[pmwiki-users] Include Password in URL string to access protected pages
Patrick R. Michaud
pmichaud at pobox.com
Wed Jun 27 22:18:49 CDT 2007
On Wed, Jun 27, 2007 at 04:49:24PM -1000, Sivakatirswami wrote:
> OK, we are planning to "ditch" Apache Basic Authentication and
> use PMwiki password protection (not AuthUser, just simple passwords)
>
> What will the CURL URL access strings be now?
>
> something like
>
> (wild guess, but to give an idea of what we might expect:)
>
> http://my.wiki.org/ProtectedGroup.DataPage?action=login&password="bananas"
If you're using curl as a command-line tool, try the -d option:
curl -d authpw=banana http://my.wiki.org/ProtectedGroup.DataPage
This generates a POST request for the page, exactly as if someone
had filled in the authorization form.
This can also be done with the password as part of the url, but be aware
that the password will appear (in cleartext) in the server logs
as part of the request string. If you're okay with that, then you
can do a local customization like:
if (@$_GET['authpw']) SDV($_POST['authpw'], $_GET['authpw']);
This allows passwords to come from url strings as well as forms.
Then a url like the following should work:
http://my.wiki.org/ProtectedGroup.DataPage?authpw=bananas
No need to go through a separate "log in" step, just provide the
password as part of the request.
Pm
More information about the pmwiki-users
mailing list