The contents of an auth file

The various authentication checks are called during login through the prive/formulaires/login.php file. The first, which validates an authentication, makes it possible to accommodate someone who is in the process of identifying themselves.

The list of the various authentications is defined by a global variable: $GLOBALS['liste_des_authentifications'].

Nonetheless, the authentication processes are relatively complex requiring several safety checks. The user login and password are passed to the verification functions (encrypted with sha56 paired with a random number - or in the clear in the worst of cases when it is not possible to store cookies).

The primary identification function

A auth/nom.php file must have a auth_nom_dist() function. This function returns a table describing the author if that author is authenticated.

if (!defined("_ECRIRE_INC_VERSION")) return;
// Authenticates and if ok, returns the array for the user's SQL row
// If a security risk affects the installation, return False
function auth_spip_dist ($login, $pass, $md5pass="", $md5next="") {
...
}

Author Mark Baber Published : Updated : 01/06/10

Translations : English, français