[pmwiki-users] authuser

Hans design at flutesong.fsnet.co.uk
Tue Jun 21 12:25:53 CDT 2005


Tuesday, June 21, 2005, 5:52:09 PM, Patrick wrote:
> Well, the script "updates" (as opposed to "reinitializes") the session
> with the new authenticated user.  By any chance are you also using 
> httpauth?

No. As I said in the previous email, it is now actually working.
And I am working through levels of confusion as to where and how
passwords+usernames are set.

> Then, protecting pages on the wiki uses the same mechanisms as default --
> i.e., set per-page and per-group passwords using ?action=attr, except
> you can add "passwords" that look like
> 
>    id:bart           # only "bart" can do this
>    id:bart,nancy     # both "bart" and "nancy"
>    id:*              # anyone with a valid username/password
>    foobar id:bart    # only "bart" and anyone who knows the password "foobar"

setting user permissions via ?action=attr for pages seems indeed to
work as outlined above, including the id:* and the combined foobar
id:name bit.

> So, if you wanted a site-wide edit restriction, you can do:
> 
>    $DefaultPasswords['edit'] = 'id:bart,nancy';

This seems to work as well. What does not work is
     $DefaultPasswords['edit'] = 'id:*';

obviously this would be very useful, if it works, as user+password
lists can be maintained on the password file, or the AuthUser array.

I have not tried combinations like foobar id:nancy in the
$DefaultPasswords setting.

I also notice that entering a username and password does not pass this
username ( $_SESSION['authid'] ) to the {$Author} variable. Could this
be included, so the username automatically appears in the sign author
box, and other places on pages where {$Author} is used?


Best, 
~Hans                           




More information about the pmwiki-users mailing list