[pmwiki-users] PmWikiAuth Question
Patrick R. Michaud
pmichaud at pobox.com
Fri Sep 15 13:38:33 CDT 2006
On Thu, Sep 14, 2006 at 10:16:10PM -0400, The Editor wrote:
> I'm still trying to figure out how PmWikiAuth works.
In all likelihood you don't need to be calling PmWikiAuth. It's
just a function that is called from RetrieveAuthPage() whenever
we need to retrieve page information and verify that the visitor
has sufficient access rights to a page.
More importantly, PmWikiAuth doesn't do authentication at all.
It only performs authorization based on whatever credentials
have already been provided (authenticated user identities,
passwords, etc.).
> This
> snippet checks to make sure the "passwd" entered in a form matches the
> one on file for "member" and then authenticates the user and is
> supposed to set the permissions connected to that password.
We don't have a concept of "set the permissions connected to that
password" -- that's backwards from how PmWiki's authorization
works. Instead, the session maintains a set of known credentials
(authenticated identities and passwords entered). Then, when
some type of access ($level) is needed for a given page ($pagename),
the authorization functions check the available credentials to
determine if authorization is permitted for the requested resource.
Hope this helps.
Pm
More information about the pmwiki-users
mailing list