[pmwiki-users] PmWikiAuth Question

Patrick R. Michaud pmichaud at pobox.com
Fri Sep 15 13:38:33 CDT 2006

On Thu, Sep 14, 2006 at 10:16:10PM -0400, The Editor wrote:
> I'm still trying to figure out how PmWikiAuth works.  

In all likelihood you don't need to be calling PmWikiAuth.  It's
just a function that is called from RetrieveAuthPage() whenever
we need to retrieve page information and verify that the visitor
has sufficient access rights to a page.

More importantly, PmWikiAuth doesn't do authentication at all.
It only performs authorization based on whatever credentials
have already been provided (authenticated user identities,
passwords, etc.).

> This
> snippet checks to make sure the "passwd" entered in a form matches the
> one on file for "member" and then authenticates the user and is
> supposed to set the permissions connected to that password.

We don't have a concept of "set the permissions connected to that
password" -- that's backwards from how PmWiki's authorization
works.  Instead, the session maintains a set of known credentials
(authenticated identities and passwords entered).   Then, when
some type of access ($level) is needed for a given page ($pagename),
the authorization functions check the available credentials to
determine if authorization is permitted for the requested resource.

Hope this helps.


More information about the pmwiki-users mailing list