Main features:
Note on better ways to achieve the same result:
&FindId
routine does a linear search.
$UserID
is alphanumeric and contains the username. Then you would not need the username and password fields in $Userdata
.
http://wiki.example.com/Setting_A_Good_Example
and edits use http://wiki.example.com/edit/action=edit&id=Setting_A_Good_Example
. The Apache can authenticate separately, with a userid/password only being required for the edit subdirectory.
--- /home/martin/downloads/usemod10/wiki.pl 2003-09-11 22:21:02.000000000 +1000 +++ wiki.pl 2004-07-24 13:22:54.000000000 +1000 @@ -382,7 +392,7 @@ } sub Tss { - my $text = @_[0]; + my $text = $_[0]; $text = T($text); $text =~ s/\%([1-9])/$_[$1]/ge; @@ -434,9 +454,9 @@ $UserID = $UserCookie{'id'}; $UserID =~ s/\D//g; # Numeric only if ($UserID < 200) { - $UserID = 111; + &FindId(); # only if no cookie } else { - &LoadUserData($UserID); + &LoadUserData(); } if ($UserID > 199) { if (($UserData{'id'} != $UserCookie{'id'}) || @@ -450,6 +470,30 @@ } } +sub FindId { + my $fname = "$DataDir/usermap"; + my $user = $ENV{'REMOTE_USER'}; + if (-f $fname) { + my $data = &ReadFileOrDie($fname); + for my $ul (split("\n", $data)) { + if ($ul =~ /([0-9]+):(.*)/) { + my ($idc, $userc) = ($1, $2); + if (($userc eq $user) && ($idc > 199)) { + $UserID = $idc; + &LoadUserData(); + if (!defined($UserData{'password'}) || + ($UserData{'password'} eq '')) { + $SetCookie{'id'} = $idc; + $SetCookie{'randkey'} = $UserData{'randkey'}; + $SetCookie{'rev'} = 1; + } + } + } + } + } + $UserID = 111; +} + sub DoBrowseRequest { my ($id, $action, $text); @@ -1675,6 +1777,8 @@ s/----+/<hr class=wikiline>/g; } } + my $signature = Signature(); + s/~~/$signature/g; if ($doLines) { # 0 = no line-oriented, 1 or 2 = do line-oriented # The quote markup patterns avoid overlapping tags (with 5 quotes) # by matching the inner quotes for the strong pattern. @@ -2344,7 +2448,7 @@ $Section{'ip'} = $ENV{REMOTE_ADDR}; $Section{'host'} = ''; # Updated only for real edits (can be slow) $Section{'id'} = $UserID; - $Section{'username'} = &GetParam("username", ""); + $Section{'username'} = &UserName(); $Section{'data'} = $data; $Page{$name} = join($FS2, %Section); # Replace with save? } @@ -2448,7 +2552,7 @@ $Section{'ts'} = $Now; # Updated every edit $Section{'ip'} = $ENV{REMOTE_ADDR}; $Section{'id'} = $UserID; - $Section{'username'} = &GetParam("username", ""); + $Section{'username'} = &UserName(); $Section{'data'} = $data; $Page{$name} = join($FS2, %Section); } @@ -2981,9 +3085,9 @@ if ($NumberDates) { return ($year + 1900) . '-' . ($mon+1) . '-' . $mday; } - return ("January", "February", "March", "April", "May", "June", + return $mday . ' ' . ("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", - "December")[$mon]. " " . $mday . ", " . ($year+1900); + "December")[$mon] . " " . ($year+1900); } sub CalcTime { @@ -3271,7 +3375,7 @@ print T($EditNote) . '<br>'; # Allow translation } print $q->submit(-name=>'Save', -value=>T('Save')), "\n"; - $userName = &GetParam("username", ""); + $userName = &UserName(); if ($userName ne "") { print ' (', T('Your user name is'), ' ', &GetPageLink($userName) . ') '; @@ -3447,6 +3554,7 @@ return; } $username = &GetParam("p_username", ""); + $username = $ENV{'REMOTE_USER'} if $username =~ /^\s*$/; if ($FreeLinks) { $username =~ s/^\[\[(.