[pmwiki-users] Dumb Question: Access Classes without AuthUser?
Stirling Westrup
sti at pooq.com
Tue Nov 6 12:47:45 CST 2007
Patrick R. Michaud wrote:
> On Tue, Nov 06, 2007 at 02:39:38AM -0500, Stirling Westrup wrote:
>> I've got a PmWiki website that I also use as a personal information manager.
>> Right now I'm not using AuthUser, since there's only two classes of access:
>> public and private.
>>
>> Now, I've been thinking of putting up some content that I want to limit to a
>> few close friends. Rather than going the full AuthUser route, I'd like to just
>> introduce some passwords that would give varying degrees of access to the
>> internals. As such, I would have group passwords, but no usernames. Such a
>> scheme might look like:
>>
>> $DefaultPasswords['@personal'] = crypt("JustMePassword");
>> $DefaultPasswords['@intimates'] = crypt("VeryCloseFriendsPassword");
>> $DefaultPasswords['@friends'] = crypt("FriendsPassword");
>> $DefaultPasswords['@prerelease']= crypt("AlmostPublicPassword");
>
> Yes, except that $DefaultPasswords is normally tied to actions and
> not to accounts...
>
> I think you can get what you want by doing something like:
>
> if (@$_POST['authpw']) {
> $AuthGroupPasswords = array(
> '@personal' => crypt("JustMePassword"),
> '@intimates' => crypt("VeryCloseFriendsPassword"),
> '@friends' => crypt("FriendsPassword"),
> '@prerelease' => crypt("AlmostPublicPassword"));
> # loop through all of the group/password combinations, setting
> # $authlist[group] to 1 for any matches
> foreach($AuthGroupPasswords as $g => $pw) {
> if (crypt($_POST['authpw'], $pw) == $pw)
> $authlist[$g] = 1;
> }
> # if we had any matches, then authorize the group for this session.
> if ($authlist) SessionAuth($pagename, array('authlist'=>$authlist));
> }
>
> I haven't tested the above, but it should be fairly close.
>
> Hope this helps,
>
Thanks! I'll be trying this out shortly.
More information about the pmwiki-users
mailing list