[Pmwiki-users] sessionauth

[Ruediger Marwein]

Hi,

I experienced problems when using the session auth.

So I took a look at the code and implemented several changes which would be 
nice to have. In detail:

1. ability to set session name via variable ($SessionName)
2. use of a seperate hash key for the session entry to not accidently 
overwrite something elsewhere. (['PmWiki']['authpw'])
3. include posted stuff in the form as hidden fields for the case to have an 
unexcpected end of session after writing lots of text.

pm, could you take a look?

here's the diff of my quick hack:
---snipp---


8a9,11
> $SessionName = 'sid';
>
> session_name($SessionName);
12,15c15,18
<   $HTTP_SESSION_VARS['authpw'] = $HTTP_POST_VARS['authpw'];
< SDV($SessionAuthFmt,"<b>Password required</b><p>
<   <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
<     method='post'>Password:
---
>   $HTTP_SESSION_VARS['PmWiki']['authpw'] = $HTTP_POST_VARS['authpw'];
> $authpw = "<b>Password required</b><p>
>   <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
>     method='post'>Password:
17,18c20,27
<     <input type='submit' value='OK' />
<   </form>");
---
>     <input type='submit' value='OK' />";
> while(list($k,$v) = each($HTTP_POST_VARS)) {
>   if($k=='authpw') continue; // if posted wrong passwd
>   $authpw .= "<input type='hidden' name='$k' value='$v'>";
> }
> $authpw .= "</form>";
>
> SDV($SessionAuthFmt,$authpw);
33c42
<   $authpw = $HTTP_SESSION_VARS['authpw'];
---
>   $authpw = $HTTP_SESSION_VARS['PmWiki']['authpw'];


---snipp---

Also to mention could be: cookie or not.

Another thing: 
I see the $HTTP_*-vars everywhere... since php 4 those variables are there for 
backward compatibility. But as PmWiki does not run with earlier versions 
those should be replaced by the new $_GET,$_POST etc. to be up to date.

Gr33tZ
Ruediger



-- 
Ich liebe es, wenn ein Plan funktioniert.
  Hannibal Smith