[pmwiki-users] UserAuth2 : Working with ZAP?

ThomasP pmwikidev at sigproc.de
Sun Dec 9 11:37:56 CST 2007


On Sun, December 9, 2007 2:52 am, Dean Staub wrote:
> First, Thank you Thomas for your work on the new module. It is a huge
> improvement over the former system - well done.
>
> I do however have a few small problems that I need to get to the bottom
> of. I have for example the latest version of ZAP installed and I can't
> get it to work.
> It says "You are not authorized to submit this form." and the test
> button function does nothing. How do I get around this?
>
> Another issue is I can't seem to access the Attribute pages when I am
> logged in as Admin. I understand this is not usually necessary, but in
> the case of Zap which adds a privilege to the attributes page I cant set
> it to no password (or clear it) This may have come from previous
> settings in the Attributes pages prior to installing your module.
>

Hi, thanks.

I remember to have scrapped the "attr" level altogether (since no
attribute pages had sense in my module), but one can simply reintroduce it
as the the pure editing of the attribute pages will have no adverse effect
on the functioning of module. One will have to establish some action-level
mapping like

attr => admin

(if you have a single admin setup), or rather something more elaborate
otherwise (unless you want every admin to access attribute pages).

The form submitting in ZAP will demand some more effort, as I have not
used it myself before. A good starting point is to download the debug
function from my profile page and use the built-in logging calls to look
at what privilege is actually requested and denied. I can walk you through
this in case you come across a stumbling stone.

More or less the following:

- download debug.php, put in cookbook dir
- activate it in the local/config.php
- set as the event that you want to observe "USAU"
- go to the TryAccessingPage() in userauth2.php and uncomment every
logging that might be interesting
- sprinkle the code (after the append calls) with flushUA2ErrorLog()
calls. [This would have usually been cared for by an exit handler.]

I'm sure that this will lead us to the right info.

Thomas





More information about the pmwiki-users mailing list