[pmwiki-users] private group access question(s)

[Patrick R. Michaud]

On Fri, Mar 04, 2005 at 01:41:51PM -0500, Neil Herber wrote:
> At 2005-03-04  11:38 AM -0600, Patrick R. Michaud is rumored to have said:
> >When you indicate that users are granted access via Apache basic
> >authentication, do you mean literally .htaccess files, or basic
> >authentication through PmWiki's httpauth.php script?
> 
> I do mean .htaccess file-like authorization (no wiki scripting). However, I 
> have chosen *not* to enable .htaccess files but have instead used Auth and 
> Require statements in httpd.conf.

Sorry, I really meant to write ".htpasswd" instead of ".htaccess".
Thanks for catching that. :-)

> Hmmm ... whatever will alllow Neil and Bob to use pages in the Private 
> group just like all the other pages (read, edit, upload).
> And whatever will prevent others from accessing the group. I already have 
> (:pagelist:) and (:searchbox:) suppression for the group.

Okay, you'll want to keep the group read password on the Private
group so that pages don't show up in pagelist and search.  That means
we just need some way to automatically supply the read password
when Neil or Bob are logged in.  So, maybe

    if (@$_SESSION['REMOTE_USER'] == 'Neil'
        || @$_SESSION['REMOTE_USER'] == 'Bob') {
      session_start();
      $_SESSION['authpw']['abcdef']++;
    }

where 'abcdef' should be the password to access the Private group.
Essentially, this just says that whenever Neil or Bob access the
site (as authenticated by the web server), then pretend that 
'abcdef' is already in the list of passwords they've sent.

Yeah, it's a hack, but it should work.  :-)

Pm