Re: [Zope] Authentication using a form instead of a popup
<dtml-if "acl_users.authenticate(username,userpassword,REQUEST)"> <dtml-call "RESPONSE.redirect('intranet')"> <dtml-else> Error!! </dtml-if> The "acl_users.authenticate" part seems to work OK, as it returns an error if the user or password is wrong. And if they are OK, it tries to redirect to the intranet, that is to say, the restricted part. But the problem is that at this time it asks again for username and password, using a popup window.
you cannot just call methods on the user folder "manually" and expect the user to get logged in magically by doing that.
So there's no way to do something easy like <dtml-call "AUTHENTICATED_USER=acl_users.authenticate(username,userpassword,REQUEST )"> ?
you should be using a user folder that handles cookies or use the
CookieCrumbler product.
I will try the CookieCrumbler product, but how can I do the other thing you propose, a user folder that handles cookies? Thanks in advance, Igor Leturia
Igor Leturia wrote:
So there's no way to do something easy like <dtml-call "AUTHENTICATED_USER=acl_users.authenticate(username,userpassword,REQUEST )"> ?
That would be a giant security hole. The point is should be manage by the internal (safe) Zope ocde not by code that is unsafe and can be manipulated by someone form the outside. Using the CookieCrumbler will setup AUTHENTICATED_USER the way you want it, but in a safe way.
you should be using a user folder that handles cookies or use the
CookieCrumbler product.
I will try the CookieCrumbler product, but how can I do the other thing you propose, a user folder that handles cookies?
Thanks in advance,
Igor Leturia
participants (2)
-
Igor Leturia -
Johan Carlsson