[pmwiki-users] Dumb Question: Access Classes without AuthUser?

Tegan Dowling tmdowling at gmail.com
Tue Nov 6 07:57:27 CST 2007


On Nov 6, 2007 7:35 AM, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Tue, Nov 06, 2007 at 02:39:38AM -0500, Stirling Westrup wrote:
> > I've got a PmWiki website that I also use as a personal information manager.
> > Right now I'm not using AuthUser, since there's only two classes of access:
> > public and private.
> >
> > Now, I've been thinking of putting up some content that I want to limit to a
> > few close friends. Rather than going the full AuthUser route, I'd like to just
> > introduce some passwords that would give varying degrees of access to the
> > internals. As such, I would have group passwords, but no usernames. Such a
> > scheme might look like:
> >
> > $DefaultPasswords['@personal']  = crypt("JustMePassword");
> > $DefaultPasswords['@intimates'] = crypt("VeryCloseFriendsPassword");
> > $DefaultPasswords['@friends']   = crypt("FriendsPassword");
> > $DefaultPasswords['@prerelease']= crypt("AlmostPublicPassword");
>
> Yes, except that $DefaultPasswords is normally tied to actions and
> not to accounts...
>
> I think you can get what you want by doing something like:
>
>   if (@$_POST['authpw']) {
>     $AuthGroupPasswords = array(
>       '@personal' => crypt("JustMePassword"),
>       '@intimates' => crypt("VeryCloseFriendsPassword"),
>       '@friends' => crypt("FriendsPassword"),
>       '@prerelease' => crypt("AlmostPublicPassword"));
>     #  loop through all of the group/password combinations, setting
>     #  $authlist[group] to 1 for any matches
>     foreach($AuthGroupPasswords as $g => $pw) {
>       if (crypt($_POST['authpw'], $pw) == $pw)
>         $authlist[$g] = 1;
>     }
>     #  if we had any matches, then authorize the group for this session.
>     if ($authlist) SessionAuth($pagename, array('authlist'=>$authlist));
>   }
>
> I haven't tested the above, but it should be fairly close.
>

When this is confirmed to work, could someone please add it to the
cookbook?  I almost always use the default, password-based
authentication, rather than any of the user-based authentication
schemes, and this would be very, very useful for some of my sites that
have several categories of user, but that have fairly high turnover in
who those users are -- like a school, for instance.

If I understand this correctly, I could set the edit password for a
given group as @student, and then in my config I could re-define the
@student password each year.  Is that right?

Thanks!



More information about the pmwiki-users mailing list