[pmwiki-users] Dumb Question: Access Classes without AuthUser?
Patrick R. Michaud
pmichaud at pobox.com
Tue Nov 6 07:35:03 CST 2007
On Tue, Nov 06, 2007 at 02:39:38AM -0500, Stirling Westrup wrote:
> I've got a PmWiki website that I also use as a personal information manager.
> Right now I'm not using AuthUser, since there's only two classes of access:
> public and private.
>
> Now, I've been thinking of putting up some content that I want to limit to a
> few close friends. Rather than going the full AuthUser route, I'd like to just
> introduce some passwords that would give varying degrees of access to the
> internals. As such, I would have group passwords, but no usernames. Such a
> scheme might look like:
>
> $DefaultPasswords['@personal'] = crypt("JustMePassword");
> $DefaultPasswords['@intimates'] = crypt("VeryCloseFriendsPassword");
> $DefaultPasswords['@friends'] = crypt("FriendsPassword");
> $DefaultPasswords['@prerelease']= crypt("AlmostPublicPassword");
Yes, except that $DefaultPasswords is normally tied to actions and
not to accounts...
I think you can get what you want by doing something like:
if (@$_POST['authpw']) {
$AuthGroupPasswords = array(
'@personal' => crypt("JustMePassword"),
'@intimates' => crypt("VeryCloseFriendsPassword"),
'@friends' => crypt("FriendsPassword"),
'@prerelease' => crypt("AlmostPublicPassword"));
# loop through all of the group/password combinations, setting
# $authlist[group] to 1 for any matches
foreach($AuthGroupPasswords as $g => $pw) {
if (crypt($_POST['authpw'], $pw) == $pw)
$authlist[$g] = 1;
}
# if we had any matches, then authorize the group for this session.
if ($authlist) SessionAuth($pagename, array('authlist'=>$authlist));
}
I haven't tested the above, but it should be fairly close.
Hope this helps,
Pm
More information about the pmwiki-users
mailing list