Hi Jonny,
On Jun 14, 2005, at 3:45 AM, Johannes Becker wrote:
Hi,
I have a CForm (Definiton + Template) and a login-function in flow.
Now I want to combine these two.
function loginpage() {
var loginForm = new Form("forms/LoginForm_d.xml");
loginForm.showForm("form/LoginForm");
}
function login() {
var message = false;
var username = cocoon.request.get("username");
var password = cocoon.request.get("password");
account = getStore().readAccount(username, password);;
if (account == null) {
return message;
} else {
message = "true";
return message; }
}
}
Is it possible (and wise) to change the loginpage()-function like this:
function loginpage() {
while(true){
var loginForm = new Form("forms/LoginForm_d.xml");
loginForm.showForm("form/LoginForm");
var loggedin = login();
if(loggedin == "true") break;
}
Since this approach doesn't seem quite right and efficient to me:
Yeah, you're right... it's not quite right :-)
First some random observations:
- You don't have to call the Form() constructor every time through your
loop. You only build the form model once, and you can display it and
accept submissions many times with the same Form object.
- The style in CForms is to let the framework deal with the form
parameters... you get the data by interrogating the widgets. So lose
the calls to cocoon.request.get(), and ask the widgets for their values
instead (see example below). Also, I think it's bad form (pardon the
pun) to be displaying a form in one bit of flowscript, and handling the
parameters from the form submission in another piece of flowscript.
Part of the reason flowscript exists is so that you don't have to do
like in the "page scripting" mentality :-)
- returning a string "true" is surely not the best? Booleans work just
fine in flowscript :-).
- How does your application know to call loginpage()? You need to keep
track of whether the session user is logged in, and I don't see that
anywhere in your code...
- You probably want to display some kind of message on an unsuccessful
login attempt?
I've done "authentication 'lite'", i.e. using flowscript only, w/o the
auth-fw, and you can do it more or less something like this:
Suppose you have a flowscript function like this, that does something
you want protected by the login mechanism:
function showStuff() {
getLoggedInUser(); // make sure the user
is logged in...
.
. // whatever
.
}
getLoggedInUser() is a function that doesn't return until the user has
successfully authenticated. So now we need:
var currentUser = null; // note, global flowscript variables are
attached to the session
function getLoggedInUser() {
if (currentUser == null) {
currentUser = login();
}
}
function login() {
var loginForm = new Form("forms/LoginForm_d.xml");
var model = loginForm.getModel();
var loginUser = null;
var invalidLogin = false;
while (loginUser == null) {
loginForm.showForm(
"form/LoginForm",
{
invalidLogin: invalidLogin
}
);
loginUser = getStore().readAccount (model.username,
model.password);
invalidLogin = true;
}
return loginUser;
}
In your LoginForm template, use the JXTemplate language to
conditionally display an error message based on the invalidLogin
variable passed in from flowscript... something like
<jx:if test="${invalidLogin == 'true'}">
<p class="error">
Incorrect login ID and/or password.
</p>
</jx:if>
I think that's about all there is to it. Note, the above code sample
is written for the 'v1' flowscript forms API because that's what you
should probably be using. I've been using the 'v2' API for a long time
so my 'v1' is a little rusty... somebody else might be able to improve
the code in my example or correct it if need be :-)
HTH,
—ml—
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
