> i did it, but it donĀ“t work,
Because this code has no sense this way.
You're just storing and retrieving data from session.
What do you suppose this will do...

Try something like:

def extractCredentials(self, request):
    creds = {} 
    session = self.REQUEST.SESSION
    creds = session.get('_key', None)

    if creds:
        return creds

    login = request.get('__ac_name', '')
    if login:
           # Look in the request for the names coming from the login form
           login = request.get('__ac_name', '')
           password = request.get('__ac_password', '')
           if login:
               creds['login'] = login
               creds['password'] = password
       if creds:
           creds['remote_host'] = request.get('REMOTE_HOST', '')
               creds['remote_address'] = request.getClientAddr()
           except AttributeError:
               creds['remote_address'] = request.get('REMOTE_ADDR', '')
           session.set('_key', creds)
           return  creds
       return None

You should use protected class (like in CAS4PAS) to store credentials
in session. Also you should think how it is supposed to work and what
should be done in extractCredentials and what in authenticateCredentials
functions, etc.

So far this code checks if there is object in session and if so then it
credentials from this object, if no, then it tries to extract credentials
from request.
You should now validate these credentials with something (eg. RDBMS),
possibly in authenticateCredentials function.

Maciej Wisniowski
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to