[pmwiki-users] Problem with ActionLog recipe

marc gmane at auxbuss.com
Sun Jan 28 12:00:56 CST 2007


f.r.salomons said...
> I have a problem with ActionLog recipe.
> My website is intended for use by a restricted group only. Most pages 
> are restricted for viewing and editing. A while ago, I found out that 
> the ActionLog recipe is very useful for logging login/logout-actions by 
> members of the user group (see the thread "Re: Recipe for making logging 
> succesful logins?" some weeks ago). The ActionLog recipe makes it 
> possible to exclude logging simple actions like viewing or printing 
> pages. By excluding logging other actions as edit, diff, attr, etc, you 
> end up logging only login/logout actions.
> 
> So far so good. Only recently, I discovered that only part of the logins 
> are being logged! When a user logs in ON the main page (through the 
> login box which I created in the sidebar), everything is fine. The same 
>   goes for logins, performed on another non-restricted page. However, 
> when a user is prompted to log in when he tries to reach a 
> for-users-only-page, the login is NOT logged by ActionLog.
> 
> The difference seems to be that logins are only being recorded when 
> completed on a page for which the user already has enough rights. While 
> many users (I hope) are logging in simply by following a link to a 
> restricted page and then being - prompted for it - giving their 
> username/password, I would like to log that also.
> 
> Any advice would be welcome!

I also use a sidebar login. You will hit quite a few issues when 
circumventing script assumptions based on the PmWiki default login 
($AuthPromptFmt), some from the core.

Better, imo, is to remove this altogether. (I can tell you how I do 
this, should it be of interest.)

I would prefer to see PmWikiAuth() 'fixed', so that login handlers can 
be written that run to completion. Currently, PmWikiAuth forces an exit
(), thus aborting a custom login handler. (I have mentioned this to Pm, 
so I'm sure that there are good reasons for leaving things as they are. 
I understand that this would be a significant change.)

Anyway, what happens is that $action is set to 'edit' or 'upload' or 
whatever action triggered the login request by your user, and this is 
what is used when the user fills in their user name and password to 
login. If you have configured actionlog to only respond to action=login, 
then it will not be triggered in these cases. Thus, the problem is not 
with actionlog, since it is never invoked.

Now, while I can see why Patrick did things this way, I think some of us 
are operating ways not originally expected and this is causing an 
increasing number of issues, so I would dearly love to see us sort it 
out.

-- 
Cheers,
Marc




More information about the pmwiki-users mailing list