[pmwiki-users] How to protect against vandalism?

Peter & Melodye Bowers pbowers at pobox.com
Tue Aug 5 09:21:53 CDT 2008

>I now have a "please enter qdk below" on my authform.  That's great when a
>user is trying to edit an open page.  But it can be confusing when a
>particular page has a different password or if someone is trying to change
>attributes rather than edit the page.  Is there any way to put this message
>only when someone is editing an "open" page?

Is a solution like this pretty risky security-wise?

===(snip config.php)===
if ($action == 'edit') {
    echo "action=edit<br>\n";
    $FmtPV['$editpass'] = '$page["passwdedit"]';

===(snip Site.AuthForm)===
(:if [ equal {$editpass} "" && equal {$Action} "edit" ] :)Please try qdk if
you don't know the password(:ifend:)

Setting my password to a pagevar seems pretty weird, even though it will be
encrypted.  However, I only do it when the action is "edit" when
(theoretically?) nobody could be doing anything to obtain it...

So, the question: is this pretty dangerous or does it seem OK from a
security standpoint?


More information about the pmwiki-users mailing list