Bypass Login and Set Guest Privileges

From Achievo/ATK Wiki

Jump to: navigation, search

ATK Howto: Bypass Login and Set Guest Privileges

Complexity: Advanced
Author: Marlon Bilog <marlbil at gmail dot com>

This will enable your ATK site to bypass the login page auto-logged-in as a guest user. Also, possibly allow guest users to view (readonly) some nodes or register a new user account to the system or to make other transactions in your site (example: feedbacks, testimonials).

Warning: This How-To has been reported to have problems with the recent version of ATK and is currently being updated.

List of other Howto's

1. Create a profile (I used - "Guest Profile") for your guests. For a start, I have enabled only the "admin" access rights to the nodes I want guest users to see. And to enable user registration and other guest actions, I enabled the "add" access to my user node (or on a separate user registration node/table) and other actions on nodes that you may want guests to have access to.

2. Add a user ("Guest Account") account with no username and password to your user table. This will be the initial account of anyone who visits your site and has not logged-in yet.

3. Assign the "Guest Profile" to the "Guest Account".

4. Edit ./config.inc.php to allow multiple authentications including "none". Here, I used the "none" authentication for guest users and "db" for registered users. Also, uncomment the $config_authorization, and set it the same as your second authentication type. This prevents ATK from loading "auth_none, db" (as in my $config_authentication) which results in a fatal error because atk does not handle yet multiple authorizations. 

   $config_authentication = "none, db";
   $config_authorization = "db";

5. Edit ./atk/security/class.auth_none.inc to disable logging-in of unknown accounts. Here, we only allow guests to login if there was no username entered when attempting to login. 

  function validateUser($user, $passwd)
  {
    if ($user == "")
      return AUTH_SUCCESS;
    else
      return AUTH_MISMATCH;
  }

6. Edit line 43-56 of ./top.php to change "Logged in as: <username> Logout" to "Members: Login" on the initial site visit. 

  //Backwards compatible $content, that is what will render when the box.tpl is used instead of a top.tpl
  $loggedin = ($g_user["name"]=="")? text("members").":" : text("logged_in_as", "", "atk").": &lsaquo;b&rsaquo;".$g_user["name"]."&lsaquo;/b&rsaquo;";
  $content = '&lsaquo;br/&rsaquo;'.$loggedin.' &nbsp; <a href="app.php?atklogout=1" target="_top">'.(($g_user["name"]=="")? ucfirst(atktext("login")) : ucfirst(atktext("logout"))).'</a>&nbsp;&lsaquo;br/&rsaquo;&lsaquo;br/&rsaquo;';
  $top = $ui->renderBox(array("content"=> $content,
                 "logintext" => ($g_user["name"]=="")? atktext("members") : atktext("logged_in_as"),
                              "logouttext" => ($g_user["name"]=="")? ucfirst(atktext("login", "", "atk")) : ucfirst(atktext("logout", "", "atk")),
                              "logoutlink" => "index.php?atklogout=1",
                              "logouttarget"=>"_top",
                              "centerpiece"=>"",
                              "searchpiece"=>"",
                              "title" => atktext("app_title"),
                              "user"   => $g_user["name"]),
                              "top");

... and for those using the dropdown menu (ATK 5.7 - Nightly):

Edit line 63 of ./atk/menu/class.atkdropdownmenu.inc to point the logout link to ./index.php and render the logout link correctly. 

        global $g_user; // added
        $menu.="    &lsaquo;li&rsaquo;<a href='index.php?atklogout=1'>".(($g_user["name"]=="")? (atktext("members").": ".atktext("login")) : (atktext('logout')." ".$g_user["name"]))."</a>&lsaquo;/li&rsaquo;\n"; // edited

7. Add to your language file the translation for "members" 

  "members" => "Members",
Retrieved from "http://www.atk-framework.com/wiki/Bypass_Login_and_Set_Guest_Privileges"
Personal tools
Navigation