====== phash login ======
* Tip by [[emauvaisfr@yahoo.fr]]
* Tested on Dokuwiki 2008-05-05
===== Purpose =====
* By default, you can't access RSS feed when you are not logged in.
* With this modification, you can add a login from the URL (GET) using a phash password (so that your real password doesn't appears on the network).
* Then you can add dokuwiki URL feeds to your RSS reader.
===== Result =====
{{http://emauvais.multimania.com/dokuwiki/phashLogin.png | Example}}
===== What to do =====
* Adding the phash parameter in **./inc/auth.php**:
[...]
// do the login either by cookie or provided credentials
if($conf['useacl']){
if($auth){
if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
//Possibilite de passer un parametre phash contenant le hash du mot de passe plutot que le mot de passe en clair...
//Ability to send a phash parameter (the password hash) instead of the password itself
if (isset($_REQUEST['phash'])) $_REQUEST['p'] = PMA_blowfish_decrypt(urldecode($_REQUEST['phash']),auth_cookiesalt());
///phash
[...]
* Modification of the RSS links into **./inc/template.php** to add the phash parameter:
[...]
if($alt){
//Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
//Sends the user and the password hash into the RSS URL
if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php');
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Current Namespace',
'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace']);
}
else {
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Recent Changes', 'href'=>DOKU_BASE.'feed.php?u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Current Namespace',
'href'=>DOKU_BASE.'feed.php?mode=list&ns='.$INFO['namespace'].'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
}
///phash
if($ACT == 'search'){
//Passage de l'utilisateur et du hash du mot de passe dans l'adresse du flux rss
//Sends the user and the password hash into the RSS URL
if (!$_SESSION[DOKU_COOKIE]['auth']['user'] || !$_SESSION[DOKU_COOKIE]['auth']['pass']) {
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Search Result',
'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY);
}
else {
$head['link'][] = array( 'rel'=>'alternate', 'type'=>'application/rss+xml',
'title'=>'Search Result',
'href'=>DOKU_BASE.'feed.php?mode=search&q='.$QUERY.'&u='.urlencode($_SESSION[DOKU_COOKIE]['auth']['user']).'&phash='.urlencode($_SESSION[DOKU_COOKIE]['auth']['pass']));
}
///phash
}
[...]
* You can also modify your template's **footer.html** file (./lib/tpl/arctic/footer.html for example):
[...]
" title="Recent changes RSS feed">
[...]
===== Discussion =====
* Tell me...
>Not sure why, but it doesn't work for me on DokuWiki 2008-05-05. Could it be because I use ldap auth?
>-- Jack_Strap
>It must have been an issue with caching or using old cookies. I cleared all cookies and now it works.
> -- Jack_Strap
>Which field in the users.auth.php is the hash?
>for example here, which part of the middle field is the hash used in this "tip"?
>username:$1$f341b449$DP72XmvXuHzJCtiYLWJcq1:name:groups
>>The hash doesn't come from the users.auth.php.
>>It is read from a cookie that contains the password hash of the user: ''$_SESSION[DOKU_COOKIE]['auth']['pass'])''