DokuWiki

It's better when it's simple

User Tools

Site Tools


tips:phashlogin

phash login

Purpose

  • By default, you can't access RSS feed when you are not logged in.
  • With this modification, you can add a login from the URL (GET) using a phash password (so that your real password doesn't appears on the network).
  • Then you can add dokuwiki URL feeds to your RSS reader.

Result

 Example

What to do

  • Adding the phash parameter in ./inc/auth.php:
    [...]
      // do the login either by cookie or provided credentials
      if($conf['useacl']){
        if($auth){
          if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
          if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
          if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
     
          //Possibilite de passer un parametre phash contenant le hash du mot de passe plutot que le mot de passe en clair...
          //Ability to send a phash parameter (the password hash) instead of the password itself
          if (isset($_REQUEST['phash'])) $_REQUEST['p'] = PMA_blowfish_decrypt(urldecode($_REQUEST['phash']),auth_cookiesalt());
          ///phash
    [...]
  • Modification of the RSS links into ./inc/template.php to add the phash parameter:
    [...]
      if($alt){
        //Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
        //Sends the user and the password hash into the RSS URL
        if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
          $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                   'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php');
          $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                   'title'=>'Current Namespace',
                                   'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace']);
        }
        else {
          $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                   'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php?u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
          $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                   'title'=>'Current Namespace',
                                   'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace'].'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
        }
        ///phash
     
        if($ACT == 'search'){
          //Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
          //Sends the user and the password hash into the RSS URL
          if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
            $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                     'title'=>'Search Result',
                                     'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY);
          }
          else {
            $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
                                     'title'=>'Search Result',
                                     'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY.'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
          }
          ///phash
        }
    [...]
  • You can also modify your template's footer.html file (./lib/tpl/arctic/footer.html for example):
    [...]
      <a target="_blank" href="<?php echo DOKU_BASE?>feed.php<?if ($_SESSION[DOKU_COOKIE]['auth']['user'] && $_SESSION[DOKU_COOKIE]['auth']['pass']) echo "?u=".urlencode($_SESSION[DOKU_COOKIE]['auth']['user'])."&phash=".urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']);?>" title="Recent changes RSS feed"><img src="<?php echo DOKU_TPL?>images/button-rss.png" width="80" height="15" alt="Recent changes RSS feed" border="0" /></a>
    [...]

Discussion

  • Tell me…
Not sure why, but it doesn't work for me on DokuWiki 2008-05-05. Could it be because I use ldap auth?
– Jack_Strap
It must have been an issue with caching or using old cookies. I cleared all cookies and now it works.
– Jack_Strap
Which field in the users.auth.php is the hash?
for example here, which part of the middle field is the hash used in this “tip”?
username:$1$f341b449$DP72XmvXuHzJCtiYLWJcq1:name:groups
The hash doesn't come from the users.auth.php.
It is read from a cookie that contains the password hash of the user: $_SESSION[DOKU_COOKIE]['auth']['pass'])
tips/phashlogin.txt · Last modified: 2009-04-27 09:54 by 145.242.11.14 · Currently locked by: 2405:201:c042:71d0:cddd:cd7e:73a5:d362

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki