[pmwiki-users] authuser
Hans
design at flutesong.fsnet.co.uk
Tue Jun 21 14:22:02 CDT 2005
Tuesday, June 21, 2005, 7:32:45 PM, Patrick wrote:
> By this do you mean the confusion is in attaching usernames + passwords
> (authorizations) to pages in PmWiki, or simply the act of associating
> a password with a specific username?
reflecting on this, my confusion came from wrongly expecting that by
setting Users and passwords in a password file access would be granted
to protected pages. The htpasswd examples in Cookbook/UserAuth
suggested to me an association of name, password and actions,
ie user:password:read,edit
Now I can see that the AuthUser array is just that, and the password
file is just a container to fill the array, and it does not grant
any privileges per se, but these need to be explicitly stated on the
various levels, page and group via ?action=attr, and sitewide via
$DefaultPassword, and on another dimension specific for the various
actions read, edit, upload, attr.
Hope I got this right.
Re: setting $Author when using authentication prompt:
I hacked the function AuthenticateUser in authuser.php:
maybe this is a bit dirty, but it works so far:
function AuthenticateUser($authid) {
global $Author;
$GLOBALS['AuthId'] = $authid;
@session_start();
$_SESSION['authid'] = $authid;
$GLOBALS['Author'] = $authid;
setcookie('author',$Author,0,'/');
}
The cookie gets set for the duration of the session, as it needs
login next time anyway.
On the edit page a user can change the author name, which may be a
good or bad thing. I expect with the coming new edit form to be
defined on a wiki page we can conditionally exclude the author field
from appearing, so with successful login (authenticated user), the
Author field does not appear.
I understand that there may be a desire to have a different author
name from the user name, which makes it a different problem.
Best,
~Hans
More information about the pmwiki-users
mailing list