[pmwiki-users] authuser

[Hans]

Tuesday, June 21, 2005, 7:32:45 PM, Patrick wrote:
> By this do you mean the confusion is in attaching usernames + passwords
> (authorizations) to pages in PmWiki, or simply the act of associating
> a password with a specific username?

reflecting on this, my confusion came from wrongly expecting that by
setting Users and passwords in a password file access would be granted
to protected pages. The htpasswd examples in Cookbook/UserAuth
suggested to me an association of name, password and actions,
ie user:password:read,edit

Now I can see that the AuthUser array is just that, and the password
file is just a container to fill the array, and it does not grant
any privileges per se, but these need to be explicitly stated on the
various levels, page and group via ?action=attr, and sitewide via
$DefaultPassword, and on another dimension specific for the various
actions read, edit, upload, attr.

Hope I got this right.

Re: setting $Author when using authentication prompt:

I hacked the function AuthenticateUser in authuser.php:
maybe this is a bit dirty, but it works so far:

function AuthenticateUser($authid) {
  global $Author;
  $GLOBALS['AuthId'] = $authid;
  @session_start();
  $_SESSION['authid'] = $authid;
  $GLOBALS['Author'] = $authid;
  setcookie('author',$Author,0,'/');
}

The cookie gets set for the duration of the session, as it needs
login next time anyway.
On the edit page a user can change the author name, which may be a
good or bad thing. I expect with the coming new edit form to be
defined on a wiki page we can conditionally exclude the author field
from appearing, so with successful login (authenticated user), the
Author field does not appear.

I understand that there may be a desire to have a different author
name from the user name, which makes it a different problem.


Best, 
~Hans