[Zope] html form authentication
Jens Vagelpohl
jens@zope.com
Sun, 30 Mar 2003 12:24:48 -0500
use the CookieCrumber product (-> search zope.org) to do cookie-based=20
authentication. do not attempt to "hand-roll" authentication by calling=20=
methods on the user folder. it will not work.
jens
On Sunday, Mar 30, 2003, at 10:58 US/Eastern, I=F1igo Serna wrote:
> Hello,
>
> I want to authenticate users from acl_users with my own HTML form and=20=
> a python script.
> I can't use user._getPassword() because it's an internal method.
> and it seems user.authenticate function calls browser authentication=20=
> again.
> How could I achieve this?
>
> This is the code I use:
>
> *************** ZPT "form" ***************
> ...
> <form action=3D"login" method=3D"post">
> <table class=3D"form">
> <tbody>
> <tr>
> <th class=3D"text">Name: </th>
> <td><input name=3D"user" size=3D"12" maxlength=3D"12"
> value=3D""></td>
> </tr>
> <tr>
> <th class=3D"text">Password: </th>
> <td><input name=3D"password" type=3D"password" =
size=3D"12"
> maxlength=3D"8" value=3D""></td>
> </tr>
> <tr><td> </td></tr>
> <tr>
> <td align=3D"center">
> <input type=3D"reset" value=3D"Clean">
> </td>
> <td align=3D"center">
> <input type=3D"SUBMIT" value=3D"Submit">
> </td>
> </tr>
> </tbody>
> </table>
> </form>
> ...
> *********************************************
>
> *************** Script (Python) "login" ***************
> request =3D container.REQUEST
> RESPONSE =3D request.RESPONSE
> user =3D container.acl_users.getUser(request.user)
> try:
> if user.authenticate('the_password', request):
> print 'OK'
> else:
> print 'FAILED'
> except AttributeError:
> print 'User doesn\' exist'
> return printed
> *********************************************
>
> Thanks in advance,
> I=F1igo
> <signature.asc>=