Hi! Could someone please tell me how I can let users change their passwords from within a dtml-method, and how I can make a logoff user method? Pointers to code/products to use is much appreciated Sture Lygren
Sture, Have a look at http://d031.ml.uwcm.ac.uk/z/zGold. It's something I made as a demo for a conference I attended. There is a downloadable version that you can use to see how I did what I did. HTH Phil phil@philh.org -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Sture Lygren Sent: Friday, October 08, 1999 10:36 AM To: zope@zope.org Subject: [Zope] Authentication Hi! Could someone please tell me how I can let users change their passwords from within a dtml-method, and how I can make a logoff user method? Pointers to code/products to use is much appreciated Sture Lygren _______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope (Related lists - please, no cross posts or HTML encoding! To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
On Fri, Oct 08, 1999 at 10:44:15AM +0100, Phil Harris wrote:
Sture,
Have a look at http://d031.ml.uwcm.ac.uk/z/zGold.
It's something I made as a demo for a conference I attended.
There is a downloadable version that you can use to see how I did what I did.
HTH
Phil phil@philh.org hi phil, i downloaded zGold and experimented/dig into the zope mine ( well, it is to me).
however, i can't decide how i can bring the authenticated_name along everywhere i go. tried setting a cookie, but can't decide how to pass the cookie as the AUTHENTICATED_USER.name across other path; ie when accessing other folders not in the zGold folders. pointers? docs? thanks
kedai, To my understanding, once a user is authenticated the AUTHENTICATED_USER object is available everywhere the user goes. I hope I'm right as my new site depends on it, ;¬) Phil phil@philh.org -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of kedai Sent: 09 October 1999 02:35 To: Phil Harris Cc: zope@zope.org Subject: Re: [Zope] Authentication On Fri, Oct 08, 1999 at 10:44:15AM +0100, Phil Harris wrote:
Sture,
Have a look at http://d031.ml.uwcm.ac.uk/z/zGold.
It's something I made as a demo for a conference I attended.
There is a downloadable version that you can use to see how I did what I did.
HTH
Phil phil@philh.org hi phil, i downloaded zGold and experimented/dig into the zope mine ( well, it is to me).
however, i can't decide how i can bring the authenticated_name along everywhere i go. tried setting a cookie, but can't decide how to pass the cookie as the AUTHENTICATED_USER.name across other path; ie when accessing other folders not in the zGold folders. pointers? docs? thanks _______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope (Related lists - please, no cross posts or HTML encoding! To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
At 7:51 pm +0100 9/10/99, Phil Harris wrote:
kedai,
To my understanding, once a user is authenticated the AUTHENTICATED_USER object is available everywhere the user goes.
I hope I'm right as my new site depends on it, ;¬)
Phil phil@philh.org
I'm having a few 'weirdies' with it Phil. I'm authenticating at the top level with the domain hack that Martijn described (ie AnonUser domain = *.*.*.*). At a level below I authenticate Newcastle User (NclUser, domain = *.ncl.ac.uk). This works fine. However, I also authenticate against a UserDB object for people who need to upload objects. I find that methods at the top level get the NclUser authentication rather than the 'tone' authentication that UserDB provides. At least that's what I *think* is happening... I don't have a workaround I'm afraid. My long term goal is to have everyone authenticate against UserDB. hth tone. ------ Dr Tony McDonald, FMCC, Networked Learning Environments Project http://nle.ncl.ac.uk/ The Medical School, Newcastle University Tel: +44 191 222 5888 Fingerprint: 3450 876D FA41 B926 D3DD F8C3 F2D0 C3B9 8B38 18A2
Phil Harris wrote:
kedai,
To my understanding, once a user is authenticated the AUTHENTICATED_USER object is available everywhere the user goes.
I hope I'm right as my new site depends on it, ;¬)
Phil phil@philh.org
hi phil,
however, i can't decide how i can bring the authenticated_name along everywhere i go. tried setting a cookie, but can't decide how to pass the cookie as the AUTHENTICATED_USER.name across other path; ie when accessing other folders not in the zGold folders.
I think what kedai wants to do is put AUTNETICATED_USER into a cookie, and then have the next request use the same AUTENTICATED_USER object as the first. It doesn't quite work this way. AUTNETICATED_USER is not a string, it waddles and quacks like a string in DTML, but it's really a user object. Since there is no way to equate this object to a cookie, or even to know exactly what kind of object it is (it's some *kind* of user object, it *probably* subclasses AccessControl.User.User, but who knows?). What I think you're looking for are sessions. The ability to track one 'user' from reqeust to request. Scott Robertson has an alpha session product available on the Zope site. I can't remember it's name, but it's got 'sessions' in it. -Michel
On Sun, Oct 10, 1999 at 06:18:25PM -0400, Michel Pelletier wrote:
Phil Harris wrote:
kedai,
To my understanding, once a user is authenticated the AUTHENTICATED_USER object is available everywhere the user goes.
I hope I'm right as my new site depends on it, ;¬)
Phil phil@philh.org
I think what kedai wants to do is put AUTNETICATED_USER into a cookie, and then have the next request use the same AUTENTICATED_USER object as the first. It doesn't quite work this way.
yup! tried it and then knew it's wrong! ;)
What I think you're looking for are sessions. The ability to track one 'user' from reqeust to request. Scott Robertson has an alpha session product available on the Zope site. I can't remember it's name, but it's got 'sessions' in it.
yes, it is called Session. but as previously mentioned, if i understand it correctly, it needs to have the session folder/id as the base of operation. the same thing works with phil's way too, *if* any links after is based on the folder users authenticate from. phil, you can verify after you login by appending REQUEST and see AUTHENTICATED_USER, and click any other links, and then append REQUEST and see whether you're still the user you authenticated as. if i want to authenticate of the acl_users in the root folder, what do i call? i tried calling validate, but i cant set the AUTHENTICATED_USER before sending REQUEST, or can i specify when calling validate(password,REQUEST=?) ? is where i'm not quite sure if i wanted to pass AUTHENTICATED_USER. tia
-Michel
participants (5)
-
kedai -
Michel Pelletier -
Phil Harris -
Sture Lygren -
Tony McDonald