[Pmwiki-users] sessionauth
Ruediger Marwein
ruediger.marwein at web.de
Sat Jul 12 06:43:03 CDT 2003
Hi,
I experienced problems when using the session auth.
So I took a look at the code and implemented several changes which would be
nice to have. In detail:
1. ability to set session name via variable ($SessionName)
2. use of a seperate hash key for the session entry to not accidently
overwrite something elsewhere. (['PmWiki']['authpw'])
3. include posted stuff in the form as hidden fields for the case to have an
unexcpected end of session after writing lots of text.
pm, could you take a look?
here's the diff of my quick hack:
---snipp---
8a9,11
> $SessionName = 'sid';
>
> session_name($SessionName);
12,15c15,18
< $HTTP_SESSION_VARS['authpw'] = $HTTP_POST_VARS['authpw'];
< SDV($SessionAuthFmt,"<b>Password required</b><p>
< <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
< method='post'>Password:
---
> $HTTP_SESSION_VARS['PmWiki']['authpw'] = $HTTP_POST_VARS['authpw'];
> $authpw = "<b>Password required</b><p>
> <form name='authform' action='{$HTTP_SERVER_VARS['REQUEST_URI']}'
> method='post'>Password:
17,18c20,27
< <input type='submit' value='OK' />
< </form>");
---
> <input type='submit' value='OK' />";
> while(list($k,$v) = each($HTTP_POST_VARS)) {
> if($k=='authpw') continue; // if posted wrong passwd
> $authpw .= "<input type='hidden' name='$k' value='$v'>";
> }
> $authpw .= "</form>";
>
> SDV($SessionAuthFmt,$authpw);
33c42
< $authpw = $HTTP_SESSION_VARS['authpw'];
---
> $authpw = $HTTP_SESSION_VARS['PmWiki']['authpw'];
---snipp---
Also to mention could be: cookie or not.
Another thing:
I see the $HTTP_*-vars everywhere... since php 4 those variables are there for
backward compatibility. But as PmWiki does not run with earlier versions
those should be replaced by the new $_GET,$_POST etc. to be up to date.
Gr33tZ
Ruediger
--
Ich liebe es, wenn ein Plan funktioniert.
Hannibal Smith
More information about the pmwiki-users
mailing list