[pmwiki-users] authuser
Patrick R. Michaud
pmichaud at pobox.com
Tue Jun 21 14:38:30 CDT 2005
On Tue, Jun 21, 2005 at 08:22:02PM +0100, Hans wrote:
> > By this do you mean the confusion is in attaching usernames + passwords
> > (authorizations) to pages in PmWiki, or simply the act of associating
> > a password with a specific username?
>
> reflecting on this, my confusion came from wrongly expecting that by
> setting Users and passwords in a password file access would be granted
> to protected pages. The htpasswd examples in Cookbook/UserAuth
> suggested to me an association of name, password and actions,
> ie user:password:read,edit
Yes, the "read,edit" fields were a UserAuth extension to htpasswd --
they don't normally exist in such a file. Plus, we typically want to
be able to control actions at the page and group level.
> Now I can see that the AuthUser array is just that, and the password
> file is just a container to fill the array, and it does not grant
> any privileges per se, but these need to be explicitly stated on the
> various levels, page and group via ?action=attr, and sitewide via
> $DefaultPassword, and on another dimension specific for the various
> actions read, edit, upload, attr.
>
> Hope I got this right.
Sounds like it. It's the same mechanism as PmWiki's original password
scheme, except that instead of requiring a shared password one can also
be authorized based on identity.
> Re: setting $Author when using authentication prompt:
>
> I hacked the function AuthenticateUser in authuser.php:
> maybe this is a bit dirty, but it works so far:
And it's a little overkill -- there's no need to
modify authuser.php. If someone wants to set the author
based on authentication then
# ...set passwords and authuser settings...
include_once('scripts/authuser.php');
if ($AuthId) {
$Author = $AuthId;
setcookie('author',$Author,0,'/');
}
will do it.
Pm
More information about the pmwiki-users
mailing list