[pmwiki-users] authuser

Patrick R. Michaud pmichaud at pobox.com
Tue Jun 21 14:38:30 CDT 2005


On Tue, Jun 21, 2005 at 08:22:02PM +0100, Hans wrote:
> > By this do you mean the confusion is in attaching usernames + passwords
> > (authorizations) to pages in PmWiki, or simply the act of associating
> > a password with a specific username?
> 
> reflecting on this, my confusion came from wrongly expecting that by
> setting Users and passwords in a password file access would be granted
> to protected pages. The htpasswd examples in Cookbook/UserAuth
> suggested to me an association of name, password and actions,
> ie user:password:read,edit

Yes, the "read,edit" fields were a UserAuth extension to htpasswd --
they don't normally exist in such a file.  Plus, we typically want to
be able to control actions at the page and group level.

> Now I can see that the AuthUser array is just that, and the password
> file is just a container to fill the array, and it does not grant
> any privileges per se, but these need to be explicitly stated on the
> various levels, page and group via ?action=attr, and sitewide via
> $DefaultPassword, and on another dimension specific for the various
> actions read, edit, upload, attr.
> 
> Hope I got this right.

Sounds like it.  It's the same mechanism as PmWiki's original password
scheme, except that instead of requiring a shared password one can also
be authorized based on identity.

> Re: setting $Author when using authentication prompt:
> 
> I hacked the function AuthenticateUser in authuser.php:
> maybe this is a bit dirty, but it works so far:

And it's a little overkill -- there's no need to 
modify authuser.php.  If someone wants to set the author 
based on authentication then 

    # ...set passwords and authuser settings...
    include_once('scripts/authuser.php');
    if ($AuthId) {
      $Author = $AuthId;
      setcookie('author',$Author,0,'/');
    }

will do it.

Pm



More information about the pmwiki-users mailing list