PhpWiki

Chr. von Stuckrad schrieb:
> Eighter I'm pretty dumb tonight or something
> is wrong with creating a new user in the Wiki?
> 
> Wanting to comment on an error in the new script
> for debugging regexps,
> I tried to edit with a NEW Name ('stucki') and
> a password (to be created I thought), and all
> I get is:
> 
> PHP Warnings
> lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost
> Somethig broken?

Maybe.
But maybe you defined ALLOW_LDAP_LOGIN but didn't provide the other LDAP 
settings or services.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote:
> Hi!
> 
> Eighter I'm pretty dumb tonight or something
> is wrong with creating a new user in the Wiki?
> 
> Wanting to comment on an error in the new script
> for debugging regexps,
> I tried to edit with a NEW Name ('stucki') and
> a password (to be created I thought), and all
> I get is:
> 
> PHP Warnings
> lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost
> 
> Somethig broken?
> 
> Curious,    Stucki

Shouldn't be. As the administrator of the exit0.us wiki, I think I can
safely state that there is no password authentication enabled. 

I have noticed that there are some users that are having problems
creating home pages. Is there a minimum character limit on the name of a
user's page? For example, it won't let you create a page for Bob(3
characters) but it will for Robert(6 characters).

I'm not tying to hijack this thread because I've had other users
complain of the same basic thing. They try to create a user page but get
an "Invalid UserID or password" message. I've tried to check the
archives for this but haven't found anything.


-- 
AltGrendel <altgrendel@...>

AltGrendel schrieb:
> On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote:
>>Eighter I'm pretty dumb tonight or something
>>is wrong with creating a new user in the Wiki?
>>
>>Wanting to comment on an error in the new script
>>for debugging regexps,
>>I tried to edit with a NEW Name ('stucki') and
>>a password (to be created I thought), and all
>>I get is:
>>
>>PHP Warnings
>>lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost
>>
>>Somethig broken?
>>Curious,    Stucki
> 
> Shouldn't be. As the administrator of the exit0.us wiki, I think I can
> safely state that there is no password authentication enabled. 
> 
> I have noticed that there are some users that are having problems
> creating home pages. Is there a minimum character limit on the name of a
> user's page? For example, it won't let you create a page for Bob(3
> characters) but it will for Robert(6 characters).

No, no char limit on the username. from 1.3.8 on one can set a password 
char limit.

> I'm not tying to hijack this thread because I've had other users
> complain of the same basic thing. They try to create a user page but get
> an "Invalid UserID or password" message. I've tried to check the
> archives for this but haven't found anything.

Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old):

On REQUIRE_SIGNIN_BEFORE_EDIT = true:
When the given username - password is invalid or not found, it tries the 
next methods (imap, ldap, ...).
If no matching user-passwd pair is found, "Invalid UserID or password" 
is returned.

So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which 
means that your users must login with a valid WikiWord. Robert and Bob 
are no valid WikiWords.

I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any 
username is accepted with or withour password. Then the password is only 
checked if the user has a homepage, where the password is actually stored.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

On Fri, 2004-01-30 at 10:29, Reini Urban wrote:

<Snip>

> 
> Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old):
> 
> On REQUIRE_SIGNIN_BEFORE_EDIT = true:
> When the given username - password is invalid or not found, it tries the 
> next methods (imap, ldap, ...).
> If no matching user-passwd pair is found, "Invalid UserID or password" 
> is returned.
> 
> So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which 
> means that your users must login with a valid WikiWord. Robert and Bob 
> are no valid WikiWords.
> 
> I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any 
> username is accepted with or withour password. Then the password is only 
> checked if the user has a homepage, where the password is actually stored.

Here is that section of the original index.php(comments removed):

if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', 'false');
                                                                                                                         if (!defined('ALLOW_HTTP_AUTH_LOGIN')) define('ALLOW_HTTP_AUTH_LOGIN', 'false');
                                                                                                                         if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', 'true');

if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT'))
define('REQUIRE_SIGNIN_BEFORE_EDIT', 'false');

-------------------------------------------
I believe that this is correct according to what you're saying. Is there
some other section or file that could be controlling this? And do you
think an upgrade to 1.3.8b fix this?

-- 
AltGrendel <altgrendel@...>

On Fri, 2004-01-30 at 10:57, AltGrendel wrote:
> On Fri, 2004-01-30 at 10:29, Reini Urban wrote:
> 
> <Snip>
> 
> > 
> > Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old):
> > 
> > On REQUIRE_SIGNIN_BEFORE_EDIT = true:
> > When the given username - password is invalid or not found, it tries the 
> > next methods (imap, ldap, ...).
> > If no matching user-passwd pair is found, "Invalid UserID or password" 
> > is returned.
> > 
> > So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which 
> > means that your users must login with a valid WikiWord. Robert and Bob 
> > are no valid WikiWords.
> > 
> > I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any 
> > username is accepted with or withour password. Then the password is only 
> > checked if the user has a homepage, where the password is actually stored.
> 
> Here is that section of the original index.php(comments removed):
> 
> if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', 'false');
> if (!defined('ALLOW_HTTP_AUTH_LOGIN')) define('ALLOW_HTTP_AUTH_LOGIN', 'false');
> if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', 'true');
> 
> if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT'))
> define('REQUIRE_SIGNIN_BEFORE_EDIT', 'false');
> 
> -------------------------------------------
> I believe that this is correct according to what you're saying. Is there
> some other section or file that could be controlling this? And do you
> think an upgrade to 1.3.8b fix this?

