Branko Vukelic wrote:
> I've never done user authentication before, so could you please give me
> a place to start? What reading should I be doing before attempting to
> create an authentication system for my app?
>
Hiya Branko,
I like your new design for the logo, BTW.
I'm a web.py newbie, and thought I'd put my authorisation system out
there for comments. Might be useful to you...or I might have completely
mucked it up.
I use the web.session.Session object to keep the state of a connection
going, and stash all the relevant bits into it. This session data is
retrieved when a function needs to know something persistent:
def getSession():
global sess
if web.config.get('_session') is None:
sess = web.session.Session(app,
web.session.DiskStore('/path/to/sessions'), {'count': 0,'logged_in':0})
web.config._session = sess
else:
sess = web.config._session
Each page subclasses a parent web page object that does the basic
housekeeping:
1) loads the session
2) if logged in checks it's a valid login
3) sets up various stock parts of all web pages (header, footer, menus,
style sheet references, login block, etc).
class webpage:
def GET(self):
global header
global stylesheet
global footer
global menu
global bodycontent
global template_values
global sess
global loginblock
getSession()
# SQL to check the userid if logged in
# setup standard parts of web pages as listed above
(Of course, most of this is cached so that I don't have lots of disk
access per page check, etc.)
The class for each page simply has to change the details its interested
in changing before shipping out the page
:
class QualityPage(webpage):
def GET(self):
webpage.GET(self)
# these 3 lines control whether this user is allowed access to this
page.
if sess.logged_in == 0:
sess['targeturl']=web.ctx.fullpath
raise web.seeother("/login.html")
#Set the body content for this page to something other than the
generic content.
bodycontent="QualityPage"
return
render.generic(bodycontent,menu,header,footer,loginblock,stylesheet)
Finally, to login, the POST processing of the login page sets the
sess.logged_in variable appropriately (along with other useful bits of
information like account number, etc).
Does that sound useful? Did I do it in a boneheaded way?
-Ken
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
