[pmwiki-users] How to store login information in a page and have their permissions determined by what group that page is in
Alex Eftimiades
alexeftimiades at gmail.com
Sun Aug 12 17:27:31 CDT 2012
Thanks for your help, but I wound up finishing what I started on the
custom authorization. It pretty much does everything I wanted it to
do, and I intend to publish it as a recipe tonight and/or tomorrow.
Here is the current functioning version of my recipe:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: authuserplus.php
Type: text/php
Size: 8287 bytes
Desc: not available
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20120812/d01b1139/attachment.bin>
-------------- next part --------------
You need to change scripts/author.php a bit to get the author links to
go to the right pages, and I used the EditAttributes recipe to do a
search for existing usernames, that a password has been set, and that
the username does not contain unwanted characters (in my case, the @
symbol, commas and whitespaces) before saving the new username. You
also need to add two lines to your config.php before including the
recipe if you are using wikipublisher (as I am):
unset($AuthCascade["wikipublisher"]);
$AuthCascade["read"]="wikipublisher";
Also since I salt my passwords, you should add the following line
before including the recipe (at least while you are making your first
users' profile pages):
$ROSPatterns['/\\(:encrypt\\s+([^\\s:=]+).*?:\\)/e'] =
"crypt(PSS('$1'),'$1')";
I tried to emulate the functionality of @_site_admin and the like by
associating a group $SitePrefix.'admin' or the like with an equivalent
level of authorization to @_site_admin. For example, by default
$SitePrefix='Site'. So anyone in the Siteadmin group gets similar
authorization to that of @_site_admin. The same goes for the rest of
the default passwords. As of now, I just have it so that anyone in
Siteadmin is the admin of every page, anyone in Siteedit can edit any
page, etc. I have to make it so that Siteedit cannot edit Siteadmin
and Siteattr's passwords, and that Siteattr cannot reset the passwords
of the other Site groups.
Also, the passwords are currently encrypted using the password itself
as the salt. I do this to make sure that even if the person had source
access to the page they could not read that person's passwords. I
thought about storing the passwords in plaintext and only letting
admins view pages with the 'password' page text variable, but this
seemed safer. The only problem is that it makes it very difficult--if
not impossible to use EditAttributes to create a new text field in the
edit form for entering a new password-let alone a confirmation
password. I will probably have to code that part from scratch if I
stay with the encrypted password approach.
Anyone have any comments?
Thanks,
Alex
On Aug 10, 2012, at 10:02 AM, Peter Bowers wrote:
> On Thu, Aug 9, 2012 at 4:15 PM, Alex Eftimiades
> <alexeftimiades at gmail.com> wrote:
>> That recipe looked promising if not for the fact that the part of
>> the recipe
>> that stores information in profiles is not maintained and there is
>> a lot of
>> red text that indicates it being nonfunctional. Did I
>> misunderstand, or is
>> that part of the recipe nonfunctional?
>
> IIRC the profiles section was completely functional first. Then
> authuser functionality was added in which changed a few parameters to
> a few functions, thus rendering the profiles functionality unusable.
> But I don't believe it's too far from being workable. And I believe
> the functionality from an authuser standpoint is in live use on
> several sites. All that to say I think the red warnings make it look
> a little worse than it actually is.
>
> -Peter
More information about the pmwiki-users
mailing list