[pmwiki-users] Fox: replace password in SiteAdmin.AuthUser?
pmwiki.johnny1000 at spamgourmet.com
pmwiki.johnny1000 at spamgourmet.com
Sat Feb 11 05:04:27 PST 2023
Thank you Hans, for your helpful answer :o)
I now have it working :o)
For others with a similar problem:
"{$$(mycrypt {$$new_password})}", with "$$" before '(', solves the
problem of getting the form password passed to the "mycrypt" markup
expression.
It's in the fox documentation, but I didn't properly understand it. I
think I do now, thanks to Hans :)
I also found out why "$2y$10$" got turned into "y$".
I'm using (:foxreplace put=regex ...:) to replace the password.
(:foxreplace put=regex ...:) uses PHP preg_replace($pattern,
$replacement, $subject)
In $replacement, "$n", where 'n' can be one or more digits, is a back
reference to a matching capturing subgroup in $pattern.
If a back reference has no matching capturing subgroup, the back
reference will be replaced with the empty string.
Since my $pattern does not contain any capturing subgroups, "$2" and
"$10" in $replacement both get replaced with the empty string, leaving
only "y$" as a result.
If the last '$' is followed by a digit, only a single 'y' will be left.
The solution to this is for the "mycrypt" markup expression to return
the encrypted string with all '$' characters escaped.
So my new "mycrypt" markup expression now looks like this:
$MarkupExpr['mycrypt'] = 'mycrypt($args[0])';
function mycrypt($string) {
return str_replace('$', '\$', pmcrypt($string));
}
Finally, reading the fox documentation, I have changed "{$Author}" to
"{=$Author}", so the username of the user changing their password will
not be in plain text in the HTML source.
Next stop: password validation.
Thank you again, Hans, for your kind help :o)
Best regards :o)
Johnny :o)
More information about the pmwiki-users
mailing list