From: Chr. v. S. <st...@ma...> - 2004-01-27 22:10:42
|
Hi! Eighter I'm pretty dumb tonight or something is wrong with creating a new user in the Wiki? Wanting to comment on an error in the new script for debugging regexps, I tried to edit with a NEW Name ('stucki') and a password (to be created I thought), and all I get is: PHP Warnings lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost Somethig broken? Curious, Stucki -- Christoph von Stuckrad * * |nickname |<st...@ma...>\ Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459| Fachbereich Mathematik, EDV|\ *|if online|Tel(else):+49 30 77 39 6600| Arnimallee 2-6/14195 Berlin* * |on IRCnet|Fax(alle):+49 30 838-75454/ |
From: Reini U. <ru...@x-...> - 2004-01-27 22:44:54
|
Chr. von Stuckrad schrieb: > Eighter I'm pretty dumb tonight or something > is wrong with creating a new user in the Wiki? > > Wanting to comment on an error in the new script > for debugging regexps, > I tried to edit with a NEW Name ('stucki') and > a password (to be created I thought), and all > I get is: > > PHP Warnings > lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost > Somethig broken? Maybe. But maybe you defined ALLOW_LDAP_LOGIN but didn't provide the other LDAP settings or services. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: AltGrendel <alt...@ex...> - 2004-01-30 13:17:58
|
On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote: > Hi! > > Eighter I'm pretty dumb tonight or something > is wrong with creating a new user in the Wiki? > > Wanting to comment on an error in the new script > for debugging regexps, > I tried to edit with a NEW Name ('stucki') and > a password (to be created I thought), and all > I get is: > > PHP Warnings > lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost > > Somethig broken? > > Curious, Stucki Shouldn't be. As the administrator of the exit0.us wiki, I think I can safely state that there is no password authentication enabled. I have noticed that there are some users that are having problems creating home pages. Is there a minimum character limit on the name of a user's page? For example, it won't let you create a page for Bob(3 characters) but it will for Robert(6 characters). I'm not tying to hijack this thread because I've had other users complain of the same basic thing. They try to create a user page but get an "Invalid UserID or password" message. I've tried to check the archives for this but haven't found anything. -- AltGrendel <alt...@ex...> |
From: Reini U. <ru...@x-...> - 2004-01-30 15:29:32
|
AltGrendel schrieb: > On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote: >>Eighter I'm pretty dumb tonight or something >>is wrong with creating a new user in the Wiki? >> >>Wanting to comment on an error in the new script >>for debugging regexps, >>I tried to edit with a NEW Name ('stucki') and >>a password (to be created I thought), and all >>I get is: >> >>PHP Warnings >>lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server localhost >> >>Somethig broken? >>Curious, Stucki > > Shouldn't be. As the administrator of the exit0.us wiki, I think I can > safely state that there is no password authentication enabled. > > I have noticed that there are some users that are having problems > creating home pages. Is there a minimum character limit on the name of a > user's page? For example, it won't let you create a page for Bob(3 > characters) but it will for Robert(6 characters). No, no char limit on the username. from 1.3.8 on one can set a password char limit. > I'm not tying to hijack this thread because I've had other users > complain of the same basic thing. They try to create a user page but get > an "Invalid UserID or password" message. I've tried to check the > archives for this but haven't found anything. Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old): On REQUIRE_SIGNIN_BEFORE_EDIT = true: When the given username - password is invalid or not found, it tries the next methods (imap, ldap, ...). If no matching user-passwd pair is found, "Invalid UserID or password" is returned. So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which means that your users must login with a valid WikiWord. Robert and Bob are no valid WikiWords. I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any username is accepted with or withour password. Then the password is only checked if the user has a homepage, where the password is actually stored. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Norberto M. <nu...@me...> - 2004-02-01 11:25:43
|
Hi Reini et al, I've seen several references to passwords (and other preferences) being kept in a user's homepage...but so far I haven't found any documentation on it. a) is there any docs on this...if so, would you mind pointing me in the right direction? b) If there is no such doc...would you mind explaining to all ? I'm happy to translate it all into end-user words if needed c) how does (if at all) this feature relate / link to the new user / group / per page auth features you said you are working on? Running 1.3.4 on FreeBSD / Apache/ mod_php / MySQL, 1.3.7 on win 2k / Apache/ mod_php / MySQL and soon 1.3.7 on Linux & Solaris Thanks!! Beto Reini Urban wrote: > AltGrendel schrieb: > >> On Tue, 2004-01-27 at 17:10, Chr. von Stuckrad wrote: >> >>> Eighter I'm pretty dumb tonight or something >>> is wrong with creating a new user in the Wiki? >>> >>> Wanting to comment on an error in the new script >>> for debugging regexps, >>> I tried to edit with a NEW Name ('stucki') and >>> a password (to be created I thought), and all >>> I get is: >>> >>> PHP Warnings >>> lib/WikiUser.php:229: Warning[512]: Unable to connect to LDAP server >>> localhost >>> >>> Somethig broken? >>> Curious, Stucki >> >> >> Shouldn't be. As the administrator of the exit0.us wiki, I think I can >> safely state that there is no password authentication enabled. >> I have noticed that there are some users that are having problems >> creating home pages. Is there a minimum character limit on the name of a >> user's page? For example, it won't let you create a page for Bob(3 >> characters) but