[pmwiki-users] AuthUser login using url

Peter Bowers pbowers at pobox.com
Wed Feb 9 04:15:20 CST 2011

On Wed, Feb 9, 2011 at 10:44 AM, Martin Kerz <martinkerz at gmail.com> wrote:
> Can I somehow login directly by something like
> »http://testwiki.org/Home/Start?user=test?password=test« to the URL if
> I'm using the AuthUser setting?

It seems like a really bad security hole...but if you're OK with that...

Here are the relevant lines in authuser.php:

if (@$_POST['authid'])
  AuthUserId($pagename, stripmagic(@$_POST['authid']),

Obviously $_POST is being used intentionally to avoid the possible
security ramifications.  But you could put something like this in
config.php (before you include authuser.php if you are doing that

if (@$_REQUEST['u'])
  AuthUserId($pagename, stripmagic(@$_REQUEST['u']),

Then you could log in with this:


I haven't tested this -- use at your own risk.


More information about the pmwiki-users mailing list