[pmwiki-users] RSS & password-protected pages

Patrick R. Michaud pmichaud at pobox.com
Wed Oct 18 08:45:26 CDT 2006


On Wed, Oct 18, 2006 at 12:28:38PM +0200, Mike wrote:
> Patrick R. Michaud wrote on 18.10.2006 07:03:
> > While the PHP code does know the cleartext passwords that have been
> > entered for a session, it doesn't really know which one is the
> > "correct"
> > one.  Still, we could possibly have a custom {$AuthPw} variable that
> > returns the last password enetered, and maybe that would be good
> > enough.
> 
> 
> I think I figured it out after all:
> 
> session_start();
> if (!empty($_POST['authpw'])){
> 	$_SESSION['storeauthpw'] = $_POST['authpw'];
> }
> 	$FmtPV['$AuthPw'] = $_SESSION['storeauthpw'];
> 
> does the trick quite well!

This works, although one could run into issues with certain
passwords triggering some unwanted behaviors in $FmtPV.  
Perhaps the following instead, which returns the last password
entered:

    $FmtPV['$AuthPw'] = 'reset(array_keys((array)@$_SESSION["authpw"]))';

Pm




More information about the pmwiki-users mailing list