I made this simple code to ask for HTTP authorization when user wants to edit and save a page. Actually the browser would remember user/password throughout the session so the user will not be asked again when saving page.

HOWEVER one must CLOSE THE BROWSER to end a session.

To use it just put the code below in config.php. Of course you need a MySQL table or simply an array for username/password.

if ($action == 'edit' || $action == 'save') {
	/* from http://tw2.php.net/features.http-auth */
	if (!isset($_SERVER['PHP_AUTH_USER'])) {
		header('WWW-Authenticate: Basic realm="Editing Requires Authorization"');
		header('HTTP/1.0 401 Unauthorized');
		/* something to do/say when user clicks cancel. 
		   WARNING: header('Location') WILL NOT WORK so stop trying */
		exit;
	} else {
		/* checks password from a mysql database. */
		$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
		if (!$link) { die('Could not connect: ' . mysql_error()); }
		mysql_select_db(DB_NAME);
		$result = mysql_query("SELECT `user_pass` "
			. "FROM `cr_users` "
			. "WHERE `user_login` = '". $_SERVER['PHP_AUTH_USER'] ."'AND `user_level` >=1 "
			. "LIMIT 1;");
		$row = mysql_fetch_row($result);
		if (mysql_num_rows($result) == 0 || md5($_SERVER['PHP_AUTH_PW']) != $row[0]) {
			header("Location: ". viewURL($page));
			exit;
		} else {
			$UserName = $_SERVER['PHP_AUTH_USER'];
		}
		/* end password check */
	}
	/* end http auth. */
}

It is possible to alter the first if to something else e.g. if ($page == 'Private'). Just do it with whatever you want then.

Remember, you can always lock a page in admin, or use .htaccess to lock entire wiki :-).

[timdream] -- my website.