[pmwiki-users] session for .htpasswd authorization
nospam at eton.ca
Wed Apr 26 11:19:16 CDT 2006
At 2006-04-25 12:10 PM -0400, Jihwang Yeo is rumored to have said:
>For example, a user logs in at a page at www.mywebsite.com/login
>then moves to a wiki page at www.mywebsite.com/wiki .
>If we use the same .htpasswd file for both pages, I would like to
>avoid users redundantly logging in for wiki.
>Is it possible with the current PmWiki code? Or otherwise
>any good idea?
I have several wikis that are inside realms protected by Apache Basic
Authentication (BA). I wanted to avoid having users log in to the
realm and then have to log in again to access the wiki.
Since the user has to log in using BA, I know that by the time they
reach the wiki, they have been authenticated. What I want to do, is
have PmWiki recognize the credentials issued by BA and force the
author name and authenticated ID to the BA username. I do that by
adding the following to my config.php file:
>## This will set the author field on all requests authenticated by
>## It will even override anything the author happens to put in the "Author"
>## box on the edit form.
>if (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];
>## turn on the PmWiki authentication
>##if someone has authenticated using Apache BA, then use that for local auth
> if (@$_SERVER['REMOTE_USER'])
> AuthUserId($pagename, $_SERVER['REMOTE_USER']);
The only problem this presents is if you restrict content within the
wiki based on the authenticated ID. For example, if you don't allow
user "FredSmith" to see a certain page (by setting the read "attr"),
when he tries to view that page, PmWiki will ask him for a password.
I tried to get around this problem by changing the Site.AuthForm to:
>'''Sorry! Your password does not provide access to this page.'''
>If you think this is an error, please contact [[~Neil Herber]].
Does this answer your question at all?
Corporate info at http://www.eton.ca/
More information about the pmwiki-users