[pmwiki-users] authuser forcing Author name stopped working?

Patrick R. Michaud pmichaud at pobox.com
Thu Jul 7 21:06:48 CDT 2005


On Thu, Jul 07, 2005 at 09:54:56PM -0400, Neil Herber wrote:
> On my "semi private" field, which is the one in question, I have 
> implemented userauth.php  and I read-protect the whole field. 

(I assume you mean authuser.php here.)

> I authenticate against the password files used by Apache BA (so that those 
> users can just use their normal username and passwords) but I also allow 
> *anyone* who knows the single shared password to get in. 

Oh, I didn't see the $AuthUser['htpasswd'] line in your original email
so I was wondering if it's there.  It is, so that means something else
is going on...

authuser.php onlys sets $AuthId if the person actually authenticates
against one of the available authentication records.  In the case of
the single shared password, that password is sufficient to authorize
edit access to the page but does not authenticate identity (i.e.,
it does not set $AuthId).

So, it sounds as though what you really want is to set the author
name based on the password form and not based on authentication, so
perhaps something like:

    $AuthUser['htpasswd'] = '/path/to/your/.htpasswd';
    include_once("$FarmD/scripts/authuser.php");
    if (@$_POST['authid']) {
      $Author = $_POST['authid'];
      setcookie('author', $Author, 0, '/');
    }

Pm



More information about the pmwiki-users mailing list