Login management stuff

Previous: User functionality ] [ Top: To-do manager ] [ Next: User administration screens ]

Once I had the login functionality coded, I realized there's no good way to log out short of closing your browser if you're using authuser logins. (Please correct me if you know of a way.) So I wrote a quick little login management routine. If called with no parameters, it will report the login user (if any) and present a form to be used to select a user to switch to, and also a form to update personal information. If called with a username, it forces a new login.
 
ns_register_proc GET $todomgr_root/login todomgr_login

proc todomgr_login {conn ignore} {
   set userid [ns_conn authuser $conn]
   if ![string compare $userid ""] {
      return [todomgr_pageout $conn nologin.html]
   }
At this point we know that the user is logged in and which user it is. Let's ask the database for information about this user.
 
   global todomgr_pool
   set db [ns_db gethandle $todomgr_pool]
   set row [ns_db select $db "select * from users where userid='[sql_safe_string $userid]'"]
   ns_db getrow $db $row
   foreach field {userid password name email website} {
      set tags($field) [ns_set get $row $field]
   }
(Apologies for the egregious lack of error handling here. After it's all working I'll have to go back and fix that sort of thing up.) So we have the user's information -- let's get the form and see what we're supposed to do.
 
   set form [ns_conn form $conn]
   if {$form == ""} {
      See Showing the current login
   } else {
      See Switching logins
   }
}


Showing the current login
If our login is known, then we simply display the login.html page in order to give the user a chance to switch logins.
 
set tags(title) "Current login user: $tags(userid) ($tags(name))"
return [todomgr_pageout $conn login.html]


Switching logins
To switch login userids, we simply check the user parameter and return a 401 if the authuser doesn't match. This forces login with the given userid.
 
if [string compare [string tolower $userid] [string tolower [ns_set get $form user]]] {
   ns_set put [ns_conn outputheaders $conn] WWW-Authenticate "BASIC realm=\"task list manager\""
   return [todomgr_pageout $conn auth.html 401]
}
If they do match, then we'll just do the same as the showlogin. In fact, let's just use the exact same code.
 
See Showing the current login
Previous: User functionality ] [ Top: To-do manager ] [ Next: User administration screens ]


This code and documentation are released under the terms of the GNU license. They are additionally copyright (c) 2000, Vivtek. All rights reserved except those explicitly granted under the terms of the GNU license.