[pmwiki-users] Re: PHP code in pages

Patrick R. Michaud pmichaud at pobox.com
Thu Jun 30 11:25:39 CDT 2005 

On Thu, Jun 30, 2005 at 03:15:11PM +0000, Anno wrote:
> So basically it is  what you said: I "want to verify that the page is locked
> against editing except by the admin?" before the php code is excecuted.

In your config.php:

# WARNING-WARNING-WARNING  this can be really dangerous!
$page = RetrieveAuthPage($pagename, 'read');
if ($page['=passwd']['edit'][0] == 'id:admin') {
  Markup('php', '<{$fmt}',
    '/&lt;\\?php(.*?)\\?&gt;/e',
    "PHPMarkup(\$pagename, PSS('$1'))");
}

This restricts edits to only someone authenticated as username 'admin'.
If you want to set up user-based authentication and create an admin
user with the site's admin password, then prior to the above do:

    $AuthUser['admin'] = $DefaultPasswords['admin'];
    include_once('scripts/authuser.php');

However, even with this it's still a little on the dangerous side.  
Somewhat like "tickling the tail of the dragon".  :-)

Pm

More information about the pmwiki-users mailing list