[pmwiki-users] I need to check page auth (AuthUser) inside of php

Chris Cox ccox at airmail.net
Wed Aug 8 16:46:48 CDT 2007


Patrick R. Michaud wrote:
> On Wed, Aug 08, 2007 at 03:58:04PM -0500, Chris Cox wrote:
>> I saw that (:if auth edit:) that the 'auth' was defined as:
>> $Conditions['auth'] =
>> '@$GLOBALS["PCache"][$GLOBALS["pagename"]]["=auth"][trim($condparm)]';
> 
> It may have been defined that way at one time, but that's no
> longer the definition.  The correct one is:
> 
>   $Conditions['auth'] = 'NoCache(CondAuth($pagename, $condparm))';
> 
>> I guess I'm stupid though.. how can I make an 'if' statement
>> in php to check if the user is authorized for a particular
>> thing (edit, read, etc) on a specific page??
> 
>   if (CondAuth($pagename, 'edit')) { ## user can edit $pagename ## }
> 
>

Yep.. thanks!  I figured it out JUST before you emailed this to
the list.  I now have SSL working on my site just fine... SSL
for the SiteAdmin.AuthForm login and then it goes back to
http (non-SSL) to perform the action.

My code is ugly... but here goes (feel free to suggest something
better):

## Switch to SSL mode when password would be sent in the clear.
$SSLActions = array(
  '1'=>'login', 'edit', 'post', 'postattr', 'attr', 'upload', 'loginadmin');
$SSLActions = array_flip($SSLActions);
if (!CondAuth($pagename,$action) && $SSLActions[$action]) {

        if ($UrlScheme != 'https') {
                # Copy all GET request parameters and avoid
                # a problem with empty filename on upload page.
                $getparms = array();
                reset($_GET);
                while(list($name,$value) = each($_GET))
                        if(!empty($value) && $name != 'n')
                                $getparms[$name] =
$name."=".urlencode($value);
                $ScriptUrl = 'https://www.endlessnow.com/poetofgod';

Redirect($pagename,"$ScriptUrl/$pagename?".implode("&",$getparms));
        }
} else if ($UrlScheme == 'https') {
        # Copy all GET request parameters and avoid
        # a problem with empty filename on upload page.
        $getparms = array();
        reset($_GET);
        while(list($name,$value) = each($_GET))
                if(!empty($value) && $name != 'n')
                        $getparms[$name] = $name."=".urlencode($value);
        $ScriptUrl = 'http://www.endlessnow.com/poetofgod';
        $parms=implode("&",$getparms);
        $redirname="$ScriptUrl/$pagename";
        if ($parms)
                $redirname.="?$parms";
        Redirect($pagename,"$redirname");
}




More information about the pmwiki-users mailing list