[pmwiki-users] Include Password in URL string to access protected pages
Tegan Dowling
tmdowling at gmail.com
Wed Jun 27 23:32:24 CDT 2007
On 6/27/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> On Wed, Jun 27, 2007 at 04:49:24PM -1000, Sivakatirswami wrote:
> > OK, we are planning to "ditch" Apache Basic Authentication and
> > use PMwiki password protection (not AuthUser, just simple passwords)
> >
> > What will the CURL URL access strings be now?
> >
> > something like
> >
> > (wild guess, but to give an idea of what we might expect:)
> >
> > http://my.wiki.org/ProtectedGroup.DataPage?action=login&password=
> "bananas"
>
> If you're using curl as a command-line tool, try the -d option:
>
> curl -d authpw=banana http://my.wiki.org/ProtectedGroup.DataPage
>
> This generates a POST request for the page, exactly as if someone
> had filled in the authorization form.
>
> This can also be done with the password as part of the url, but be aware
> that the password will appear (in cleartext) in the server logs
> as part of the request string. If you're okay with that, then you
> can do a local customization like:
>
> if (@$_GET['authpw']) SDV($_POST['authpw'], $_GET['authpw']);
>
> This allows passwords to come from url strings as well as forms.
> Then a url like the following should work:
>
> http://my.wiki.org/ProtectedGroup.DataPage?authpw=bananas
>
> No need to go through a separate "log in" step, just provide the
> password as part of the request.
When I requested this, around a year ago, PM provided the following, which I
keep (commented out) in my template wiki, and include here in case a
variation is needed or desired:
## allow append ?action=login?authpw=password to url
# if (!isset($_POST['authpw']) && @$_GET['authpw'])
# $_POST['authpw'] = $_GET['authpw'];
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070627/9a8bfed6/attachment.html
More information about the pmwiki-users
mailing list