[pmwiki-users] Password protect page with editors' password action
Alex Eftimiades
alexeftimiades at gmail.com
Sun Jul 15 16:28:32 CDT 2012
Problem solved. I was logged in as an editor. I needed to be logged in
as attr. I changed that and will add an if (CondAuth...) around the
inside of the handler.
Thanks so much for your help. I plan to touch this up and publish it
as a cookbook tonight. I would it be OK if I site you? You played at
least as much a role as I.
Alex
On Jul 15, 2012, at 2:11 PM, Peter Bowers wrote:
> ---offlist---
>
> Check carefully what's actually happening - it protected AND
> unprotected without difficulty on my system before I sent it to you...
>
> Try viewing your page files with a text editor and look for the
> "protected:" and the "passwdread:" lines to see what's actually
> happening behind the scenes...
>
> -Peter
>
> On Sun, Jul 15, 2012 at 7:56 PM, Alex Eftimiades
> <alexeftimiades at gmail.com> wrote:
>> Thanks a lot for the script. I was trying to debug it. It does
>> switch to
>> protected mode, it just does not seem to switch back. I am going to
>> continue
>> to work on this, and keep you posted on the updates. I found that
>> you can
>> replace crypt('test') with '@_site_edit' and get the desired result
>> of
>> password protecting a page with the editors password. It does not
>> however
>> switch back to unprotected mode. Worst case scenario might be to
>> have two
>> buttons: Protect and Unprotect. However, in that case editors would
>> have no
>> way of knowing if a page was protected or not without logging out.
>> It seems
>> like there ought to be a way to do this.
>>
>> Like I said, I will continue to work on this, and gladly publish a
>> cookbook
>> if it works out.
>>
>> Thanks for the help, and let please keep me posted if you can make
>> any
>> progress,
>> Alex
>>
>>
>>
>> On Jul 15, 2012, at 1:36 PM, Peter Bowers wrote:
>>
>>> On Sun, Jul 15, 2012 at 12:53 AM, Alex Eftimiades
>>> <alexeftimiades at gmail.com> wrote:
>>>>
>>>> I have been trying to make a button that password protects a page
>>>> with
>>>> the
>>>> editors' password, or un-protects it if it is already protected.
>>>>
>>>> I tried putting this at the bottom of config.php, but it just
>>>> seemed to
>>>> mess
>>>> up my pages:
>>>> $HandleActions['switchauth'] = 'switchauth'; # if url contains
>>>> action=myaction call HandleMyAction timely
>>>> $HandleAuth['switchauth'] = ' '; # authorization
>>>> level $auth
>>>> for HandleMyAction
>>>>
>>>> function switchauth($pagename, $auth) { # parameters
>>>> (signature) of
>>>> handler function required by PMWiki
>>>> # Lock(2);
>>>> $pagestuff = RetrieveAuthPage($pagename, 'attr', false);
>>>> $old=$pagestuff;
>>>> if($pagestuff['protected']==true){
>>>> $pagestuff['passwdread'] = 'test';
>>>> $pagestuff['protected']=false;
>>>> }
>>>> else{
>>>> $pagestuff['passwdread'] = 'test';
>>>> $pagestuff['protected']=true;
>>>> }
>>>> UpdatePage($pagename, $old, $pagestuff);
>>>> Redirect($pagename);
>>>> # Lock(0);
>>>> }
>>>>
>>>> Can someone please help me?
>>>
>>>
>>> Try this:
>>>
>>> ===(snip)===
>>> $HandleActions['switchauth'] = 'switchauth'; # if url contains
>>> action=myaction call HandleMyAction timely
>>> $HandleAuth['switchauth'] = 'attr'; # authorization
>>> level
>>> $auth for HandleMyAction
>>>
>>> function switchauth($pagename, $auth) { # parameters (signature)
>>> of handler function required by PMWiki
>>> Lock(2);
>>> $pagestuff = RetrieveAuthPage($pagename, 'attr', false);
>>> $old=$pagestuff;
>>> if($pagestuff['protected']=='true'){
>>> // (Ideally we would strip out the exact passwd rather than
>>> blanking
>>> // the whole thing.)
>>> $pagestuff['passwdread'] = ''; // set it to no passwd (loses
>>> any other passwd - sorry)
>>> $pagestuff['protected']='false';
>>> #echo "DEBUG: UNprotecting<br>\n";
>>> } else {
>>> // (Ideally we would append the passwd rather than replacing
>>> what
>>> may
>>> // have existed before.)
>>> $pagestuff['passwdread'] = crypt('test');
>>> $pagestuff['protected']='true';
>>> #echo "DEBUG: Protecting<br>\n";
>>> }
>>> UpdatePage($pagename, $old, $pagestuff);
>>> #echo "DEBUG: Updated<br>\n";
>>> Redirect($pagename);
>>> Lock(0);
>>> }
>>>
>>> $FmtPV['$protected'] = 'PageIsProtected($pagename,"edit")';
>>> function PageIsProtected($pagename, $level)
>>> {
>>> global $PCache, $PasswdVarAuth, $FmtV;
>>> $page = $PCache[$pagename];
>>> if (!isset($page['=passwd'][$level])) {
>>> $page = RetrieveAuthPage($pagename, 'ALWAYS', false,
>>> READPAGE_CURRENT);
>>> if ($page) PCache($pagename, $page);
>>> }
>>> $protected = @$page['protected']; // either "true" or something else
>>> return ($protected);
>>> }
>>>
>>> ===(snip)===
>>>
>>> Note that if someone sets another password on a page (pmwiki allows
>>> multiple passwords) and then this action is used on that page then
>>> the
>>> additional password will be lost. I've referred to that problem in
>>> the comments -- not a big deal to fix, but I don't remember if a
>>> space
>>> or something else is the separator between multiple passwords.
>>>
>>> Since you've got the convenient $page['protected'] in there I went
>>> ahead and used that to set the {$protected} PV and used it in
>>> Site.PageActions like this (accesskey is pretty non-standard):
>>>
>>> ===(snip)===
>>> (:if auth attr:)
>>> * %item rel=nofollow class=switchauth accesskey="s"%
>>> [[{*$FullName}?action=switchauth | (:if1 equal {$protected} "true":)
>>> Unprotect (:else1:) Protect (:if1end:) ]]
>>> (:ifend:)
>>> ===(snip)===
>>>
>>> If this ends up working for you, please publish it as a recipe in
>>> the
>>> cookbook -- it seems like something that someone else may be able to
>>> use in various contexts...
>>>
>>> -Peter
>>
>>
More information about the pmwiki-users
mailing list