[pmwiki-users] Zap Group Site Bocked

The Editor editor at fast.st
Thu Nov 22 11:47:21 CST 2007


On 11/22/07, Ben Stallings <ben at interdependentweb.com> wrote:
>
> The Editor wrote:
> >>     2) Cause the register and login functions to actually use the page
> >>     designated in ZAPConfig as Login: (as the documentation claims they
> >>     do),
> >>     instead of the one designated as Profiles: (as they actually do).
> >
> > To get it to use a different group, you have to put something like this
> > in Site.ZAPConfig:
> >
> > Profiles: Login
> >
> > The code is found in the zaptoolbox.php, line 318. Can you verify that
> > this is not working? Or did you perhaps do something slightly
> > different?
>
> No, what you say above works fine.  It's just that the documentation
> says you should write
>
> Login: Login
>
> and that does nothing, because the program doesn't check a Login
> variable, only Profiles.


Then probably the code should be changed as my initial idea was to have both
login and profile fields found in group profiles, but to give an option for
putting the login info in a separate directory for improved security if
desired. It's easiest to change the documentation, but esp as you are doing
a CMS, it might be better to change the code.


> In beefing up the security of ZAP I changed it from putting everyting in
> > ZAPConfig, to putting the commands control and the target controls in
> > separate pages. From your email I'm assuming you are still trying to put
> > these controls in Site.ZAPConfig... Note these from the comments in the
> > zap.php code (starting around line 337).
> >
> > ## This function is used to check various kinds of permissions in
> > ZAP--namely commands and targets
> > ## ZAPauth('edit', 'Test.Main', 'Commands') will verify whether or not
> > the edit command is allowed for page Test.Main
> > ## ZAPauth('Test.One', 'Test.Two', 'Targets') verifies whether a form on
> > Test.One can write to Test.Two
> > ## The permissiable values are all set on Site.ZAPCommands or
> > Site.ZAPTargets as normal PTV's
>
> You know that, and I used to know that, and now I know it again (thank
> you) but the documentation doesn't know that, and so nobody who reads
> the documentation knows that.  The docs still say that all that info
> goes in ZAPConfig, and if you do what it says it doesn't work.  I'll
> change it.


Yes, documentation does lag behind. Perhaps Benoit could update the docs
there also. Hopefully he's tracking these threads...

> Eh, I'm willing to offer a tip or two but I can't really keep this up
> > either. Perhaps if you do make these changes to your local copy you
> > could upload that...
>
> I will change the program, eventually, but in the meantime I'll stick to
> correcting the documentation in the ZAP CMS bundle I'm working on, so
> that at least the documentation will match the code.
>
> Thanks for the feedback, Dan.  --Ben S.


Have a great Thanksgiving Ben! And thanks for all you've done/are doing for
ZAP...

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071122/fe179b66/attachment-0001.html 


More information about the pmwiki-users mailing list