[pmwiki-users] Custom Action and Authentication

Crisses crisses at kinhost.org
Tue Feb 11 06:51:16 CST 2014



On Feb 11, 2014, at 3:42 AM, Petko Yotov wrote:

> Petko Yotov writes:
> 
>> Crisses writes:
>>> « HTML content follows »
>>> Hi,
>>> 
>>> I've spent a day trying to fix this, so I have to figure that the documentation or myself (or both) aren't up to the task...
>>> 
>>> I have an array of (xml scalar) variables being passed to PmWiki via ?action=xmlrpc, including the author & password.  All the xmlrpc functions are in their own classes, including extracting the password from the xml data.  It works just fine, can dump the vars and all is (apparently?) in order.
>>> 
>>> I'm using basic PmWiki passwording.  I've set up the password to be passed to $_POST['authpw'] and the username to go into $_POST['authid'] and (global) $Author.
>> 
> 
>> If you use basic PmWiki passwording (shared password) you need to set $_POST['authpw'] before calling RetrieveAuthPage().
> 
> Or, you should be able to call SessionAuth($pagename, $pass); before calling RetrieveAuthPage(), no need to set $_POST['authpw'].
> 
> After you have authenticated, just get and return the PHPSESSID cookie when you access the other pages, no need to repost user/pass every time.
> 
> Petko



Apparently I'm still not "getting it"....  Note: I'm just using basic passwords (for now) and not trying to make it compatible with authuser.php (yet).

I don't think the XMLRPC clients (Ecto, MarsEdit, etc.) have session cookies.  

$password and $username are set just fine as far as I can tell from the scalarval() (no whitespace chars added, etc...).  xes_error & xes_dump are debug functions which write to the error_log.  xes_dump does a print_r($var, true).  $page and $page['text'] comes out blank every time, unless I use ReadPage().  CondAuth would work to skip the rest of the loop, but the auth fails.  The remainder of the GetRecentPages function runs fine when I use ReadPage including client-side XML output, and with authentication the blank pages are sent to the XMLRPC client as if nothing else is wrong.


(parent function(s) called via $HandleActions['xmlrpc'] = 'HandleXMLRPC'; )

...

        // Retrieves a certain number of PmWiki pages ordered by date
        public static function GetRecentPages($params) {
                xes_error("Calling GetRecentPages.");
                global $XMLRPC_AuthPage;
                $blogidp=$params->getParam(0); $groupname=$blogidp->scalarval();
                $usernamep=$params->getParam(1); $username=$usernamep->scalarval();
                $passwordp=$params->getParam(2); $password=$passwordp->scalarval();
                $passp=$params->getParam(3); $number=$passp->scalarval();
                ValidateUser($username,$password);

                // Gather pages in an array for sorting by time
                $grouppages = $fullpages = Array();
                $pattern = "/^$groupname\\./";
                $grouppages = ListPages($pattern);
                foreach($grouppages as $pagename) {
                        xes_dump($pagename, "Next Name: ");
                        // Skip pages we do not have access to
                        if (! CondAuth($pagename, 'edit')) xes_error("No Text 4 u!");
                        $page = RetrieveAuthPage($pagename, 'edit', false, 0);
                        #$page = ReadPage($pagename);
                        xes_dump($page, "Page: ");
                        $fullpages[] = $page;
                }
                //Needs an empty error! No pages found....

                function ComparePageTime($a, $b) {
                        if ($a['time'] > $b['time']) return -1;
                        if ($a['time'] < $b['time']) return 1;
                        return 0;
                }
                usort($fullpages, "ComparePageTime");

                $arrayval = Array();
                $pagenum = 0;
                // Only return as many pages as are requested
                foreach($fullpages as $page) {
                        if($pagenum++ >= $number) break;

                        $arrayval[]= BloggerXMLRPC::PageAsXMLStruct($page);
                }
                $myVal=new xmlrpcval($arrayval, "array");
                return new xmlrpcresp($myVal);
        }

...


separate "helper" function (I know it's not performing validation, I inherited the namespace from the former recipe author and haven't corrected it yet -- it used to support UserAuth and return false on failure):

function ValidateUser ($username, $password) {
        global $Author;
        xes_error("Calling ValidateUser");
        $Author = $_POST['authid'] = $username;
        $_POST['authpw'] = $password;
        return true;
}


Crisses
--If PmWiki plug-ins are recipes, then I'm a chef! Or at least a line cook.  :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20140211/67b3dd22/attachment.html>


More information about the pmwiki-users mailing list