Re: [Phpwiki-talk] plain DB auth with 1.3.11cvs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Jim Cheetham schrieb:
> It looks like the shipped config-dist.ini isn't clear enough with the 
> required queries in it for the case of plain-password storage in SQL, in 
> 1.3.11 in cvs.
> 
> The section of comments that holds DBAUTH_AUTH_USER_EXISTS starts with 
> "If you want to use Unix crypt()ed passwords," - however 
> DBAUTH_AUTH_USER_EXISTS is required even if you don't. Of course, I 
> wasn't using crypt, so didn't read that block of code carefully, until I 
> set up a new wiki and got auth errors :-)

Well, in the code I see that DBAUTH_AUTH_USER_EXISTS is only required if
auth_crypt_method != 'crypt'. But I haven't tested it yet.

//NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed

> I suggest that this line is moved up, above the initial "; Check to see 
> if the supplied username/password pair is OK" section.

But if your point is valid, I'll move it up like this:

; USER/PASSWORD queries
;
; For USER_AUTH_POLICY=strict and the Db method this is required:
; DBAUTH_AUTH_USER_EXISTS = "SELECT userid FROM user WHERE userid='$userid'"

TODO: Somewhere in the ini we should also document which options are 
required for ENABLE_USER_NEW=false.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/