What's the status of HTTPd Auth? I added the auth part to .htaccess but nothing happens. Login box appears and I can log in with both the pass stored in htpass and the one stored in database.
For that to work I did this in index.php
Thorsten wrote:does it work with these two additional lines of code?
Not really...
With this additional two lines of code I can log in with both of my accounts (the one stored in htpass file using AuthHttp, and the other AuthDb I think...). The only problem is that login only works when I use the login form.
In my opinion AuthHttp should work in a way so that if I already pass credentials using the httpd's Auth system ($_SERVER['PHP_AUTH_USER'] variable) then phpMyFAQ should notice it and use that data to log me in automatically instead of using the form.
Thorsten wrote:For custom auth classes please take a look into the folder inc/PMF_Auth/ and look at the files inside.
What kind of authentication do you want to add?
I did. They do not seem like a difficult mechanism. As for what kind of auth do I want is still a question. We would like to integrate it with our website, so most likely it will be cookie based auth system.
Einon wrote:With this additional two lines of code I can log in with both of my accounts (the one stored in htpass file using AuthHttp, and the other AuthDb I think...). The only problem is that login only works when I use the login form.
In my opinion AuthHttp should work in a way so that if I already pass credentials using the httpd's Auth system ($_SERVER['PHP_AUTH_USER'] variable) then phpMyFAQ should notice it and use that data to log me in automatically instead of using the form.
you're right. I'll take a look at it how to improve this.
Thorsten wrote:you're right. I'll take a look at it how to improve this.
Suggestion:
Add a new config option as to what authentication class (more advanced: ordered list of authentication classes) should be used.
Extend the Auth classes with a function that tries to guess if a user is logged in like checking cookie, checking php_auth_user, and if yes restore the user from session.
I would implement this myself providing you a patch, but simply at this moment I don't have time to learn OO PHP now.