[pmwiki-users] Fwd: PmWikiAuth Question

The Editor editor at fast.st
Sun Sep 17 19:19:19 CDT 2006


Well, my problem is when I login using my script, it checks my
password and sets authid properly.  However if my password happens to
be the admin password I only have permissions of any typical logged in
user.

This would be OK, but I want to use my login form to be used for
Site.AuthForm, so users will get my login script, and not the default
one whenever needed.  But this means I have no way to login as an
admin unless I do some fancy contortions somewhere (I have
workarounds).  I'd like the login script though to somehow recognize
my password as an admin password and grant the right permissions
automatically.

If I understand what you are saying properly, what I really should be
asking is how do I get my user entered password added to the "set of
known credentials" so PmWikiAuth can have it when I try to say edit a
page? And not just my authenticated name?

I just don't want others to have the same problems I've had of
carelessly locking themselves out of their own site.

Cheers,
Caveman

PS.  My script seems to work when I set my admin permissions to id:Caveman.



On 9/15/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Sep 14, 2006 at 10:16:10PM -0400, The Editor wrote:
> > I'm still trying to figure out how PmWikiAuth works.
>
> In all likelihood you don't need to be calling PmWikiAuth.  It's
> just a function that is called from RetrieveAuthPage() whenever
> we need to retrieve page information and verify that the visitor
> has sufficient access rights to a page.
>
> More importantly, PmWikiAuth doesn't do authentication at all.
> It only performs authorization based on whatever credentials
> have already been provided (authenticated user identities,
> passwords, etc.).
>
> > This
> > snippet checks to make sure the "passwd" entered in a form matches the
> > one on file for "member" and then authenticates the user and is
> > supposed to set the permissions connected to that password.
>
> We don't have a concept of "set the permissions connected to that
> password" -- that's backwards from how PmWiki's authorization
> works.  Instead, the session maintains a set of known credentials
> (authenticated identities and passwords entered).   Then, when
> some type of access ($level) is needed for a given page ($pagename),
> the authorization functions check the available credentials to
> determine if authorization is permitted for the requested resource.
>
> Hope this helps.
>
> Pm
>
>




More information about the pmwiki-users mailing list