+)\]\]/$1/; # Remove [[ and ]] if added $username = &FreeToNormal($username); @@ -3471,7 +3579,7 @@ undef $UserData{'password'}; } elsif ($password ne "*") { print T('Password changed.'), '<br>'; - $UserData{'password'} = $password; + $UserData{'password'} = CryptPass($EditPass, $password); } if (($AdminPass ne "") || ($EditPass ne "")) { $password = &GetParam("p_adminpw", ""); @@ -3480,7 +3588,7 @@ undef $UserData{'adminpw'}; } elsif ($password ne "*") { print T('Administrator password changed.'), '<br>'; - $UserData{'adminpw'} = $password; + $UserData{'adminpw'} = CryptPass($AdminPass, $password); if (&UserIsAdmin()) { print T('User has administrative abilities.'), '<br>'; } elsif (&UserIsEditor()) { @@ -3614,6 +3722,9 @@ $UserData{'createtime'} = $Now; $UserData{'createip'} = $ENV{REMOTE_ADDR}; &SaveUserData(); + + my $fname = "$DataDir/usermap"; + &AppendStringToFile($fname, $UserID . ':' . $ENV{'REMOTE_USER'} . "\n"); } sub DoEnterLogin { @@ -3644,8 +3755,8 @@ $UserID = $uid; &LoadUserData(); if ($UserID > 199) { - if (defined($UserData{'password'}) && - ($UserData{'password'} eq $password)) { + if (defined($UserData{'password'}) && + ($UserData{'password'} eq CryptPass($EditPass, $password))) { $SetCookie{'id'} = $uid; $SetCookie{'randkey'} = $UserData{'randkey'}; $SetCookie{'rev'} = 1; @@ -3916,6 +4027,8 @@ } # Add a newline to the end of the string (if it doesn't have one) $string .= "\n" if (!($string =~ /\n$/)); + my $signature = Signature(); + $string =~ s/~~/$signature/g; # Lock before getting old page to prevent races # Consider extracting lock section into sub, and eval-wrap it? # (A few called routines can die, leaving locks.) @@ -3964,7 +4077,7 @@ &DoEdit($id, 0, $pgtime, $string, 1); return; } - $user = &GetParam("username", ""); + $user = &UserName(); # If the person doing editing chooses, send out email notification if ($EmailNotify) { &EmailNotify($id, $user) if &GetParam("do_email_notify", "") eq 'on'; @@ -5089,6 +5202,26 @@ print Ts('Recommended $StartUID setting is %s.', $maxID + 100) . '<br>'; print &GetCommonFooter(); } + +sub Signature { + return ($FreeLinks ? '[[' : '') . UserName() . ($FreeLinks ? ']]' : '') . ' ' . TimeToText($Now); +} +sub UserName { + my ($userName); + $userName = &GetParam("username", ""); + $userName = ucfirst($ENV{'REMOTE_USER'}) if $userName =~ /^\s*$/; + return $userName; +} + +sub CryptPass { + my ($salt, $pass) = @_; + if (!$salt) { + my $lets = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $salt = substr($lets, rand(62),1 ) . substr($lets, rand(62), 1); + } + return crypt($pass, $salt); +} + #END_OF_OTHER_CODE &DoWikiRequest() if ($RunCGI && ($_ ne 'nocgi')); # Do everything.
@@ -3205,6 +3205,13 @@ my ($header, $editRows, $editCols, $userName, $revision, $oldText); my ($summary, $isEdit, $pageTime); + if (!&UserName()) { + print &GetHeader("", T('Editing Denied'), ""); + print Ts('Editing not allowed without a username. Please set your Preferences.', $SiteName); + print &GetCommonFooter(); + return; + } + if ($FreeLinks) { $id = &FreeToNormal($id); # Take care of users like Markus Lude :-) }