[pmwiki-users] authuser forcing Author name stopped working?

Neil Herber nospam at eton.ca
Thu Jul 7 20:54:56 CDT 2005


At 2005-07-07  07:57 PM -0500, Patrick R. Michaud is rumored to have said:
>On Thu, Jul 07, 2005 at 07:54:46PM -0400, Neil Herber wrote:
> > As a further puzzlement, it looks like $AuthId is not getting set by
> > authuser.php, which would explain why $Author doesn't get set. Is anyone
> > having the same problem? Can anyone suggest what the problem is?
>
>Yes.  Authuser.php currently doesn't set $AuthId unless it has
>something to authenticate people against.  So, unless $AuthUser
>is set prior to including authuser.php, it's essentially a no-op.
>
>If you're wanting to use Apache's authentication (i.e., REMOTE_USER),
>then you probably want httpauth.php instead of authuser.php.

Attempting to reply to both Patrick and Hagan Fox here ...

On my "fully private" fields, I already use Apache BA to authenticate users 
and force the author name to the user name. That has worked flawlessly for 
months.

On my open fields, I just use RequireAuthor for edits. That works fine too.

On my "semi private" field, which is the one in question, I have 
implemented userauth.php  and I read-protect the whole field. I 
authenticate against the password files used by Apache BA (so that those 
users can just use their normal username and passwords) but I also allow 
*anyone* who knows the single shared password to get in. A preamble page 
(not part of the wiki) instructs users to use their own name without spaces 
as a user name (FredSmith) and tells them where to find the password.

The shared password is just there to keep out robots. I used userauth.php, 
because it provided a nice way to get an author name before hitting an edit 
screen. ... or so I thought!

So the $64 question is, will Hagan's suggestion do what I want to do? He 
suggested:

>Correction.  If you want to *force* user tracking based on user's
>verified identity you should use
>
>   ## Enforce Author tracking based on the authenticated user.
>   if ($action == 'edit') @session_start();
>   if (@$_SESSION['authid']) $Author=$_SESSION['authid'];

For the curious, the start page is here:

http://saturn.eton.ca/


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list