Hi > Attached patch adds two new events to dokuwiki to facilitate > authentication of signed requests as well as to sign outgoing HTTP requests. Nice, I got a question about the changes in auth.php though: - auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); + $evt = new Doku_Event('ACTION_ON_AUTH',$ACT); + $evt->advise_before(); + if(empty($_SERVER['REMOTE_USER'])) { + auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); + } + $evt->advise_after(); + unset($evt); You add a if(empty($_SERVER['REMOTE_USER'])) check which IMHO would prevent logging in where DokuWiki runs within a Webserver (basic auth) protected environment. I assume you added this to be able to set REMOTE_USER in the before event handler. Shouldn't we better use + if($evt->advise_before()) { + auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); + } instead? Andi -- splitbrain.org -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist