[pmwiki-users] authuser forcing Author name stopped working?
H. Fox
haganfox at gmail.com
Thu Jul 7 22:46:24 CDT 2005
On 7/7/05, Neil Herber <nospam at eton.ca> wrote:
> At 2005-07-07 09:06 PM -0500, Patrick R. Michaud is rumored to have said:
> >So, it sounds as though what you really want is to set the author
> >name based on the password form and not based on authentication, so
> >perhaps something like:
> >
> > $AuthUser['htpasswd'] = '/path/to/your/.htpasswd';
> > include_once("$FarmD/scripts/authuser.php");
> > if (@$_POST['authid']) {
> > $Author = $_POST['authid'];
> > setcookie('author', $Author, 0, '/');
> > }
>
> Exactly what I want to do! I shall try it now.
I think you can keep your users from spoofing a .htpasswd user by
slipping in two more lines:
$AuthUser['htpasswd'] = '/path/to/your/.htpasswd';
include_once("$FarmD/scripts/authuser.php");
if (@$_POST['authid']) {
$Author = $_POST['authid'];
setcookie('author', $Author, 0, '/');
} else if (@$_COOKIE['author']) {
$Author = $_COOKIE['author'];
}
This way:
* If they try to log in as a .htpasswd user they will need the correct password.
* The name they use to log in cannot be changed using the Edit form's
Author field.
Hagan
More information about the pmwiki-users
mailing list