I Found the answer to my question, it's 

(?<![[:alnum:]])(?:[[:upper:]][[:lower:]]+){2,}(?![[:alnum:]])

So as you indicated, it would have to be Bob12 to be a valid wiki word,
and of course Bob would not be valid.

Interesting.

-- 
AltGrendel <altgrendel@...>

Hi Reini et al,
I've seen several references to passwords (and other preferences) being 
kept in a user's homepage...but so far I haven't found any documentation 
on it.

a) is there any docs on this...if so, would you mind pointing me in the 
right direction?
b) If there is no such doc...would you mind explaining to all ? I'm 
happy to translate it all into end-user words if needed
c) how does (if at all) this feature relate / link to the new user / 
group / per page auth features you said you are working on?

Running 1.3.4 on FreeBSD / Apache/ mod_php / MySQL, 1.3.7 on win 2k /  
Apache/ mod_php / MySQL and soon 1.3.7 on Linux & Solaris

Thanks!!
Beto
Reini Urban wrote:

> AltGrendel schrieb:
>
>> On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote:
>>
>>> Eighter I'm pretty dumb tonight or something
>>> is wrong with creating a new user in the Wiki?
>>>
>>> Wanting to comment on an error in the new script
>>> for debugging regexps,
>>> I tried to edit with a NEW Name ('stucki') and
>>> a password (to be created I thought), and all
>>> I get is:
>>>
>>> PHP Warnings
>>> lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server 
>>> localhost
>>>
>>> Somethig broken?
>>> Curious,    Stucki
>>
>>
>> Shouldn't be. As the administrator of the exit0.us wiki, I think I can
>> safely state that there is no password authentication enabled.
>> I have noticed that there are some users that are having problems
>> creating home pages. Is there a minimum character limit on the name of a
>> user's page? For example, it won't let you create a page for Bob(3
>> characters) but it will for Robert(6 characters).
>
>
> No, no char limit on the username. from 1.3.8 on one can set a 
> password char limit.
>
>> I'm not tying to hijack this thread because I've had other users
>> complain of the same basic thing. They try to create a user page but get
>> an "Invalid UserID or password" message. I've tried to check the
>> archives for this but haven't found anything.
>
>
> Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old):
>
> On REQUIRE_SIGNIN_BEFORE_EDIT = true:
> When the given username - password is invalid or not found, it tries 
> the next methods (imap, ldap, ...).
> If no matching user-passwd pair is found, "Invalid UserID or password" 
> is returned.
>
> So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), 
> which means that your users must login with a valid WikiWord. Robert 
> and Bob are no valid WikiWords.
>
> I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any 
> username is accepted with or withour password. Then the password is 
> only checked if the user has a homepage, where the password is 
> actually stored.


-- 
Norberto Meijome | numard at meijome dot net
"Everything is interesting if you go into it deeply enough." - Richard Feynman

Norberto Meijome schrieb:
> Hi Reini et al,
> I've seen several references to passwords (and other preferences) being 
> kept in a user's homepage...but so far I haven't found any documentation 
> on it.

No?
There it is, for a long time now:
   http://phpwiki.sourceforge.net/phpwiki/UserAuthentication
I updated it a week ago to the new scheme, but the old docs for prefs in 
homepage (which didn't change) are also there.

To see it internally see the DebugInfo on any users homepage.
Change any UserPreferences and then you see the metadata, exactly the 
"pref" field, in the page changed.

BTW: I keep a blog of my ongoing development at the demo wiki:
   http://phpwiki.sourceforge.net/demo/ReiniUrban/Kalender

> a) is there any docs on this...if so, would you mind pointing me in the 
> right direction?
> b) If there is no such doc...would you mind explaining to all ? I'm 
> happy to translate it all into end-user words if needed
> c) how does (if at all) this feature relate / link to the new user / 
> group / per page auth features you said you are working on?
> 
> Running 1.3.4 on FreeBSD / Apache/ mod_php / MySQL, 1.3.7 on win 2k /  
> Apache/ mod_php / MySQL and soon 1.3.7 on Linux & Solaris
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

Norberto Meijome schrieb:
> touche, I'll RTFM ...my bad for not looking deep enough ( i assumed the 
> docs would be part of the distrib)

it's as docs/README.phpwiki-auth also in the distrib. but only in the 
nightly cvs snapshots, since v1.3.8 is not released yet :)

> great work !!!
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/