[Zope-CMF] Verifying a user based on __ac and __ac_name

Gitte Wange gitte@mmmanager.org
Sun, 21 Apr 2002 13:36:41 +0200

----- Original Message -----
From: "Tres Seaver" <tseaver@zope.com>
To: "Gitte Wange" <gitte@mmmanager.org>
Cc: <zope-cmf@zope.org>
Sent: Sunday, April 21, 2002 1:30 PM
Subject: Re: [Zope-CMF] Verifying a user based on __ac and __ac_name

> Gitte Wange wrote:
> > Hello,
> >
> > I a trying to integrate a payment server into my cmf site.
> > When people have ordered their stuff and checked out their items, the
> > payment server fetches a specific page from the zope system. This page
is a
> > reciept.
> > Since it's the server that fetched the page, the user is not logged in.
> > But I'm sending the HTTP_COOKIE with the request so I have this when the
> > payment server fetches the receipt.
> >
> > Now I was wondering if I could make some sort of script that looped
> > all the portal member finding a member matching name in __ac_name and
> > verifying that the password in __ac is the same as the portal members
> > password.
> >
> > Any hints on this ?
> If you send the cookies with the 'Cookie:' header, then you *will* be
> authenticated: that is what the CookieCrumbler does. Perhaps you have
> spelled the header name oddly (e.g., 'HTTP_COOKIE' won't work).
> Tres.
> --

All I can do is putting a value in a hidden field in the checkout form.
Here I have putted the data from the request/HTTP_COOKIE variable.
So when the payment server fetches the reciept page the is a variable in the
request object named 'session' where the values from request/HTTP_COOKIE is
stored ...