[Phpwiki-talk] Re: Getting RSS from a protected wiki

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hallöchen!

Reini Urban <ru...@x-...> writes:

> Torsten Bronger schrieb:
>
>> I set user authentication to very strict values for our wiki.
>> Unfortunately, this means that my newsreader is unable to get the
>> RSS feed from RecentChanges.  Is it possible to authenticate via
>> the URL with some sort of parameters?  Or is it possible to
>> exclude the RSS from the authentication scheme?
>
> [...]
>
> RecentChanges should be viewable, otherwise you will get no rss feed.
> If you dont want to open that, setup another (action-)page which uses 
> the RecentChanges plugin and point the rss feed to this page.
>
> I assume you use ALLOW_ANON_USER = false.  Since you don't allow
> anonymous views why should anonymous rss work then?

I want to use "security by obscurity" if you wish.  I achieved this
today by the following hack.

In main.php, i added a "magic login":

    function updateAuthAndPrefs () {
        global $request, $magic_login;

        if ($request->getArg('magiclogin') == 'xx') {
            $magic_login = true;
            return;
        } $magic_login = false;
    ...

In PagePerm.php, I check of the "magic login":

        global $magic_login;
        ...
        if (!ALLOW_ANON_USER && !$magic_login) {
            if (!ALLOW_USER_PASSWORDS) 
        ...

And finally, in RssWriter.php, I attach "&magiclogin=xx" (or
"?magiclogin=xx") to all generated URLs, because my RSS reader
cannot resist to verify them.

It works, but if someone sees an obvious problem, I'd like to hear
it.  I don't know PHP and phpWiki well enough.

Tschö,
Torsten.

-- 
Torsten Bronger, aquisgrana, europa vetus