[Zope] Re: login page problem

prabuddha ray buddharay at gmail.com
Mon Apr 4 04:41:51 EDT 2005 

Hi list,
never before i got such a holistic advice.
thanks so much Cliff.

About the 1st mail,

On Sat, 02 Apr 2005 17:03:56 +0100, Cliff Ford <Cliff.Ford at ed.ac.uk> wrote:
> Customisation of the login sequence is quite difficult for Newbies
> because there are lots of different ways to approach the problem - you
> have already tried some. I suspect that trying to match what was done in
> PHP may be part of your problem. It would be helpful to know if your
> lists of users are coming from one source, like a database table, or
> multiple sources, like multiple tables or different databases, and
> whether users are unique in each district

I dint want to built customized login page in 1st place. Actually this
is a Govt. stores management site used in my state only bulit all in
ASP. I 've to convert this into a Zope and Plone version.
So i wanted to get it converted with minimun changes.
But now as you say i think I should go the way Zope does it . only
that i'm finding it hard to customize it in Zope.

1> the district name and their users come from 2 seperate Mysql
tables. the users are unique in each district.

> From there you decide your
> zope folder structure. It could be like this:
>
> site_home
> |__acl_users
> |__district1
> |__district2
>
> or like this:
>
> site_home
> |__district1
> |    |__acl_users
> |__district2
> |    |__acl_users
>
> In the second case you would not have to worry about asking the user for
> the district name. In the first case you would get a district name or a
> user defined role for that district from a supplementary data source,
> like a database.

So i think 2nd structure is abetter fit.
Now the qusetion is how do build this district user folder structure
using the database?
Hope not manually, because there are 22 districts and about 15 users
in each of them pluys head quarters.

> A combination of exUserFolder and MySQL would do.

i don know about them, something like mysqluserfolder or
simpleuserfolder components ?

> You can get information on the logged in user (Username and Roles) from
> the User object, so you don't need to expicitly use sessions at this
> stage. You should certainly not store passwords - that would be a 
> serious breach of confidentiality.
> Maybe you should say what you do with the District parameter after the
> user has logged in.

I dont need the password but do need the username and district for
following pages to decide the access rights and the stores available
inthe districts , also for some report labels.

> Giving advice or examples on ZPT and Python for an
> approach that is probably wrong is just too time-consuming.
>
> Cliff

i dint get to know much about coding ZPT's and Script(Python) for them,
 from the ZPT refs and Zopebook. So wanted some simple working examples.

About 2nd mail,

On Sun, 03 Apr 2005 09:39:01 +0100, Cliff Ford <Cliff.Ford at ed.ac.uk> wrote:
> I have been trying to think of ways of providing specific pointers, So, 
> assuming you have a custom login page and a custom python script that 
> processes that page:
> 
> In the Python script you could set a cookie for the District:
> 
> context.REQUEST.RESPONSE.setCookie('District', district)
> 
> where district is the name of the District field in the form. The 
> District parameter is then always available to your page templates and 
> scripts in the REQUEST object.
> 
> At the end of your login script you would typically redirect to some 
> specific page like this:
> 
> return context.REQUEST.RESPONSE.redirect('aURL')
> 
> in exUserFolder you don't have to do anything else - the login works by 
> magic, which is very confusing.


Are these above said things not possible in exUserFolder. how do i
customize it for my problem?

> 
> Now for the problems:
> 
> If the login is wrong the system will call /standard_error_message, so 
> you have to customise that to send the user back to the login form with 
> a Login failed message.
> 
> If the user bookmarks a protected page and tries to jump to it without 
> being logged in, the system will call the login sequence starting in 
> acl_users, so you have to customise that to call your own login page.
> 
> After the user has logged in, whenever you need to get the Username you 
> would typically use a python script like this:
> 
> from AccessControl import getSecurityManager
> return getSecurityManager().getUser().getUserName()
> 
> HTH
> 
> Cliff

So this is what can be done if I use exUserFolder ?
Hope a reply soon.
-- 
Share the vision of difference with ME

More information about the Zope mailing list