On Jul 4, 2006, at 11:34 PM, Ron Savage wrote:
On Tue, 4 Jul 2006 20:49:26 -0400, Michael Petnuch wrote: Hi MichaelCees has dropped out of sight for a week or so, so I'll give you a partialanswer to your second question...The second question I had asked before but I didn't seem to get anyI've emailed Cees a this patch (among others): sub login_box { my $self = shift; my $query = $self->_cgiapp->query; my $credentials = $self->credentials; my $runmode = $query->param('rm') ||
I don't know if it's such a good idea to assume that the program will use 'rm' as the mode_param criteria. I, for instance, used to use 'n' as my mode_param. Is there a way to get from C::A what the mode_param is? That would probably be a better idea.
$self->_cgiapp->get_current_runmode;my $destination = $query->param('destination') || $query- >self_url;which I think addresses your problem.
Also, I wasn't actually using login box for my login page. I use the option LOGIN_URL (my site is distributed across several modules via Dispatch, so I couldn't just use LOGIN_RUNMODE) so that my login page is displayed. I was only citing login_box because I wanted to see how Cees was setting the $destination variable. The problem stems from the fact that destination is expected to be set via $query- >self_url which works find if you are using the login_box function or if you specify LOGIN_RUNMODE. However, if you use LOGIN_URL the user is redirected to the new url (instead of just a different runmode being displayed - I think the mod uses the forward plugin) and self_url does not return the desired value. I think what needs to be done is set the destination variable somewhere in initialize before the user is forwarded.
Overall though, I found the module to have too many options, with resulting complexity, and I want to send the password across the net in encrypted form,
I send my passwords in an encrypted form. I just have apache rewrite any incoming login request to go over the https protocol. Do you not use https?
and I wanted the log in form to look like the rest of the app, so I decided not
You can have the login form look like the rest of the app. I believe login_box is just provided as a convenience function.
to use this module. I use Javascript::SHA1 to do the encryption. --
Interesting. I took the opposite approach. I had originally wrote my own auth functionality into my code. But I kept on having to write exceptions. When I came across the authentication/ authorization plugins I though they were elegent enough to warrent me into changing my code. Right now I am at about 85% (these two bugs and a few other minor issues) of the functionality I had previously but the code I have to maintain has decreased significantly. This alone keeps me wanting to use the modules.
Ron Savage [EMAIL PROTECTED] http://savage.net.au/index.html --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[email protected]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
