Menu
▾
▴
[Phpwiki-talk] User authentication patch
|
From: Dan F. <dfr...@cs...> - 2004-05-11 18:09:09
|
I was having a problem. I have a Phpwiki 1.3.9+ site. It has a .htaccess
file with a single username/password pair. The intent is that once you
enter that site-wide user/pw, each editor then logs in with their own
WikiWord to have the right tracking in the change logs. Only for some
reason you had to log on for each page, hence over and over again. I
found out why: the Apache-authenticated user was being taken before the
login provided by the user in the Phpwiki "Sign in as:" window. This was
wrong for me, I attach a patch below.
My index.php auth settings are:
$USER_AUTH_ORDER =
array(
"PersonalPage",
"Db",
) ;
Perhaps my index.php authentication settings should be different, but it
still seems to me the Phpwiki login should trump the .htaccess login ..
hmm, maybe not always? Could I fake my way in with a trumped-up cookie?
Dan
diff -b -u -r1.3 main.php
--- main.php 14 Apr 2004 21:57:25 -0000 1.3
+++ main.php 11 May 2004 18:01:21 -0000
@@ -568,12 +568,15 @@
}
function _deduceUsername() {
+ // User login on the Wiki page.
+ //
+ // DSF: Overrides browser pop-up window, to allow the whole site to
+ // be behind browser authentication with one username/pw, then
+ // each page editor to have their own login.
+ //
+
if (!empty($this->args['auth']) and
!empty($this->args['auth']['userid']))
return $this->args['auth']['userid'];
- if (!empty($_SERVER['PHP_AUTH_USER']))
- return $_SERVER['PHP_AUTH_USER'];
- if (!empty($_ENV['REMOTE_USER']))
- return $_ENV['REMOTE_USER'];
if ($user = $this->getSessionVar('wiki_user')) {
$this->_user = $user;
@@ -586,6 +589,14 @@
return $userid;
}
}
+
+ // User login through a browser pop-up window
+ if (!empty($_ENV['REMOTE_USER']))
+ return $_ENV['REMOTE_USER'];
+
+ if (!empty($_SERVER['PHP_AUTH_USER']))
+ return $_SERVER['PHP_AUTH_USER'];
+
return false;
}
|
