A patch against midgard-php-1.2.5 is available at http://www.iris-advies.com/php/Emile.Heyns/midgard-php-1.2.5-setuid.patch that alters the mgd_auth_midgard function in three ways: - the function returns true or false to indicate if the authentication succeeded - an optional second boolean parameter, which defaults to true in order to preserve existing semantics, indicates whether to send a MidgardLogin cookie to the user - empty usernames are allowed to anonimize the user When offering self-registration features you could use sth. like if (mgd_auth_midgard($groupuser, $groupuserpassword, 0)) { /* add user here */ if (! mgd_auth_midgard($newuser, $newpassword, 0)) { /* exit or whatever */ } } else { /* whatever */ } It is not necesary to use the admin user for this. Any user with sufficient priviliges to add users will do. I also highly recommend changing back to the original user or the new user once the privileges are no longer required. I've tested this and it seems to work, but as this touches on security I'd appreciate it of some others would give this a spin before I check this into the main release. Emile -- This is The Midgard Project's mailing list. For more information, please visit the project's web site at http://www.midgard-project.org To unsubscribe the list, send an empty email message to address [EMAIL PROTECTED]
