[pmwiki-users] authuser forcing Author name stopped working?
Neil Herber
nospam at eton.ca
Thu Jul 7 20:54:56 CDT 2005
At 2005-07-07 07:57 PM -0500, Patrick R. Michaud is rumored to have said:
>On Thu, Jul 07, 2005 at 07:54:46PM -0400, Neil Herber wrote:
> > As a further puzzlement, it looks like $AuthId is not getting set by
> > authuser.php, which would explain why $Author doesn't get set. Is anyone
> > having the same problem? Can anyone suggest what the problem is?
>
>Yes. Authuser.php currently doesn't set $AuthId unless it has
>something to authenticate people against. So, unless $AuthUser
>is set prior to including authuser.php, it's essentially a no-op.
>
>If you're wanting to use Apache's authentication (i.e., REMOTE_USER),
>then you probably want httpauth.php instead of authuser.php.
Attempting to reply to both Patrick and Hagan Fox here ...
On my "fully private" fields, I already use Apache BA to authenticate users
and force the author name to the user name. That has worked flawlessly for
months.
On my open fields, I just use RequireAuthor for edits. That works fine too.
On my "semi private" field, which is the one in question, I have
implemented userauth.php and I read-protect the whole field. I
authenticate against the password files used by Apache BA (so that those
users can just use their normal username and passwords) but I also allow
*anyone* who knows the single shared password to get in. A preamble page
(not part of the wiki) instructs users to use their own name without spaces
as a user name (FredSmith) and tells them where to find the password.
The shared password is just there to keep out robots. I used userauth.php,
because it provided a nice way to get an author name before hitting an edit
screen. ... or so I thought!
So the $64 question is, will Hagan's suggestion do what I want to do? He
suggested:
>Correction. If you want to *force* user tracking based on user's
>verified identity you should use
>
> ## Enforce Author tracking based on the authenticated user.
> if ($action == 'edit') @session_start();
> if (@$_SESSION['authid']) $Author=$_SESSION['authid'];
For the curious, the start page is here:
http://saturn.eton.ca/
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list