[pmwiki-devel] Login and function PmWikiAuth

Sat Jan 6 04:19:40 CST 2007

marc said...
> Patrick R. Michaud said...
> > On Wed, Dec 20, 2006 at 06:47:53PM -0000, marc wrote:
> > > marc said...
> > > > Hi,
> > > > 
> > > > I prefer to use a login form in the sidebar - just username and password 
> > > > - along with authuser and authuserdb. This works fine except  when an 
> > > > invalid login occurs. In this case $AuthPromptFmt is opened in the main 
> > > > page.
> > > > 
> > > > This look a bit odd, because there are then two login prompts on the 
> > > > page: one in the sidebar and one on the main page.
> > > > 
> > > > What I am trying to achieve is to retain the main page unchanged, and 
> > > > simply report login/page access errors in the sidebar form.
> > > > 
> > > > I can see that this is handled by the last lines of PmWikiAuth(), but 
> > > > can't think of a way to change this in situ to do what I want.
> > > > 
> > > > Is the best way to copy PmWikiAuth() with appropriate changes, and point 
> > > > to it via $AuthFunction? Or, more likely, am I way off base? 
> > > 
> > > <bump>
> > > 
> > > Please let me know if I've not explained the issue well enough. 
> > 
> > It's explained well enough -- I don't have a quick answer (but
> > I'm thinking about it).
> > 
> > It seems as though putting 
> > 
> >     (:redirect {*$FullName}:)
> > 
> > into Site.AuthForm might get pretty close -- i.e., whenever
> > someone requests a protected action, it returns them to the
> > 'view' of the page.  But I'm not sure how to get a login/page access
> > error message into the sidebar in that case.
> 
> By replacing Site.AuthForm with 
> 
>     (:redirect {*$FullName}:)
> 
> oddly, the text of the markup is displayed, e.g.
> 
>     (:redirect Testing.AdminOnlyPage:) 
> 
> rather than it being actioned. Same effect when I change the redirect 
> to, say:
> 
>     (:redirect Main.HomePage:)
> 
> Although, in this case, when I go to Site.AuthForm, I am redirected.

Any further ideas how to fix this?

When combined with another issue I reported on the other list[1], I'm 
wondering whether I should rewrite the login handler[2].

[1]
  In many places on pages with non-user-editable text, I want:
    (:if ! auth admin:)(:noaction:)(:ifend:)
  This works fine in local/Site.php and other places. However, when
  authorisation is required and the login form appears, I can't find a 
  way to stop PageActions from being displayed. Is this possible?

[2]
  $HandleActions = 'login' => 'HandleLoginB');

  function HandleLoginA($pagename, $auth = 'login') {
    global $AuthId, $DefaultPasswords;
    unset($DefaultPasswords['admin']);
    $prompt = @(!$_POST['authpw'] || ($AuthId != $_POST['authid']));
    $page = RetrieveAuthPage($pagename, $auth, $prompt, 
            READPAGE_CURRENT);
    Redirect($pagename);
  }

Are there any obvious gotchas that I need to avoid while doing this that 
anyone can point out? Thanks.

-- 
Cheers,
Marc