Ferreteria/v0.5/login: Difference between revisions

From Woozle Writes Code
Jump to navigation Jump to search
No edit summary
m (11 revisions imported: moving this project here)
 
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
==About==
==About==
The login feature consists of several filesets:
The login feature handles user/session authentication. It consists of three main phases:
* '''{{l/sub|data}}''' ({{l/ferreteria/code|login}}) - core data and storage I/O classes
* [[/submit]]: checking user's submitted credentials
* '''{{l/sub|dropin}}''' ({{l/ferreteria/code|dropins/login}}) - admin display I/O
* [[/session]]: checking Session cookie
* '''{{l/sub|status}}''' ({{l/ferreteria/code|login/status.php}}) - login status class
* [[/logout]]: handling of user logout
* (TBD) - form widgets
==Process==
There are two major phases of a logged-in session:
* 1. right after the user has attempted a login: if login is successful, the user's browser is given a session-cookie to use and is then immediately redirected (to clear out the POST input, thus preventing accidental multiple logins) and we go to phase 2.
* 2. when we need to check the user's session-cookie before we can know whether they're logged in or not (i.e. most of the time)


Login state is stored in the static <code>csLogin</code> class ({{l/ferreteria/code|login/status.php}}).
Code files/filesets involved include:
===writing login status===
* {{l/ferreteria/code|login}} - core data and storage I/O classes -- see {{l/sub|data}}
There are two ways the login status can be set: (a) actively logging in, (b) checking authenticity of a requested session
* {{l/ferreteria/code|dropins/login}} - admin display I/O
====logging in====
* {{l/ferreteria/code|login/status.php}} - login status class
{{arg|Account Feature}}<code>->TryLogin($sUser,$sPass)</code> : handle the logic for user login attempt; do necessary bookkeeping for result
* form widgets:
* &rarr; {{arg|Account Storage Row}}<code>->AuthorizeLogin($sUser,$sPass)</code> : lookup the given username, see if the password hash matches the stored hash
** {{l/ferreteria/code|tree/page/LoginWidget.php}}
* Log the results (<code>$this->CreateEvent(...)</code>)
*** {{l/ferreteria/code|tree/page/LoginWidget_block.php}}
* On success:
*** {{l/ferreteria/code|tree/page/LoginWidget_inline.php}}
** update the applicable Session record ({{arg|Session Storage Row}}<code>->UpdateForLogin($idAcct)</code>)
** {{l/ferreteria/code|tree/page/traits-login.php}}
 
====authenticating session====
{{arg|Session Feature}}<code>->UserIsLoggedIn()</code>
* &rarr; <code>NativeRow()->UserIsLoggedIn()</code>
 
===reading login status===
 
 
Example: see code in <code>cMenuLink->FigureIfAuthorized()</code> in {{l/ferreteria/code|tree/items/MenuLink.php}}
* This is called once per object from <code>ftRequiresPermit->OnRunCalculations()</code> in {{l/ferreteria/code|tree/items/traits.php}}.

Latest revision as of 16:44, 22 May 2022

About

The login feature handles user/session authentication. It consists of three main phases:

  • /submit: checking user's submitted credentials
  • /session: checking Session cookie
  • /logout: handling of user logout

Code files/filesets involved include:

Retrieved from "https://wooz.dev/mw/index.php?title=Ferreteria/v0.5/login&oldid=2466"