1.2.1 Module

This module allows you to protect a part of your website with a login and a password, using a basic HTTP authentication scheme.

All you have to do is declare a CherryClass that inherits from HttpAuthenticate, and all your masks and views will be automatically protected.

To perform this magic, HttpAuthenticate uses AOP (aspect oriented programming). This basically means that it will add some extra code at the beginning of each of your masks and views.

You may override the following methods:

function: getPasswordListForLogin(login)
This is where you specify what the valid login/password combinations are. The input value is the login that the user entered. The method should return a list of all valid passwords for this login. If the login is incorrect, just return an empty list.

Note: Being able to return several matching passwords for a login allows you to keep a "master key" password that works with all logins.

mask or view: unauthorized()
This is the page that is displayed when the user entered an incorrect login/password 3 times in a row.

variable: login
String containing the login of the user that is logged in. The string is empty if no-one is logged in.

Note: There is no "logout" method. Users are automatically logged out when they close their browser window.

See Also:

Module CookieAuthenticate:
Cookie-based authentication.
Module CookieSessionAuthenticate:
Cookie/session-based authentication.

See About this document... for information on suggesting changes.