[Xerte] Authentication

[Patrick Lockley]

Careful, talk of non-ldap integration will get people excited!

 

There are three ways of using toolkits (without doing any modifications)

 

1)    LDAP

2)    Integrated single sign on - look at integration.txt in the root

3)    No passwords - as used in the localhost version

 

All of the authentication takes place in
website_code/php/login_library.php

 

The key function is valid_login, which takes a password and a username
from the posted values from index.php (the home page).


You would also need to look at password play, which users the
password_check function in login_library.php.

 

The only other thing to note would be the session is populated by
details that come from the login_details table and also that the LDAP
result at present sets up a lot of the $_SESSION variables.

 

I don't think it would be much work, and it was discussed a bit
yesterday (off list) but it just presents a bit of a mare for us to code
as 

 

1)    Nottingham has LDAP

2)    Security

 

 

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jeremy
Hopkins
Sent: 29 May 2009 14:15
To: Xerte discussion list
Subject: [Xerte] Authentication

 

Hello All,

 

Are there any alternatives to LDAP authentication?

Is it possible to have for example email registration, or just create a
database of user accounts?

If this feature does not yet exsit, where which files would I need to
edit to create it?

For example, if I wanted to write a new auth method, where would I
change the function / method call?

 

Thanks Jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20090529/0149af7d/attachment.html