2005-03-18
If the user hasn't logged in, and they click on a link that brings you to an area that they are excluded from via the ACL, then it is suggested that they login. HOWEVER, clicking on the login button also tells the user that they are not allowed to view that page. The user must return to a page they are allowed to see before they can login.
The validation for the namespace should be done *after* the user enters credentials, not before.
I believe this patch may fix this, though I'm not familiar enough with the code to know whether it is a 'good fix' or not. It seems to work for me though.
diff -Naur --exclude=conf --exclude=data --exclude=attic --exclude=changes.log dokuwiki.orig/doku.php dokuwiki/doku.php
--- dokuwiki.orig/doku.php 2005-02-18 08:04:39.000000000 -0500
+++ dokuwiki/doku.php 2005-03-17 18:40:28.010000000 -0500
@@ -122,7 +122,11 @@
//start output
header('Content-Type: text/html; charset='.$lang['encoding']);
if(substr($ACT,0,6) != 'export') html_header();
- if(html_acl($permneed)){
+
+ // Allow logins anywhere.
+ if ($ACT == 'login'){
+ html_login();
+ }elseif(html_acl($permneed)){
if($ACT == 'edit'){
html_edit();
}elseif($ACT == $lang['btn_preview']){
@@ -147,8 +151,6 @@
html_diff(con($PRE,$TEXT,$SUF),false);
}elseif($ACT == 'locked'){
html_locked($lockedby);
- }elseif($ACT == 'login'){
- html_login();
}elseif($ACT == 'register' && $conf['openregister']){
html_register();
}elseif($ACT == 'export_html'){