[pmwiki-users] authuser

H. Fox haganfox at gmail.com
Tue Jun 21 20:21:44 CDT 2005 

On 6/21/05, Hans <design at flutesong.fsnet.co.uk> wrote:
> Is this:
> 
>      # ...set passwords and authuser settings...
>      include_once('scripts/authuser.php');
>      if ($AuthId) {
>        $Author = $AuthId;
>        setcookie('author',$Author,0,'/');
>      }
> 
> equivalent to this (it seems to work similarly well):
> 
>     include_once('scripts/authuser.php');
>     if (@$_SESSION['authid']) $Author=$_SESSION['authid'];

I believe so.

> and what has this to  do with it:
> 
>     $AuthUser['htpasswd'] = '.local/.htpasswd';
>     @include_once('cookbook/authuser.php');
>     if ($_SESSION['authid']) exit;
>     if ($AuthId) exit;
> 
> > only kills the script when authentication occurs.  Once the user is
> > authenticated it has no effect on subsequent page loads.
> 
> I don't understand about killing the script, but the last lines with
> 'exit' had that effect on my fumbling experimentation: a white
> screen. I fail to understand how the Author is preserved from
> changes. Could you please explain a bit?

I over-explained it by including my diagnostic method.

The white screen only happens immediately after I see the
authorization prompt and use it to authenticate.  The two diagnostic
lines prove that those variables aren't set when the user is already
authenticated and thus not prompted.

What I should have written is

"I notice that $_SESSION['authid'] and $AuthId are only set if you see
the authorization prompt. How do I determine the username if the user
is already authenticated?  I want to enforce Author tracking based on
the authenticated user."

One answer appears to be

 "You can start the session using session_start() and enforce author
tracking by authenticated user with

    $AuthUser['htpasswd'] = 'local/.htpasswd';
    @include_once('scripts/authuser.php');
    if ($action == 'edit') @session_start();
    if (@$_SESSION['authid']) $Author=$_SESSION['authid'];

This forces the Author's name to be the authenticated username, which
may not always be desirable. "

I guess the question now is how to use something akin to a Gecos name
as $Author (the author's name) rather than the verified author's
identity ($AuthId).

Hagan

More information about the pmwiki-users mailing list