<div class="gmail_quote">On Sun, May 24, 2009 at 1:53 AM, John Rankin <span dir="ltr"><<a href="mailto:john.rankin@affinity.co.nz">john.rankin@affinity.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
It seems to me that we ought to be able to define a custom<br>
$AuthFunction that checks the IP address of the requestor,<br>
rather than asking for a username and password. Then the<br>
custom auth function can authenticate the request based on<br>
the fact that it comes from an IP address pmwiki trusts.<br>
It may have to grant "admin" rights, especially where the<br>
request is retrieving multiple pmwiki pages.<br>
</blockquote><div><br>Something along these lines might work (UNTESTED - basically just making a wrapper for PmWikiAuth())...<br><br>$AuthFunction = 'MyAuthFunction';<br>$PrivilegedIP = array('/^100\.100\.100\.[0-9]*$/', '/^89\.90\.91\.92$/');<br>
<br>function MyAuthFunction($pagename, $level, $authprompt, $since)<br>{<br> global $PrivilegedIP;<br> if (!in_array($action, array('edit', 'attr')))<br> foreach ($PrivilegedIP as $IPPat)<br> if (preg_match($IPPat, $_SERVER['REMOTE_ADDR']))<br>
return true;<br> return PmWikiAuth($pagename, $level, $authprompt, $since);<br>}<br><br>You'll note I've made a quick attempt to disallow editing and attribute-setting using this "Privileged IP" authentication. If that's not desirable then just delete the line with "if (!in_array...". If there are other actions I'm thinking of that should not be available then just edit the array (or, better yet, change it into a configurable var).<br>
<br>I *think* I've read that $_SERVER['REMOTE_ADDR'] can be spoofed, so be aware that this opens a potential security hole. That's why I've made a rudimentary effort to allow only browsing using this form of authentication.<br>
<br>-Peter<br></div></div>