[pmwiki-users] this works...

Patrick R. Michaud pmichaud at pobox.com
Fri Dec 8 08:33:51 CST 2006


On Fri, Dec 08, 2006 at 06:37:58AM -0500, The Editor wrote:
> On 12/8/06, Crisses <crisses at kinhost.org> wrote:
> >
> > > Here are your options:
> > >
> > > 1) If you can explain the exact difference between {$Author} and
> > > {$AuthId} and the advantages of the former I can change the code.
> > > It's one small change. And I suppose I could make the equal in my
> > > config file...  But I've always just used AuthId, and never fully
> > > grasped the difference between the two.
> >
> > The difference is @ is coming out blank, because I don't have
> > AuthUser installed.
> 
> What I meant was, can someone explain the exact difference between
> $Author and $AuthId in PmWiki?  I never really understood what $Author
> was.  

   $Author is the name used for signatures and the value that goes
   in the "Author:" box on the edit page.

   $AuthId stands for "authenticated identifier" -- it represents
   a username that has been authenticated somehow (e.g., via a password
   associated with that username, in AuthUser, UserAuth, or any other
   authentication mechanism someone chooses to use).

While many systems (and people/recipes) like to treat these the same,
there are lots of environments where that's not appropriate.  
For example, I may have a username/password system where my 
username ($AuthId) is "prm81365" or "pmichaud at pobox.com", but 
I still want any work I do on the system to show my real name 
($Author) as "Patrick Michaud" or "Pm", and not the string used
to identify myself for authentication purposes.

And, of course, if a site isn't using a user-based authentication
system, then $AuthId is never set.

PmWiki affords site administrators a fair amount of control over
the setting of $Author.  PmWiki's default is to store $Author
as a browser cookie, and if there's no cookie then use the
value of $AuthId.  But a site administrator can force the author
name to always be the same as an authenticated id by doing:

    include_once('scripts/authuser.php');
    $Author = $AuthId;

(See http://www.pmwiki.org/wiki/Cookbook/RequireAuthor .)

The question of when to use $Author versus $AuthId depends on
what is being done.  If you just need to know someone's name,
then use $Author.  If you're wanting to restrict access based
on authenticated identity, then use $AuthId.  (But note that
many sites don't use or want identity-based authorization.)

Hope this helps ... and I'll be happy to answer any other
questions.

Pm




More information about the pmwiki-users mailing list