DokuWiki

It's better when it's simple

User Tools

Site Tools


tips:phashlogin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tips:phashlogin [2009-04-27 09:53]
145.242.11.14
tips:phashlogin [2009-04-27 09:54] (current)
145.242.11.14
Line 1: Line 1:
 +====== phash login ======
  
 +  * Tip by [[emauvaisfr@yahoo.fr]]
 +  * Tested on Dokuwiki 2008-05-05
 +
 +===== Purpose =====
 +
 +  * By default, you can't access RSS feed when you are not logged in.
 +  * With this modification, you can add a login from the URL (GET) using a phash password (so that your real password doesn't appears on the network).
 +  * Then you can add dokuwiki URL feeds to your RSS reader.
 +
 +
 +===== Result =====
 +{{http://emauvais.multimania.com/dokuwiki/phashLogin.png | Example}}
 +
 +===== What to do =====
 +
 +  * Adding the phash parameter in **./inc/auth.php**:<code php>
 +[...]
 +  // do the login either by cookie or provided credentials
 +  if($conf['useacl']){
 +    if($auth){
 +      if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
 +      if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
 +      if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
 + 
 +      //Possibilite de passer un parametre phash contenant le hash du mot de passe plutot que le mot de passe en clair...
 +      //Ability to send a phash parameter (the password hash) instead of the password itself
 +      if (isset($_REQUEST['phash'])) $_REQUEST['p'] = PMA_blowfish_decrypt(urldecode($_REQUEST['phash']),auth_cookiesalt());
 +      ///phash
 +[...]
 +</code>
 +
 +  * Modification of the RSS links into **./inc/template.php** to add the phash parameter:<code php>
 +[...]
 +  if($alt){
 +    //Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
 +    //Sends the user and the password hash into the RSS URL
 +    if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
 +      $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                               'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php');
 +      $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                               'title'=>'Current Namespace',
 +                               'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace']);
 +    }
 +    else {
 +      $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                               'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php?u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
 +      $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                               'title'=>'Current Namespace',
 +                               'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace'].'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
 +    }
 +    ///phash
 + 
 +    if($ACT == 'search'){
 +      //Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
 +      //Sends the user and the password hash into the RSS URL
 +      if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
 +        $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                                 'title'=>'Search Result',
 +                                 'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY);
 +      }
 +      else {
 +        $head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
 +                                 'title'=>'Search Result',
 +                                 'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY.'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
 +      }
 +      ///phash
 +    }
 +[...]
 +</code>
 +
 +  * You can also modify your template's **footer.html** file (./lib/tpl/arctic/footer.html for example):<code html>
 +[...]
 +  <a target="_blank" href="<?php echo DOKU_BASE?>feed.php<?if ($_SESSION[DOKU_COOKIE]['auth']['user'] && $_SESSION[DOKU_COOKIE]['auth']['pass']) echo "?u=".urlencode($_SESSION[DOKU_COOKIE]['auth']['user'])."&phash=".urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']);?>" title="Recent changes RSS feed"><img src="<?php echo DOKU_TPL?>images/button-rss.png" width="80" height="15" alt="Recent changes RSS feed" border="0" /></a>
 +[...]
 +</code>
 +
 +
 +===== Discussion =====
 +  * Tell me...
 +
 +>Not sure why, but it doesn't work for me on DokuWiki 2008-05-05. Could it be because I use ldap auth?
 +>-- Jack_Strap
 +
 +>It must have been an issue with caching or using old cookies. I cleared all cookies and now it works. 
 +> -- Jack_Strap
 +
 +>Which field in the users.auth.php is the hash?
 +>for example here, which part of the middle field is the hash used in this "tip"?
 +>username:$1$f341b449$DP72XmvXuHzJCtiYLWJcq1:name:groups
 +>>The hash doesn't come from the users.auth.php.
 +>>It is read from a cookie that contains the password hash of the user: ''$_SESSION[DOKU_COOKIE]['auth']['pass'])''
tips/phashlogin.txt ยท Last modified: 2009-04-27 09:54 by 145.242.11.14