[Pmwiki-users] sessionauth

Ruediger Marwein ruediger.marwein at web.de
Sat Jul 12 06:43:03 CDT 2003


I experienced problems when using the session auth.

So I took a look at the code and implemented several changes which would be 
nice to have. In detail:

1. ability to set session name via variable ($SessionName)
2. use of a seperate hash key for the session entry to not accidently 
overwrite something elsewhere. (['PmWiki']['authpw'])
3. include posted stuff in the form as hidden fields for the case to have an 
unexcpected end of session after writing lots of text.

pm, could you take a look?

here's the diff of my quick hack:

> $SessionName = 'sid';
> session_name($SessionName);
<   $HTTP_SESSION_VARS['authpw'] = $HTTP_POST_VARS['authpw'];
< SDV($SessionAuthFmt,"<b>Password required</b><p>
<   <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
<     method='post'>Password:
>   $HTTP_SESSION_VARS['PmWiki']['authpw'] = $HTTP_POST_VARS['authpw'];
> $authpw = "<b>Password required</b><p>
>   <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
>     method='post'>Password:
<     <input type='submit' value='OK' />
<   </form>");
>     <input type='submit' value='OK' />";
> while(list($k,$v) = each($HTTP_POST_VARS)) {
>   if($k=='authpw') continue; // if posted wrong passwd
>   $authpw .= "<input type='hidden' name='$k' value='$v'>";
> }
> $authpw .= "</form>";
> SDV($SessionAuthFmt,$authpw);
<   $authpw = $HTTP_SESSION_VARS['authpw'];
>   $authpw = $HTTP_SESSION_VARS['PmWiki']['authpw'];


Also to mention could be: cookie or not.

Another thing: 
I see the $HTTP_*-vars everywhere... since php 4 those variables are there for 
backward compatibility. But as PmWiki does not run with earlier versions 
those should be replaced by the new $_GET,$_POST etc. to be up to date.


Ich liebe es, wenn ein Plan funktioniert.
  Hannibal Smith

More information about the pmwiki-users mailing list