[pmwiki-users] AuthUser login using url
Peter Bowers
pbowers at pobox.com
Wed Feb 9 04:15:20 CST 2011
On Wed, Feb 9, 2011 at 10:44 AM, Martin Kerz <martinkerz at gmail.com> wrote:
> Can I somehow login directly by something like
> »http://testwiki.org/Home/Start?user=test?password=test« to the URL if
> I'm using the AuthUser setting?
It seems like a really bad security hole...but if you're OK with that...
Here are the relevant lines in authuser.php:
===(snip)===
if (@$_POST['authid'])
AuthUserId($pagename, stripmagic(@$_POST['authid']),
stripmagic(@$_POST['authpw']));
===(snip)===
Obviously $_POST is being used intentionally to avoid the possible
security ramifications. But you could put something like this in
config.php (before you include authuser.php if you are doing that
explicitly):
===(snip)===
if (@$_REQUEST['u'])
AuthUserId($pagename, stripmagic(@$_REQUEST['u']),
stripmagic(@$_REQUEST['p']));
===(snip)===
Then you could log in with this:
http://testwiki.org/Home/Start?u=test?p=test
I haven't tested this -- use at your own risk.
-Peter
More information about the pmwiki-users
mailing list