[pmwiki-users] setting $Author with $AuthId as prefix

Kathryn Andersen kat_lists at katspace.homelinux.org
Mon Jan 22 00:24:41 CST 2007 

Hello folks.

One of the wikis I administrate, I am using AuthUser, but only with a
limited number of users, for security reasons.  Each user-id+password
is given to a limited set of people (one user for each authorized group,
such as "people on Project A" and "people from company XYZ").  It's set
up this way because we want to be able to limit access to certain
groups; there is *one* person from each group who is responsible as the
contact-person for that group.  It's also a lower-maintenance scenario,
since, for security reasons, we absolutely don't want to allow user
self-registration, which means I have to add all the users myself.

At the moment I have it set so that the Author is set to the AuthId:

        $EnablePostAuthorRequired = 1;
...
        $Author = $AuthId;

This has advantages and disadvantages.  It is good because we can at
least be certain which authorized login made a particular change, even
though we don't know which particular person did.

The alternative, of allowing $Author to be completely freeform, isn't
acceptable, because then it is entirely up to the user, and we have no
way of knowing which authorized login made the change.

So I thought I'd try to make it so that the $Author is changed to
$Author plus $AuthId, whether the person typed in "Fred" or "user-Fred"
in the Author field.

This is what I've done:

        include_once("$FarmD/scripts/author.php");
        include_once("$FarmD/scripts/authuser.php");
        # The author is prepended with the authId
        # To make this easier, use '-' as a separator
        # AuthId-Author
        if ($Author) {
            if (strstr($Author, '-') != false) {
                $auth_split = explode('-', $Author, 2);
                $Author = $AuthId . '-' . $auth_split[1];
            } else if ($Author != $AuthId) {
                $Author = $AuthId . '-' . $Author;
            } else {
                $Author = $AuthId;
            }
        } else {
            $Author = $AuthId;
        }

This sort of works, as follows:

A) Initial edit: Author field is pre-filled with "userid".
If I don't change this, then the Author is "userid".
If I delete "userid" and type in "Kathryn", then
- the History of the page says that the change was made by
  "userid-Kathryn" (good)
- the Recent Changes page says that the change was made by "Kathryn".
  (bad)

B) Next edit: the Author field is pre-filled with "userid-Kathryn".
If I leave it like that, then both the History of the page, and the
Recent Changes page say that the change was made by "userid-Kathryn".

So why isn't the "userid-Kathryn" being used in the Recent Changes page
in case A?

Kathryn Andersen
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe

More information about the pmwiki-users mailing list