[pmwiki-users] Page question

Hans design5 at softflow.co.uk
Wed Jun 25 03:08:50 CDT 2008


Wednesday, June 25, 2008, 4:03:19 AM, Mailinglists wrote:

> Oh No! This never ends... looks like all somebody has to do it just
> attempt a password, don't have to be correct, and my Client.HomePage
> conditionals above will be true. How can I test if authpw exists and is valid?

authpw does exist after it has been submitted by the login form.
The validity depends on which page and for which attribute you wish
to check.

I like to suggest a different approach for your Clients.HomePage,
which I will call the login page:

Put a login form directly on the login page. For instance this form:

'''$[Password required]'''
(:input auth_form2:)
$[Password]: (:input password name=authpw:)
(:input submit value='OK':)
(:input end:)

Here I am using a modified input control called 'auth_form2'.
Define it in config.php like this:

$InputTags['auth_form2'] = array(
  ':html' => "<form action='{$_SERVER['REQUEST_URI']}' method='post' 
    name='authform'>");

The difference to the standard auth_form defined in scripts/forms.php
is that I removed \$PostVars, which otherwise appears as plain text.

Note also that you won't get a message about an invalid password
being submitted. Frankly there is no invalid password when submitting
the login form from the login page. The login page should be
protected by an 'edit' password, and make sure ?action=source is tied
to 'edit' and not to 'read' access.


  ~Hans




More information about the pmwiki-users mailing list