Menu
▾
▴
[Phpwiki-talk] Small patch concerning auth. (fwd)
|
From: Steve W. <sw...@pa...> - 2001-12-07 18:24:51
|
This got lost in my ever-expanding inbox... sorry...
~swain
---
http://www.panix.com/~swain/
"Without music to decorate it, time is just a bunch of boring
production deadlines or dates by which bills must be paid."
-- Frank Zappa
---------- Forwarded message ----------
Date: Fri, 16 Nov 2001 01:59:45 -0800
From: Yaacov Akiba Slama <sl...@ya...>
To: sw...@pa...
Subject: Small patch concerning auth.
Hi,
I installed phpwiki-1.3.1 and I put it in a directory with
an .htaccess file because its a private wiki (even if it is
on a public webserver).
In such a configuration, the webserver (apache in my config)
handles all the auth, including the password. So the
password need not - in theory, and also with my patch - to
be in index.php.
So I modified the file lib/WikiUser.php (patch follow) so if
the ADMIN_PASSWD is NOT DEFINED, there is no verification of
the passwrd since it's already done by the webserver.
In this config, one has only to define the ADMIN_USER in
index.php and use the auth by the webserver.
Perhaps it's better to add a new boolean variable
USE_SERVER_AUTH ? I don't know.
Here the patch :
--- WikiUser.php.old Fri Nov 16 03:51:07 2001
+++ WikiUser.php Fri Nov 16 04:16:04 2001
@@ -145,7 +145,7 @@
$passwd = $this->_request->get('PHP_AUTH_PW');
if (!empty($userid) && $userid == ADMIN_USER) {
- if (!empty($passwd) && $passwd == ADMIN_PASSWD)
+ if (!defined('ADMIN_PASSWD') ||
(!empty($passwd) && $passwd == ADMIN_PASSWD))
return $userid;
}
elseif (ALLOW_BOGO_LOGIN
@@ -157,8 +157,8 @@
}
function _demand_http_authentication () {
- if (!defined('ADMIN_USER') || !defined('ADMIN_PASSWD')
- || ADMIN_USER == '' || ADMIN_PASSWD =='') {
+ if (!defined('ADMIN_USER') || ADMIN_USER == ''
+ || (defined('ADMIN_PASSWD') && ADMIN_PASSWD
=='')) {
return
"<p><b>"
. gettext("You must set the administrator
account and password before you can log in.")
|
