The basic authorization logic for Movable Type is in the
App.pm file. The
run method does the check for being logged in and sets the cookie for future access. The actual DB query and check is done in the
login to see if the user is enabled by cookie or because the login prompt provided the user and password. If not,
run generates the template so that on the next request the user name and password is available. On success, a cookie is created and sent to the browser. If the user clicked ‘Remember Me’ then the cookie expiration is set to be 10 years in the future (otherwise it gets the default, which is until the browser is shut down).
user_classis expected to be set by the subclass of
MT::Appthat is performing the task.
mt_usercookie is restricted to the MT CGI directory, so it can’t be used by scripts elsewhere.
Trackback URL: http://blog.thought-mesh.net/solidwallofcode/movable_type/movable_type_au.php/ping