[pmwiki-users] Need advice for AuthUser
Peter Bowers
pbowers at pobox.com
Thu Sep 6 06:17:46 CDT 2012
On Thu, Sep 6, 2012 at 2:56 AM, Ian MacGregor <ardchoille42 at gmail.com> wrote:
> I'm using AuthUser on my site and have various forms that visitors can use
> to add content (blog coments, etc.).
>
> It appears that any visitor can add any name they want into any author field
> and save the page. I'd like to be able to block visitors from being able to
> use a certain name in the author field so that my name doesn't appear in the
> page history for someone else's edits.
>
> I have this in my config.php file (after including the authuser.php script):
> ## Automatically set the author field if user is logged in
> if (@$AuthId) $Author = 'Ian MacGregor';
>
> What can I add to my config.php file so that nobody else can use my name
> (Ian MacGregor)?
The code you have in your config.php guarantees that if *any* user is
logged in then their edits will use *your* name as the author of the
edit. Unless you are the *only* user on your site that can be logged
in, probably what you wanted (as per
www.pmwiki.org/wiki/Cookbook/RequireAuthor) is this:
if (@ $AuthId ) $Author = $AuthId ;
However, if you want to ensure that nobody except you can use your
name you would have to do something like this:
if (@$Author == 'Ian MacGregor' && $AuthId != "Ian_MacGregors_User_Id")
$Author = "Mr. Spoof";
I'm guessing that your real problem came from your config.php code
which was forcing all logged-in users to report their author by your
name, but this code (above) will prevent anyone that is not logged in
as you to use your name as the author. (Obviously you will have to
change the userid to your actual userid)
-Peter
More information about the pmwiki-users
mailing list