...  
(I just don't know in which way :)) I like the idea, it's just that the  
implementation is not quite perfect yet (so don't get me wrong!!)

Oscar

On 4 Nov 2004, at 16:49, su baochen wrote:

> hi,
>
> Below is the way I have done to authenticate user by filter. But I have
> not fully tested it,sorry.
>
> 1 create loginauthfilter.class.php in class/security directory, see
> attachment.
> 2 path class/action/admin/adminaction.class.php, see attachemnt for
> patch
> 3 create standarderrorrenderer.class.php in
> class/template/errorrenderers, see attachment. I create this file
> inspired by oscar's standardvalidationrenderer.class.php.
>
> Again, I have not tested the code under php4, sorry.
> --  
> su baochen <subaochen at 126.com>
> <adminaction.patch><loginauthfilter.class.php><standarderrorrenderer.cl 
> ass.php>_______________________________________________
> pLog-general mailing list
> pLog-general at devel.plogworld.org
> http://devel.plogworld.org/mailman/listinfo/plog-general

More information about the pLog-general mailing list