On Wed, Feb 9, 2011 at 10:44 AM, Martin Kerz <[email protected]> wrote:
> Can I somehow login directly by something like
> »http://testwiki.org/Home/Start?user=test?password=test« to the URL if
> I'm using the AuthUser setting?
It seems like a really bad security hole...but if you're OK with that...
Here are the relevant lines in authuser.php:
===(snip)===
if (@$_POST['authid'])
AuthUserId($pagename, stripmagic(@$_POST['authid']),
stripmagic(@$_POST['authpw']));
===(snip)===
Obviously $_POST is being used intentionally to avoid the possible
security ramifications. But you could put something like this in
config.php (before you include authuser.php if you are doing that
explicitly):
===(snip)===
if (@$_REQUEST['u'])
AuthUserId($pagename, stripmagic(@$_REQUEST['u']),
stripmagic(@$_REQUEST['p']));
===(snip)===
Then you could log in with this:
http://testwiki.org/Home/Start?u=test?p=test
I haven't tested this -- use at your own risk.
-Peter
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
