[pmwiki-users] Problem with ActionLog recipe

f.r.salomons salomons at wanadoo.nl
Sun Jan 28 16:04:46 CST 2007


marc schreef:
> f.r.salomons said...
>> I have a problem with ActionLog recipe.
>> My website is intended for use by a restricted group only. Most pages 
>> are restricted for viewing and editing. A while ago, I found out that 
>> the ActionLog recipe is very useful for logging login/logout-actions by 
>> members of the user group (see the thread "Re: Recipe for making logging 
>> succesful logins?" some weeks ago). The ActionLog recipe makes it 
>> possible to exclude logging simple actions like viewing or printing 
>> pages. By excluding logging other actions as edit, diff, attr, etc, you 
>> end up logging only login/logout actions.
>>
>> So far so good. Only recently, I discovered that only part of the logins 
>> are being logged! When a user logs in ON the main page (through the 
>> login box which I created in the sidebar), everything is fine. The same 
>>   goes for logins, performed on another non-restricted page. However, 
>> when a user is prompted to log in when he tries to reach a 
>> for-users-only-page, the login is NOT logged by ActionLog.
>>
>> The difference seems to be that logins are only being recorded when 
>> completed on a page for which the user already has enough rights. While 
>> many users (I hope) are logging in simply by following a link to a 
>> restricted page and then being - prompted for it - giving their 
>> username/password, I would like to log that also.
>>
>> Any advice would be welcome!
> 
> I also use a sidebar login. You will hit quite a few issues when 
> circumventing script assumptions based on the PmWiki default login 
> ($AuthPromptFmt), some from the core.
> 
> Better, imo, is to remove this altogether. (I can tell you how I do 
> this, should it be of interest.)
> 
> I would prefer to see PmWikiAuth() 'fixed', so that login handlers can 
> be written that run to completion. Currently, PmWikiAuth forces an exit
> (), thus aborting a custom login handler. (I have mentioned this to Pm, 
> so I'm sure that there are good reasons for leaving things as they are. 
> I understand that this would be a significant change.)
> 
> Anyway, what happens is that $action is set to 'edit' or 'upload' or 
> whatever action triggered the login request by your user, and this is 
> what is used when the user fills in their user name and password to 
> login. If you have configured actionlog to only respond to action=login, 
> then it will not be triggered in these cases. Thus, the problem is not 
> with actionlog, since it is never invoked.
> 
> Now, while I can see why Patrick did things this way, I think some of us 
> are operating ways not originally expected and this is causing an 
> increasing number of issues, so I would dearly love to see us sort it 
> out.
> 

Thanks for your reactions, Dan and Marc. It is really nice for a novice 
to get so much help! I looked into the ZAP-possibilities, which look 
very promising. I would certainly have given this a try (especially 
since Dan was so kind to write a snippet in reaction to an earlier 
question by me), if Marc's reaction wouldn't have made me think out 
another solution. My hope is I found one, based on conditional markup.

What seems to work for me, is to double every link on the homepage to a 
restricted page. The first one can be seen by users who have not logged 
in, the other by users who have. Both links point to the same page, but 
the first one prompts for login as well. See for example the following 
link(s):

(:if ! [ auth admin || authid ]:)
[[Insolventiewet.Insolventiewet?action=login | Insolventiewet]]
(:ifend:)

(:if [ auth admin || authid ] :)
[[Insolventiewet.Insolventiewet | Insolventiewet]]
(:ifend:)

While every user who has not already logged in, can only follow the 
first link (the only one he/she sees), the result is that the 
login-action is recorded by the ActionLog recipe. It looks as if this 
solves my problem of users following links to restricted pages, then 
being prompted for their username/password without their reaction being 
recorded as a login in by ActionLog!

Frits




More information about the pmwiki-users mailing list