Add entry without beeing logged in

stadskle · Post by **stadskle** » Wed Apr 19, 2006 2:24 pm

Is it possible to configure Serendipity so that this is possible?

Thanks in advance.

Post by **garvinhicking** » Wed Apr 19, 2006 3:14 pm

That would be a HUGE security problem if anyone could add entries to your blog and access your backend without credentials. I would really only suggest to do this in an intranet blog.

There would be ways to create a plugin for you that logs you into s9y automatically without any user response. Or you could just edit your serendipity_config_local.inc.php file and insert this at the end:

Code: Select all

$serendipity['serendipityUser'] = 'Anon';
$_SESSION['serendipityPassword'] = '';
$_SESSION['serendipityAuthedUser'] = true;
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = 1;
$_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = 255;

You have been warned, though.

Regards,
Garvin

stadskle · Post by **stadskle** » Wed Apr 19, 2006 3:38 pm

Thank you!

I'm not planning on doing it. But it was necessary to know when developing our plugin.

Post by **garvinhicking** » Wed Apr 19, 2006 4:14 pm

Hi!

Yes, a plugin can basically override any authentication because it can call any serendipity function without checking the authentication.

Best regards,
Garvin

Add entry without beeing logged in

Add entry without beeing logged in

Re: Add entry without beeing logged in