[pmwiki-devel] Login and function PmWikiAuth
marc
gmane at auxbuss.com
Tue Jan 16 10:24:22 CST 2007
marc said...
> Patrick R. Michaud said...
> > On Wed, Dec 20, 2006 at 06:47:53PM -0000, marc wrote:
> > > marc said...
> > > >
> > > > I prefer to use a login form in the sidebar - just username and password
> > > > - along with authuser and authuserdb. This works fine except when an
> > > > invalid login occurs. In this case $AuthPromptFmt is opened in the main
> > > > page.
> > > >
> > > > What I am trying to achieve is to retain the main page unchanged, and
> > > > simply report login/page access errors in the sidebar form.
> >
> > It may be that it needs some special handling in local/config.php:
> >
> > ## check to see if we have sufficient permission for the
> > ## requested action, if not, then add an error message and
> > ## switch to ?action=browse.
> > $page = RetrieveAuthPage($pagename, $HandleAuth[$action], false);
> > if (!$page) {
> > $MessagesFmt[] = 'Please log in with appropriate privileges';
> > $action = 'browse';
> > }
> >
> > You might try something like that.
>
> This works really well, thanks.
>
> So that the display of $MessagesFmt[] is empty when the user arrives,
> and doesn't display for an invalid or empty login, I excluded it for
> $action='login':
>
> $page = RetrieveAuthPage($pagename, $HandleAuth[$action], false);
> if (!$page) {
> if ($action != 'login')
> $MessagesFmt[] = 'Please log in with appropriate privileges';
> $action = 'browse';
> }
Oops! Spoke too soon. This will block all submits from forms/non-core
actions.
To circumvent this issue, is the following the right way to do it?
if (in_array($action,$HandleAuth)) {
$page = RetrieveAuthPage($pagename, $HandleAuth[$action], false);
if (!$page) {
if ($action != 'login')
$MessagesFmt[] = 'You don\'t have the necessary
privileges for that action';
$action = 'browse';
}
}
i.e. only do the auth check for core actions (and any others
registered).
--
Cheers,
Marc
More information about the pmwiki-devel
mailing list