it will for Robert(6 characters). > > > No, no char limit on the username. from 1.3.8 on one can set a > password char limit. > >> I'm not tying to hijack this thread because I've had other users >> complain of the same basic thing. They try to create a user page but get >> an "Invalid UserID or password" message. I've tried to check the >> archives for this but haven't found anything. > > > Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old): > > On REQUIRE_SIGNIN_BEFORE_EDIT = true: > When the given username - password is invalid or not found, it tries > the next methods (imap, ldap, ...). > If no matching user-passwd pair is found, "Invalid UserID or password" > is returned. > > So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), > which means that your users must login with a valid WikiWord. Robert > and Bob are no valid WikiWords. > > I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any > username is accepted with or withour password. Then the password is > only checked if the user has a homepage, where the password is > actually stored. -- Norberto Meijome | numard at meijome dot net "Everything is interesting if you go into it deeply enough." - Richard Feynman |
From: Reini U. <ru...@x-...> - 2004-02-02 05:02:05
|
Norberto Meijome schrieb: > Hi Reini et al, > I've seen several references to passwords (and other preferences) being > kept in a user's homepage...but so far I haven't found any documentation > on it. No? There it is, for a long time now: http://phpwiki.sourceforge.net/phpwiki/UserAuthentication I updated it a week ago to the new scheme, but the old docs for prefs in homepage (which didn't change) are also there. To see it internally see the DebugInfo on any users homepage. Change any UserPreferences and then you see the metadata, exactly the "pref" field, in the page changed. BTW: I keep a blog of my ongoing development at the demo wiki: http://phpwiki.sourceforge.net/demo/ReiniUrban/Kalender > a) is there any docs on this...if so, would you mind pointing me in the > right direction? > b) If there is no such doc...would you mind explaining to all ? I'm > happy to translate it all into end-user words if needed > c) how does (if at all) this feature relate / link to the new user / > group / per page auth features you said you are working on? > > Running 1.3.4 on FreeBSD / Apache/ mod_php / MySQL, 1.3.7 on win 2k / > Apache/ mod_php / MySQL and soon 1.3.7 on Linux & Solaris -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Reini U. <ru...@x-...> - 2004-02-02 13:58:39
|
Norberto Meijome schrieb: > touche, I'll RTFM ...my bad for not looking deep enough ( i assumed the > docs would be part of the distrib) it's as docs/README.phpwiki-auth also in the distrib. but only in the nightly cvs snapshots, since v1.3.8 is not released yet :) > great work !!! -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: AltGrendel <alt...@ex...> - 2004-01-30 16:09:52
|
On Fri, 2004-01-30 at 10:29, Reini Urban wrote: <Snip> > > Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old): > > On REQUIRE_SIGNIN_BEFORE_EDIT = true: > When the given username - password is invalid or not found, it tries the > next methods (imap, ldap, ...). > If no matching user-passwd pair is found, "Invalid UserID or password" > is returned. > > So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which > means that your users must login with a valid WikiWord. Robert and Bob > are no valid WikiWords. > > I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any > username is accepted with or withour password. Then the password is only > checked if the user has a homepage, where the password is actually stored. Here is that section of the original index.php(comments removed): if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', 'false'); if (!defined('ALLOW_HTTP_AUTH_LOGIN')) define('ALLOW_HTTP_AUTH_LOGIN', 'false'); if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', 'true'); if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT')) define('REQUIRE_SIGNIN_BEFORE_EDIT', 'false'); ------------------------------------------- I believe that this is correct according to what you're saying. Is there some other section or file that could be controlling this? And do you think an upgrade to 1.3.8b fix this? -- AltGrendel <alt...@ex...> |
From: AltGrendel <alt...@ex...> - 2004-01-30 21:31:27
|
On Fri, 2004-01-30 at 10:57, AltGrendel wrote: > On Fri, 2004-01-30 at 10:29, Reini Urban wrote: > > <Snip> > > > > > Old Auth Scheme (1.3.4 - 1.3.8) and new auth scheme (auth_policy = old): > > > > On REQUIRE_SIGNIN_BEFORE_EDIT = true: > > When the given username - password is invalid or not found, it tries the > > next methods (imap, ldap, ...). > > If no matching user-passwd pair is found, "Invalid UserID or password" > > is returned. > > > > So it looks like you enabled bogo login (ALLOW_BOGO_LOGIN = true), which > > means that your users must login with a valid WikiWord. Robert and Bob > > are no valid WikiWords. > > > > I suggest to set REQUIRE_SIGNIN_BEFORE_EDIT = false, so that any > > username is accepted with or withour password. Then the password is only > > checked if the user has a homepage, where the password is actually stored. > > Here is that section of the original index.php(comments removed): > > if (!defined('ALLOW_USER_LOGIN')) define('ALLOW_USER_LOGIN', 'false'); > if (!defined('ALLOW_HTTP_AUTH_LOGIN')) define('ALLOW_HTTP_AUTH_LOGIN', 'false'); > if (!defined('ALLOW_BOGO_LOGIN')) define('ALLOW_BOGO_LOGIN', 'true'); > > if (!defined('REQUIRE_SIGNIN_BEFORE_EDIT')) > define('REQUIRE_SIGNIN_BEFORE_EDIT', 'false'); > > ------------------------------------------- > I believe that this is correct according to what you're saying. Is there > some other section or file that could be controlling this? And do you > think an upgrade to 1.3.8b fix this? I Found the answer to my question, it's (?<![[:alnum:]])(?:[[:upper:]][[:lower:]]+){2,}(?![[:alnum:]]) So as you indicated, it would have to be Bob12 to be a valid wiki word, and of course Bob would not be valid. Interesting. -- AltGrendel <alt...@ex...> |