01143: using CondAuth in config.php allow edit rights

Summary: using CondAuth in config.php allow edit rights
Created: 2009-09-20 12:18
Status: Closed
Category: Bug
From: ThomaS?
Priority: 5
Version: 2.2.5
OS: linux - php 5.2.8


I suspect finding a bug
When I write :

 if (CondAuth($pagename,'edit')) { blabla }
 $DefaultPasswords['edit'] = crypt(password);

I don't need password to edit the pages !

When I write only :

 $DefaultPasswords['edit'] = crypt(password);


 $DefaultPasswords['edit'] = crypt(password);
 if (CondAuth($pagename,'edit')) { blabla }

then I need password to edit the pages... that seems to be ok.

I desactive my farmconfig.php and all in the config.php either this 1 or 2 lines
I don't explain that ! Is it a bug ?

Thanks for pmwiki

Yes, if you call CondAuth before setting any passwords, it will (1) return the default PmWiki state (edit allowed) and (2) will cache the authorization to speed up subsequent calls without requiring to re-open the same disk files. This is an expected and documented behavior, please see at the bottom of the page LocalCustomizations (order of customizations in config.php) for more information. --Petko September 20, 2009, at 12:29 PM

OK, the problem is that I can't use if (CondAuth($pagename,'edit')) { blabla } in farmconfig.php because this file is load before config.php...
Is it any solution to use that ?

Yes, you can manually include config.php from farmconfig.php, and call CondAuth and other functions below.

  # near the end of farmconfig.php
  if (CondAuth($pagename,'edit')) { blabla; }

OK, Thanks