Re: [Phpwiki-talk] PhpWiki internal authentication mechanism?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Robert Dodier schrieb:
> I have another security-related question. This mailing list 
> doesn't appear to be archived, and reading through the FAQ,
> change log, and index.php, I wasn't able to resolve this 
> question, so here it is.
> 
> How does one set up PhpWiki internal authentication?
> (Assuming that there is such a thing.) 
> 
> I've tried some permutations of the settings in index.php --
> specifically ALLOW_USER_LOGIN, ALLOW_BOGO_LOGIN, and
> REQUIRE_SIGNIN_BEFORE_EDIT. It seems that setting these to
> true, false, and true, respectively, would invoke authentication.
> But how are usernames and passwords assigned? I don't see
> a "Create User" or whatever on the wiki administration page.
> 
> Can username/password pairs be created by some MySQL commands?
> There are some comments about that in index.php, but they
> seem to apply specifically to IMAP authentication.

the code in index.php relates to the upcoming auth code which is 
currently rewritten.

the current version supports:
   internal auth: ALLOW_BOGO_LOGIN and REQUIRE_SIGNIN_BEFORE_EDIT
   external auth: LDAP, IMAP

REQUIRE_SIGNIN_BEFORE_EDIT stores the password either in the cookie or 
the metadata of the users homepage. (if it exists)
ALLOW_BOGO_LOGIN asks for no password, it just requires that the 
username is valid wikiword. then access is granted.

the upcoming release will supports more external auth and preferences:
   http auth, database, files.

> I'm trying to figure out a simple scheme for assigning
> usernames and passwords. Any advice that you might have is
> greatly appreciated. PhpWiki rocks! Thanks for creating
> such a great project.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/