[pmwiki-users] Fwd: PmWikiAuth Question
editor at fast.st
Sun Sep 17 19:19:19 CDT 2006
Well, my problem is when I login using my script, it checks my
password and sets authid properly. However if my password happens to
be the admin password I only have permissions of any typical logged in
This would be OK, but I want to use my login form to be used for
Site.AuthForm, so users will get my login script, and not the default
one whenever needed. But this means I have no way to login as an
admin unless I do some fancy contortions somewhere (I have
workarounds). I'd like the login script though to somehow recognize
my password as an admin password and grant the right permissions
If I understand what you are saying properly, what I really should be
asking is how do I get my user entered password added to the "set of
known credentials" so PmWikiAuth can have it when I try to say edit a
page? And not just my authenticated name?
I just don't want others to have the same problems I've had of
carelessly locking themselves out of their own site.
PS. My script seems to work when I set my admin permissions to id:Caveman.
On 9/15/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Sep 14, 2006 at 10:16:10PM -0400, The Editor wrote:
> > I'm still trying to figure out how PmWikiAuth works.
> In all likelihood you don't need to be calling PmWikiAuth. It's
> just a function that is called from RetrieveAuthPage() whenever
> we need to retrieve page information and verify that the visitor
> has sufficient access rights to a page.
> More importantly, PmWikiAuth doesn't do authentication at all.
> It only performs authorization based on whatever credentials
> have already been provided (authenticated user identities,
> passwords, etc.).
> > This
> > snippet checks to make sure the "passwd" entered in a form matches the
> > one on file for "member" and then authenticates the user and is
> > supposed to set the permissions connected to that password.
> We don't have a concept of "set the permissions connected to that
> password" -- that's backwards from how PmWiki's authorization
> works. Instead, the session maintains a set of known credentials
> (authenticated identities and passwords entered). Then, when
> some type of access ($level) is needed for a given page ($pagename),
> the authorization functions check the available credentials to
> determine if authorization is permitted for the requested resource.
> Hope this helps.
More information about the pmwiki-users