[pmwiki-users] Page question

[The Editor]

On Mon, Jun 23, 2008 at 2:18 PM, Hans <design5 at softflow.co.uk> wrote:
> Monday, June 23, 2008, 6:31:47 PM, Mailinglists wrote:
>
>> What does "usually" mean?
>
> I mean PmWiki does not do so. But it does not mean that it can't be
> done.
>
>> If the Wiki page that contains the conditions that use the clear
>> text passwords is itself password protected and can only be edited
>> by an admin, then how is that a security risk? The wiki is on a
>> modern, fully updated OS with the latest cPanel installed and a diligent system admin (me).
>
> Okay. But you have to make sure that the page source is protected too.
> ?action=source with same rights as ?action=edit (or better admin!!).
>
> Here is a conditional for plain text password checks inside a wiki
> page:
>
> $Conditions['authpw'] = 'NoCache(end(@$GLOBALS["AuthPw"])==\$condparm)';
>
> then you can use conditionals like
>
> (:if authpw abcdefg:)(:redirect ClientA:)
> (:if authpw hijklmn:)(:redirect ClientB:)
> etc.


Sorry, I haven't been following this thread, and am not working
closely enough with PmWiki any more to really be up to date with
things, but isn't there someway to simply edit the login form to set
the redirect to the value they enter in the login form.

In BoltWire it's as simple as:

[form]
[text member]
[password password]
[sesson nextpage client.{=member}]
[submit]
[form]

Different syntax but the idea is the same.  Someone enters their login
id, their password is registered, and they get redirected to
client.id. No conditionals or special extensions. Just a simple custom
login form.

BoltWire's authorizations also make this kind of thing a bit easier
because you can just set the authorization for the entire group to
@owner, and anyone with an id matching the last page get permissions.
I'm sure you could do something similar in PmWiki with a line or two
in a config file.

Hope this sparks some different ideas.

Cheers,
Dan