auth::require_login (public)

 auth::require_login [ -level level ] \
    [ -account_status account_status ]

Defined in packages/acs-authentication/tcl/authentication-procs.tcl

If the current session is not authenticated, redirect to the login page, and aborts the current page script. Otherwise, returns the user_id of the user logged in. Use this in a page script to ensure that only registered and authenticated users can execute the page, for example for posting to a forum.

Switches:
-level
(defaults to "ok") (optional)
-account_status
(defaults to "ok") (optional)
Returns:
user_id of user, if the user is logged in. Otherwise will issue a returnredirect and abort the current page.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 test_link_tests link_tests (test xowiki) auth::require_login auth::require_login test_link_tests->auth::require_login test_package_normalize_path package_normalize_path (test xowiki) test_package_normalize_path->auth::require_login test_path_resolve path_resolve (test xowiki) test_path_resolve->auth::require_login test_slot_interactions slot_interactions (test xowiki) test_slot_interactions->auth::require_login test_xowiki_test_cases xowiki_test_cases (test xowiki) test_xowiki_test_cases->auth::require_login _ _ (public) auth::require_login->_ ad_conn ad_conn (public) auth::require_login->ad_conn ad_get_login_url ad_get_login_url (public) auth::require_login->ad_get_login_url ad_returnredirect ad_returnredirect (public) auth::require_login->ad_returnredirect ad_script_abort ad_script_abort (public) auth::require_login->ad_script_abort Class ::Generic::Form Class ::Generic::Form (public) Class ::Generic::Form->auth::require_login ad_restrict_entire_server_to_registered_users ad_restrict_entire_server_to_registered_users (public) ad_restrict_entire_server_to_registered_users->auth::require_login auth::self_registration auth::self_registration (public) auth::self_registration->auth::require_login ds_require_permission ds_require_permission (private) ds_require_permission->auth::require_login notification::security::require_admin_request notification::security::require_admin_request (public) notification::security::require_admin_request->auth::require_login

Testcases:
package_normalize_path, xowiki_test_cases, link_tests, slot_interactions, path_resolve
Source code:
    set user_id [auth::get_user_id  -level $level  -account_status $account_status]

    if { $user_id != 0 } {
        #
        # The user is in fact logged in, return her user_id.
        #
        return $user_id
    }

    set message ""
    
    if {[ad_conn auth_level] eq "expired"} {
        #
        # The login has expired. 
        #        
        set message [_ acs-subsite.lt_Your_login_has_expire]
        #
        # If the login was issued from an external_registry, use this
        # as well for refreshing.
        #
        set external_registry [sec_login_get_external_registry]
    } else {
        set external_registry ""
    }
    
    #
    # The -return switch causes the URL to return to the current page.
    #
    set return_url [ad_get_login_url -return -external_registry $external_registry]

    # Long URLs (slightly above 4000 bytes) can kill aolserver-4.0.10, causing
    # a restart. They lead to empty Browser-windows with AOLserver 4.5 (but no
    # crash so far). May browsers have length limitations for URLs. E.g.
    # 2083 is the documented maximal length of MSIE.
    #
    # Long URLs will be generated e.g. when
    #   a) a user edits a form with text entries
    #   b) before submitting the form logs out of OpenACS from a different browser window
    #   c) submits the form.
    # When submitting needs authentication, OpenACS generates the redirect to
    # /register with the form-data coded into the URL to continue there.....

    # set user_agent [string tolower [ns_set iget [ns_conn headers] User-Agent]]
    # ns_log notice "URL have url, len=[string length $return_url] $user_agent"

    if {[string length $return_url] > 2083} {
        set message "[_ acs-authentication.Login_expired_url_too_long]"
        append message "[_ acs-authentication.Editing_form_text]"
        set return_url [ad_get_login_url]
    }

    ad_returnredirect -message $message -- $return_url
    ad_script_abort
Generic XQL file:
packages/acs-authentication/tcl/authentication-procs.xql

PostgreSQL XQL file:
packages/acs-authentication/tcl/authentication-procs-postgresql.xql

Oracle XQL file:
packages/acs-authentication/tcl/authentication-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: