Hi,
Looking at the stats for 2.2.1, there were 17300 downloads of a .php version and 3300 for a .php3 version. I presume that it means PHP4 is well deployed.
I think we could *add* another auth mecanism for PHP4 servers: session-based. I use it in all my other LAMP-based projects (did not try it with WAMP) and my users have no problems.
Instead of $cfgServers[1]['adv_auth']
we could have $cfgServers[1]['auth']
with the possible choices:
'config': the username/password are in the config file (old advanced=false)
'http' http authentication (old advanced=true) (still use stduser?)
'session' session-based, customized login panel, session id propagated by URL (still use stduser?)
Marc
Bonjour, (yes, I'm still alive, just hat 36000 things to do the last months, sorry :)
On Sat, Nov 03, 2001 at 08:52:36AM -0500, Marc Delisle wrote:
I think we could *add* another auth mecanism for PHP4 servers: session-based. I use it in all my other LAMP-based projects (did not try it with WAMP) and my users have no problems.
Yes, a session-based auth would be something we should really add.
Like Marc I'm using the standard php4 sessions for years (or maybe months), but it seems that Loic don't like them because they are buggy, so we could maybe use an home-made session system? This is not an hard thing: it would just require a mysql table. (id, session_id, username, db, passwd, ip, expiration, timestamp)
Another argument for an home-made solution is that is would still work under php3...
I think it should still work even if the browser has turned of the cookies support -> so we would nearly have to keep the session_id in every url or post request.
Regards, Olivier
-
Marc Delisle -
Olivier M.