• Info
• Initial State
• View Source
• Run

Advanced VSPX programming

VX-S-6 VSPX login control

Simple login dialog

Login example

The vspx:login is a special control, it may occur inside VSPX page only once. In it's representation it may be a visual or it may be a hidden depending of intended purpose. The purposes of that control are two: to verify login credentials and to ask user to enter a login. On pages that are authorized the control is hidden, but in case login fails, redirect will be made to a page which will ask for login. Reasonable question is what kind of authorization is supported? The answer is: HTTP Digest, URL poisoning and with Cookies. As Digest and Cookie are not well supported in world of browsers the most effective way is URL poisoning.

The attributes on vspx:login control are:

• mode - designate type of authorization : "digest", "url" or "cookie". In out example it would be the "url"
• realm - this is a unique string within applications space. This is used to distinguish logins from one application to other. In other words: area of usability of performed login.
• user-password - name of PL function. This function is used when the mode is "digest". As digest do not send clear-text passwords this is used to retrieve from some source the password on server side.
• user-password-check - this is PL function which is used to check password for given user. It's used when "cookie" and "url" authorization is performed.

In our example the setup script defines both functions: for digest and URL poisoning, so as exercise the type can be changed to "digest" and appropriate attribute to be set. Also please note that digest on Netscape (up to 7.0) or Mozilla browsers will not function properly as they have a defect in digest handling. But anyway on IE5.0 or greater this can be experimented.

The following children elements are interesting:

• template[if-no-login] - the content of it will be displayed when login failed. It may have special attribute "redirect" which will cause redirect to another page.
• template[if-login] - the content will be shown if request is authorized.
• login-form - this is a special form to ask user for entering the credentials. It may have defaults, but special content is also possible as in that example.

As note we should say that login-form contains special buttons and fields named "username", "password" and "login". These are used to represent custom login form. These must be with the exactly that names. And one vspx:button with special function - "logout", it is used to terminate the current session. The logout button may appear in any place of login control but it's usually in if-login template.

Finally we should notice that when login control is used the connection variables and persistent page variables can be used. (for more details see vspx:variable and connection_set () , conenction_get () functions)

View the source	Action
1. vx_s_6.sql	Set the initial state
2. login.vspx	Run