question though. I'm creating a form like this:
form_html += "<form method=post action=/api_v2/>";
form_html += "<b>Email:</b><br><input name=email>";
form_html += "<input name=op value=AddUser type=hidden>";
form_html += "<input name=_type value=jsontext type=hidden>";
form_html += "<input name=admin_key value=" + adduser_key + "
type=hidden>";
form_html += "<input name=perm value=read type=hidden>";
form_html += "<input name=password value=email type=hidden><br>";
form_html += "<input value='Sign Up!' type=submit>";
form_html += "<input type=hidden name=_after_success value='/
signupsuccess'>";
form_html += "<input type=hidden name=_after_error value='/
signupfailed'>";
form_html += "</form>";
but if I put "bob" in for my email address... rather than getting sent
to signupfailed I'm getting a server error 500.
> Dude, you're blowing my mind here.
> I agree it'd be great to have a PBwiki-only solution for that. I've
> been sketching out a mechanism for the
> rights-for-particular-operations keys and I think I have a workable
> solution, will update if/when that's something available to test out.
> My ideal world (short of a sort of 'Self-serve add-users plugin' )
> would allow something like this on the page, though we do fairly
> aggressive html sanitizing which removes form elements, needs a
> workaround to work ...
> Add yourself here:<br/>
> <form method=post action=https://nathan.pbwiki.com/api_v2/>
> run the op<input type=text name=op value=AddUser /><br/>
> your email<input type=text name=email /><br/>
> make up a new password<input type=password name=password /><br/>
> your perm will be read<input type=text name=perm value="read" /><br/>
> using opkey_adduser_read<input type=text name=opkey_adduser_read
> value="FAKE-KEY" /><br/>
> redirect _after_success<input type=text name=_after_success
> value="/FrontPage" /><br/>
> <input type=submit />
> </form>
> On Thu, Jun 12, 2008 at 2:15 PM, Tim <tim.laub...@gmail.com> wrote:
> > you're right...
> > that works great!
> > go ahead and add yourself to this wiki:
> >http://copytest2.pbwiki.com/addself
> > --still would be nice to have an entirely pbwiki way to do this :)
> > ASP page for adding users:
> > <html>
> > <body>
> > <%
> > username = Request.QueryString("username")
> > email = Request.QueryString("email")
> > wikiname = Request.QueryString("wiki")
> > if wikiname="" then
> > Response.Write("No Wiki Specified...")
> > Response.End
> > elseif wikiname = "copytest2" then
> > wikiadmin_email = "REDACTED"
> > wikiadmin_password = "REDACTED"
> > else
> > Response.Write("Unrecognized wiki <i>" + wikiname + "</i>...")
> > Response.End
> > end if
> > %>
> > <!--
> > <h1>Hello</h1>
> > <%= username %><br>
> > <%= email %><br>
> > -->
> > <%
> > dim objXMLHTTP
> > set objXMLHTTP = Server.CreateObject("Microsoft.XMLHTTP")
> > url = "https://my.pbwiki.com/"
> > login_post_data = "u_email=" + wikiadmin_email + "&u_password=" +
> > wikiadmin_password + "&u_remember=checked&submit_submit=Log+in&wiki="
> > objXMLHTTP.Open "POST", url, false
> > objXMLHTTP.SetRequestHeader "Content-type", "application/x-www-form-
> > urlencoded"
> > objXMLHTTP.Send login_post_data
> > if objXMLHTTP.status = 200 then
> > url = "http://" + wikiname + ".pbwiki.com/api_v2/op/AddUser/perm/
> > read/_type/jsontext/email/" + email +"/name/"+username+"/perm/edit"
> > objXMLHTTP.Open "GET", url, false
> > objXMLHTTP.Send
> > end if
> > %>
> > <br>
> > default password: email
> > <br>
> > <small>response:</small>
> > <table border=1><tr><td>
> > <%= objXMLHTTP.ResponseText %>
> > </td></tr></table><br>
> > <a href="http://<%=wikiname%>.pbwiki.com">Return</a>
> > </body>
> > </html>
> > On Jun 12, 11:40 am, "Nathan Schmidt" <nathan.schm...@pbwiki.com>
> > wrote:
> >> Tim,
> >> I like the idea of individually delegated auth for operations but at
> >> the same time we've got a pretty involved auth/security mechanism as
> >> is. I'll need to sleep on it and see if I can come up with a
> >> reasonable way of integrating your approach into what's there already.
> >> In particular your use case, which is self-service user administration
> >> sounds very close to a feature we'll be releasing very soon - 'Request
> >> Access' -- which will allow most of this functionality for users who
> >> aren't already part of your wiki. While this doesn't give you the
> >> automatic round-trip it's a start.
> >> Even if we were to have op-granularity keys, for the AddUser op it'd a
> >> bit more tricky -- you don't want to be just handing out a form which
> >> would allow someone to add themselves at an arbitrary permission, it'd
> >> need to be 'key-able-to-adduser-at-read-permision' which is a bit of
> >> plumbing I hadn't anticipated.
> >> Meanwhile, you could always host just a form somewhere else, catch the
> >> posted email and run the request from your server, then redirect the
> >> user back to the wiki. That's a little bit convoluted but is doable
> >> today.
> >> -n
> >> On Thu, Jun 12, 2008 at 10:48 AM, Tim <tim.laub...@gmail.com> wrote:
> >> > It'd be cool if the wiki administrator could set a static
> >> > authentication key for specific api calls....
> >> > these could be like passwords for those calls..
> >> > my use case for this would be for the adduser call... if you could set
> >> > "xyz123" as the wiki specific authentication key for that command,
> >> > then you could put a publicly accessible link on your frontpage that
> >> > would allow you to register yourself for the page...
> >> > This seems like it could be an alternative to the invite keys of
> >> > pbwiki 1.0...
> >> > Thoughts?
> >> > -Tim- Hide quoted text -
> >> - Show quoted text -- Hide quoted text -
> - Show quoted text -
