[pmwiki-users] RSS & password-protected pages

Patrick R. Michaud pmichaud at pobox.com
Wed Oct 18 00:03:16 CDT 2006


On Tue, Oct 17, 2006 at 12:28:27PM +0200, Mike wrote:
> Hi Patrick,
> 
> Patrick R. Michaud wrote on 16.10.2006 18:06:
> > Unfortunately, many RSS readers don't have a convenient way to provide 
> > authorization information for feeds.  The best we can do at present
> > is to provide it in the URL.
> > 
> > Since you're using AuthUser, you'll want the following near
> > the top of your local/config.php (before loading the authuser.php script):
> > 
> >     if (@$_GET['authpw']) $_POST['authpw'] = $_GET['authpw'];
> >     if (@$_GET['authid']) $_POST['authid'] = $_GET['authid'];
> > 
> > This allows authorization information to come from urls as well as
> > forms.  Then, in the RSS feed url, use:
> > 
> >     http://www.example.com/pmwiki?action=rss&authid=username&authpw=password
> 
> 
> brilliant, thanks. It works great!
> 
> Two more questions:
> 
> First, I need to generate the RSS feed url dynamically on my page. The
> username part I can do via {$AuthId}, but I couldn't find a way to do
> the same with the password. I know that I can define custom variables in
> the code, but does the PHP code actually know the clear-text password,
> is there a variable for it somewhere?

While the PHP code does know the cleartext passwords that have been
entered for a session, it doesn't really know which one is the "correct"
one.  Still, we could possibly have a custom {$AuthPw} variable that 
returns the last password enetered, and maybe that would be good enough.

> Second, just out of curiosity and since I couldn't find that as well -
> what exactly is the purpose of the "@"-sign in the code above? To
> reference the array?

Others have answered this already -- it suppresses error messages
that sometimes occur if the $_GET array doesn't contain values for
'authpw' or 'authid'.

Pm




More information about the pmwiki-users mailing list