[pmwiki-users] RSS & password-protected pages
Patrick R. Michaud
pmichaud at pobox.com
Wed Oct 18 00:03:16 CDT 2006
On Tue, Oct 17, 2006 at 12:28:27PM +0200, Mike wrote:
> Hi Patrick,
>
> Patrick R. Michaud wrote on 16.10.2006 18:06:
> > Unfortunately, many RSS readers don't have a convenient way to provide
> > authorization information for feeds. The best we can do at present
> > is to provide it in the URL.
> >
> > Since you're using AuthUser, you'll want the following near
> > the top of your local/config.php (before loading the authuser.php script):
> >
> > if (@$_GET['authpw']) $_POST['authpw'] = $_GET['authpw'];
> > if (@$_GET['authid']) $_POST['authid'] = $_GET['authid'];
> >
> > This allows authorization information to come from urls as well as
> > forms. Then, in the RSS feed url, use:
> >
> > http://www.example.com/pmwiki?action=rss&authid=username&authpw=password
>
>
> brilliant, thanks. It works great!
>
> Two more questions:
>
> First, I need to generate the RSS feed url dynamically on my page. The
> username part I can do via {$AuthId}, but I couldn't find a way to do
> the same with the password. I know that I can define custom variables in
> the code, but does the PHP code actually know the clear-text password,
> is there a variable for it somewhere?
While the PHP code does know the cleartext passwords that have been
entered for a session, it doesn't really know which one is the "correct"
one. Still, we could possibly have a custom {$AuthPw} variable that
returns the last password enetered, and maybe that would be good enough.
> Second, just out of curiosity and since I couldn't find that as well -
> what exactly is the purpose of the "@"-sign in the code above? To
> reference the array?
Others have answered this already -- it suppresses error messages
that sometimes occur if the $_GET array doesn't contain values for
'authpw' or 'authid'.
Pm
More information about the pmwiki-users
mailing list