[pmwiki-users] Custom Action and Authentication

Crisses crisses at kinhost.org
Tue Feb 11 08:30:24 CST 2014


That's exactly the feedback I needed.  I'm testing in a pure new pmwiki install, no extra includes just the auth password set...and that fixes the issue.  Next is figuring out how to handle that as far as making it a "real" recipe.  So it wasn't that this recipe was calling anything -- some other recipe(s) probably were.  Thankfully they can be turned off for this recipe to run since it doesn't deal with browser output, just pure wiki markup/pages...have to figure out a graceful way to exclude recipe includes if (!$action == 'xmlrpc') include...   may work but that's a lot to ask.  I may have to eliminate the HandleActions and instruct people to call the recipe directly after setting the passwords in config.php.  It basically circumvents nearly (only nearly) every recipe or customization one might put into config.php since it doesn't deal with HTML wiki output at all.

At least I can get past the roadblock and go on from here.  Thank you again!

re: PS: I considered calling CondAuth() to skip the rest of the loop when not authorized, then using ReadPage() to populate $page since it would only read pages that already passed CondAuth().  It would eliminate the need to weed out blank unauthorized pages later.  I also used CondAuth() as a way to double check that authentication was the problem.  

On Feb 11, 2014, at 8:50 AM, Petko Yotov wrote:

> I don't have the potential to review and debug all this but you need to NOT have a username $_POST['authid'] at all, not empty, just not set, if you only use "shared password" protection.
> 
> Is it possible that you have some function calls to CondAuth(), RetrieveAuthPage(), PageVar(), FmtPageName() or other core function before you have set $_POST['authpw']? Some of these functions, if they retrieve content from the wiki.d files, will cache the authorization levels.
> 
> Typically, any function call in config.php, or in a recipe included from config.php, can cache the levels. The function you set with $HandleActions is called much later, at the end of the processing. So you may want to assingn the $_POST['authpw'] value before any function call and before any included recipe.
> 
> Petko
> 
> P.S. There is no point in calling CondAuth() before RetrieveAuthPage(). CondAuth() actually returns (boolean)RetrieveAuthPage() so you do the same CPU-intensive operation twice.
> 




More information about the pmwiki-users mailing list