explain cookies in devdoc/api.txt

[syp.git] / devdoc / api.txt

diff --git a/devdoc/api.txt b/devdoc/api.txt
index e02b78dc8872a4c24762f7d2b8fdfe205339350b..005b49cb7a6ed8f9c52b8a6264fc8c08178de573 100644 (file)
--- a/devdoc/api.txt
+++ b/devdoc/api.txt
@@ -8,18 +8,38 @@ This field is called _imgurl_; it may also have a _title_ and/or a _description_
 
 Client submits a classic html form to server. 
 
 
 Client submits a classic html form to server. 
 

-**note**: In this documentation, php notation is used (`_POST` and `_FILES`),
-but server may be written in any language.
+**note**: In this documentation, php notation is used (`_POST`,  `_FILES` and
+ `_COOKIE`), but server may be written in any language.

 
 

-` _POST["password"]` and `_POST["user"] may contain user name and password. If
+`_POST["password"]` and `_POST["user"] may contain user name and password. If

  they are set, access is checked. If they is not set, cookies are checked. If
  they are set, access is checked. If they is not set, cookies are checked. If

- neither are present.
+ neither are present. If access is correct, cookies are set.
+
+Alternatively, `_COOKIE["syp_user"]` and `_COOKIE["syp_auth"]` may contain user
+ name and md5 of password. If tables prefix is not *syp_*, cookies name are
+ modifier accordingly.

 
 `_POST["request"]` is either:
 
 ## auth
  asks for authentication
 
 
 `_POST["request"]` is either:
 
 ## auth
  asks for authentication
 

+## changepass
+ change user password
+
+ * `_POST ["pass_current"]` must contain current password. This is needed: cookie
+    authentification is not enough.
+ * `_POST ["pass_new"]` must contain new password
+
+## newuser
+ adds a new user
+
+ * `_POST ["newuser_name"]` must contain user name
+ * `_POST ["newuser_password"]` must contain user password
+
+ **Only admin can add new users.**
+
+

 ## add
  adds a new feature
 
 ## add
  adds a new feature
 


@@ -71,12 +91,21 @@ as _text/html_
  * `toobig`: uploaded file was too big
  * `notation`: uploaded file was not an image
  * `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed)
  * `toobig`: uploaded file was too big
  * `notation`: uploaded file was not an image
  * `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed)

+ * `wrongpass`: wrong current password when trying to change password
+ * `newuser_exists`: when trying to add an user which has the same name as an already registered user

 
 ## success handling:
 
  * `<success request="auth"><user>?user_name?</name></success>`:
      authentication was successfull. ?user_name? is name of authenticated user.
 
 
 ## success handling:
 
  * `<success request="auth"><user>?user_name?</name></success>`:
      authentication was successfull. ?user_name? is name of authenticated user.
 

+ * `<success request="newuser"><user>?user_name?</name></success>`:
+     new user addition was successfull. ?user_name? is name of newly added user.
+
+ * `<success request="changepass"><user>?user_name?</name></success>`:
+     password change was successfull. ?user_name? is name user whose password
+     has been changed.
+

  * `<success request="del">
      <feature>
         <id>?id?</id>
  * `<success request="del">
      <feature>
         <id>?id?</id>