On Thursday, 28 May 2009 7:42 PM, Oliver Betz <list...@gmx.net> wrote:
>john.ran...@affinity.co.nz wrote:
>
>[...]
>>
>>With my current problem, it is a server doing the requesting,
>>and in this particular case it is not being allowed to access the
>>wiki. Although it has a static address, you are correct about
>the
>
>...and it will also have a reverse DNS entry. This makes things much
>simpler.
>
>>dynamic IP address case. Peter's suggested approach can satisfy
>>this, if the dynamic address can be expressed as a regular
>>expression; at least, I think that's the case.
>
>I don't think so. You need gethostbyname() to get the address from the
>host name. And you need to call gethostbyname() for each entry in your
>list so this might get expensive.
In my case I don't need to look up the host name, as I know
the IP address of the hosting service's proxy server, which
is issuing the http request to the wiki server. So if the
wiki server sees a request from that IP address, we need to
have pmwiki grant the request read access to the wiki.
>
>[...]
>
>>Eemeli Aro suggested a related approach some time ago,
>>for when the IP address is known, although it doesn't seem
>>to work in my current case:
>>
>>/*
>> To use, put the following in your SiteAdmin.AuthUser file:
>> ip: username ip-address
>>*/
>>$AuthUserFunctions['ip'] = 'AuthUserIP';
>>function AuthUserIP($pagename, $id, $pw, $pwlist) {
>> $i = '';
>> foreach ( (array)$pwlist as $d ) {
>> if ($d==$id) { $i = $d; continue; }
>> if ( $i && ( $_SERVER['REMOTE_ADDR'] == $d ) ) return true;
>> }
>> return false;
>>}
>
>I can't assign certain auth levels / ids with this approach,
>can I?
You can, but not directly. In local/config.php, add a line
of the form
$DefaultPasswords['edit'] = "id:username";
where username is the user name associated with the IP
address listed on SiteAdmin.AuthUser. See PmWiki/AuthUser.
However, on closer inspection of scripts/authuser.php, I
now see that this approach is not going to work as written,
since the $AuthUserFunctions are only called when both
$_POST['authuser'] and $_POST['authpw'] are set. What we
want to do is authorise the request without a username and
password, based on the IP address of the requestor.
>
>>Perhaps the DNSallow recipe can use a similar approach?
>
>DNSallow was only a sample page name. The recipe page is
>Cookbook/DNSauth.
My mistake; I meant DNSauth.
>
>I don't understand what you want to express by "Perhaps the DNSallow
>recipe can use a similar approach".
I'll use a modified form of Peter's code as an illustration of
how I think it might work (untested):
$AuthFunction = 'IPAuthFunction';
# allow read access from one known IP address
$PrivilegedIP = array('90\.91\.92\.93');
$IPPrivileges = array('read');
function IPAuthFunction($pagename, $level, $authprompt, $since)
{
global $PrivilegedIP, $IPPrivileges;
if (in_array($level, $IPPrivileges))
foreach ($PrivilegedIP as $ip)
if (preg_match("/^$ip$/", $_SERVER['REMOTE_ADDR']))
return ReadPage($pagename, $since);
return PmWikiAuth($pagename, $level, $authprompt, $since);
}
The pmwiki.php script calls $AuthFunction from RetrieveAuthPage
and returns the contents of the page, if authorised to do so.
Could a similar approach work in the case of authenticating
against a dynamic DNS entry?
JR
--
John Rankin
Affinity Limited
T 64 4 495 3737
F 64 4 473 7991
021 RANKIN
john.ran...@affinity.co.nz
www.affinity.co.nz
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
