[pmwiki-users] I need to check page auth (AuthUser) inside of php
Patrick R. Michaud
pmichaud at pobox.com
Wed Aug 8 16:20:11 CDT 2007
On Wed, Aug 08, 2007 at 03:58:04PM -0500, Chris Cox wrote:
> I saw that (:if auth edit:) that the 'auth' was defined as:
> $Conditions['auth'] =
> '@$GLOBALS["PCache"][$GLOBALS["pagename"]]["=auth"][trim($condparm)]';
It may have been defined that way at one time, but that's no
longer the definition. The correct one is:
$Conditions['auth'] = 'NoCache(CondAuth($pagename, $condparm))';
> I guess I'm stupid though.. how can I make an 'if' statement
> in php to check if the user is authorized for a particular
> thing (edit, read, etc) on a specific page??
if (CondAuth($pagename, 'edit')) { ## user can edit $pagename ## }
> I'm trying to figure out some way of making SSL password page
> (which is difficult since the auth form is not really a "page")
> work right.
The authentication form is Site.AuthForm, but you're correct that
it doesn't display as its own page.
> There's just way too many ways the existing recipes fail to
> let go of SSL encryption after the password entry part.
> If I can test to see if the user has the ability to perform
> the "action" on the page, I can redirect (I think) to
> not using SSL.
In the general case redirecting to not using SSL causes
the authorization to be lost, since (I think) the session cookie
is tied to the https:// protocol.
However, I've been working on modifying the authorization form
so that it uses SSL if available, and then automatically drops
back to non-SSL connections (with the session intact even for
the non-SSL connection). I'll bump up the priority on this one,
since I need it as well for a project I'm doing.
Pm
More information about the pmwiki-users
mailing list