[pmwiki-users] Re: PHP code in pages
Patrick R. Michaud
pmichaud at pobox.com
Thu Jun 30 11:25:39 CDT 2005
On Thu, Jun 30, 2005 at 03:15:11PM +0000, Anno wrote:
> So basically it is what you said: I "want to verify that the page is locked
> against editing except by the admin?" before the php code is excecuted.
In your config.php:
# WARNING-WARNING-WARNING this can be really dangerous!
$page = RetrieveAuthPage($pagename, 'read');
if ($page['=passwd']['edit'][0] == 'id:admin') {
Markup('php', '<{$fmt}',
'/<\\?php(.*?)\\?>/e',
"PHPMarkup(\$pagename, PSS('$1'))");
}
This restricts edits to only someone authenticated as username 'admin'.
If you want to set up user-based authentication and create an admin
user with the site's admin password, then prior to the above do:
$AuthUser['admin'] = $DefaultPasswords['admin'];
include_once('scripts/authuser.php');
However, even with this it's still a little on the dangerous side.
Somewhat like "tickling the tail of the dragon". :-)
Pm
More information about the pmwiki-users
mailing list