[pmwiki-users] Dumb Question: Access Classes without AuthUser?

Patrick R. Michaud pmichaud at pobox.com
Tue Nov 6 07:35:03 CST 2007


On Tue, Nov 06, 2007 at 02:39:38AM -0500, Stirling Westrup wrote:
> I've got a PmWiki website that I also use as a personal information manager.
> Right now I'm not using AuthUser, since there's only two classes of access:
> public and private.
> 
> Now, I've been thinking of putting up some content that I want to limit to a
> few close friends. Rather than going the full AuthUser route, I'd like to just
> introduce some passwords that would give varying degrees of access to the
> internals. As such, I would have group passwords, but no usernames. Such a
> scheme might look like:
> 
> $DefaultPasswords['@personal']  = crypt("JustMePassword");
> $DefaultPasswords['@intimates'] = crypt("VeryCloseFriendsPassword");
> $DefaultPasswords['@friends']   = crypt("FriendsPassword");
> $DefaultPasswords['@prerelease']= crypt("AlmostPublicPassword");

Yes, except that $DefaultPasswords is normally tied to actions and
not to accounts...

I think you can get what you want by doing something like:

  if (@$_POST['authpw']) {
    $AuthGroupPasswords = array(
      '@personal' => crypt("JustMePassword"),
      '@intimates' => crypt("VeryCloseFriendsPassword"),
      '@friends' => crypt("FriendsPassword"),
      '@prerelease' => crypt("AlmostPublicPassword"));
    #  loop through all of the group/password combinations, setting
    #  $authlist[group] to 1 for any matches
    foreach($AuthGroupPasswords as $g => $pw) {
      if (crypt($_POST['authpw'], $pw) == $pw) 
        $authlist[$g] = 1;
    }
    #  if we had any matches, then authorize the group for this session.
    if ($authlist) SessionAuth($pagename, array('authlist'=>$authlist));
  }

I haven't tested the above, but it should be fairly close.

Hope this helps,

Pm



More information about the pmwiki-users mailing list