On 2016-10-23 01:55, Tyler Spivey wrote:
On 10/21/2016 1:15 AM, Petko Yotov wrote:
If I understand correctly, one could set to 'nopass'
$DefaultPasswords['admin'] or $DefaultPasswords['upload'] to allow
anyone to edit everywhere or to upload. But this is probably unneeded
on
the vast majority of the websites running on PmWiki.
The way I understood it from the documentation was that nopass was used
as an edit password to allow unprotected editing of a page whose group
had an edit password, or for editing of a group protected by a site
password, or unprotecting a page otherwise protected by a password.
For such groups or pages one should now use "@nopass", not "nopass".
But indeed, many years ago the encrypted "nopass" password could be used
in such places. The snippet ensures backward compatibility for old wiki
pages.
For stats close to the real life usage, you might enable cookies in
curl, like most real users will have cookies allowed. The session data
for authentication is stored, and the key is send to a browser cookie.
I tried this, with some interesting results. With $AllowPassword =
false, my page load times went back to what I would expect (55ms or
so).
When I edit a page, the expected password hashing is done to verify my
edit password.
Then when I go back, say to the homepage which has no password, it
still checks passwords, even when the site, group or page doesn't have
a read password which needs to be checked.
Do you again mean that pmcrypt() is called?
PmWiki will always try to read the current page as well as the
GroupAttributes page if it exists, and check their passwords. Opening
the files from the disk will require a few milliseconds, but if no
"passwdread" attributes are present, there shouldn't be a need to call
pmcrypt().
If one requires a different authentication logic, one can define the
$AuthFunction global variable with a custom function that does the
checking:
$AuthFunction = "MyPmWikiAuth"; # replacement for PmWikiAuth()
function MyPmWikiAuth($pagename,$level,$authprompt=true,$since=0){...}
Petko
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
