Menu
▾
▴
Re: [Phpwiki-talk] security not working
|
From: Reini U. <ru...@x-...> - 2005-11-01 18:36:23
|
I have an idea. I've only changed one single bit resp. I accepted a patch which changed it. lib/main.php Revision 1.217 2005/09/18 12:44:00 rurban novatrope patch to let only _AUTHENTICATED view pages 2005/11/1, Charles Corrigan <ch...@ru...>: > I recently upgraded the site I administer to 1.3.11p1 - see http://www.ru= negate.org/whitewall/wiki > It appears that the security that I implemented no longer works. For exam= ple, I set the acl on the . page so that only authenticated > users in the groups WhiteWallWriters, Administrators and/or Owner could e= dit a page. However, when I go to the site, my session is > in the state signed but I can still edit and save the front page. > > My (edited) config.ini is below. Any ideas? > > Regards, > Charles > > INCLUDE_PATH =3D "/home/runega2/software/phpwiki" > GOOGLE_LINKS_NOFOLLOW =3D false > WIKI_NAME =3D WhiteWall > ENABLE_REVERSE_DNS =3D true > ADMIN_USER =3D WhiteWallAdmin > ADMIN_PASSWD =3D "xxx" > ENCRYPTED_PASSWD =3D true > ZIPDUMP_AUTH =3D false > ENABLE_RAW_HTML =3D false > ENABLE_RAW_HTML_LOCKEDONLY =3D false > ENABLE_RAW_HTML_SAFE =3D false > STRICT_MAILABLE_PAGEDUMPS =3D true > DEFAULT_DUMP_DIR =3D /home/runega2/whitewall/wikidump > HTML_DUMP_DIR =3D /home/runega2/whitewall/wikidumphtml > HTML_DUMP_SUFFIX =3D .html > MAX_UPLOAD_SIZE =3D 1050000 > MINOR_EDIT_TIMEOUT =3D 604800 > CACHE_CONTROL =3D LOOSE > CACHE_CONTROL_MAX_AGE =3D 600 > COOKIE_EXPIRATION_DAYS =3D 365 > DATABASE_TYPE =3D SQL > DATABASE_PREFIX =3D wwwiki_ > DATABASE_DSN =3D "mysql://xxx:xxx@localhost/runega2_db" > DATABASE_PERSISTENT =3D false > DATABASE_SESSION_TABLE =3D session > DATABASE_DIRECTORY =3D /home/runega2/whitewall/files > DATABASE_DBA_HANDLER =3D gdbm > DATABASE_TIMEOUT =3D 5 > SESSION_SAVE_PATH =3D /home/runega2/whitewall/session > MAJOR_MAX_AGE =3D 32 > MAJOR_KEEP =3D 8 > MINOR_MAX_AGE =3D 7 > MINOR_KEEP =3D 4 > AUTHOR_MAX_AGE =3D 365 > AUTHOR_KEEP =3D 8 > AUTHOR_MIN_AGE =3D 7 > AUTHOR_MAX_KEEP =3D 20 > ALLOW_ANON_USER =3D true > ALLOW_ANON_EDIT =3D false > ALLOW_BOGO_LOGIN =3D false > ALLOW_USER_PASSWORDS =3D true > USER_AUTH_ORDER =3D "Db" > PASSWORD_LENGTH_MINIMUM =3D 6 > USER_AUTH_POLICY =3D first-only > GROUP_METHOD =3D WIKIPAGE > DBAUTH_AUTH_USER_EXISTS =3D "SELECT userid FROM wwwiki_user WHERE userid= =3D'$userid'" > DBAUTH_AUTH_CHECK =3D "SELECT IF(passwd=3DPASSWORD('$password'),1,0) AS o= k FROM wwwiki_user WHERE userid=3D'$userid'" > DBAUTH_AUTH_CRYPT_METHOD =3D plain > DBAUTH_AUTH_UPDATE =3D "UPDATE wwwiki_user SET passwd=3DPASSWORD('$passwo= rd') WHERE userid=3D'$userid'" > DBAUTH_AUTH_CREATE =3D "INSERT INTO wwwiki_user SET passwd=3DPASSWORD('$p= assword'),userid=3D'$userid'" > DBAUTH_PREF_SELECT =3D "SELECT prefs FROM wwwiki_pref WHERE userid=3D'$us= erid'" > DBAUTH_PREF_UPDATE =3D "REPLACE INTO wwwiki_pref SET prefs=3D'$pref_blob'= ,userid=3D'$userid'" > DBAUTH_IS_MEMBER =3D "SELECT userid FROM wwwiki_member WHERE userid=3D'$u= serid' AND groupname=3D'$groupname'" > DBAUTH_GROUP_MEMBERS =3D "SELECT DISTINCT userid FROM wwwiki_member WHERE= groupname=3D'$groupname'" > DBAUTH_USER_GROUPS =3D "SELECT groupname FROM wwwiki_member WHERE userid= =3D'$userid'" > THEME =3D default > CHARSET =3D iso-8859-1 > DEFAULT_LANGUAGE =3D en > PHPWIKI_DIR =3D /home/runega2/software/phpwiki > USE_PATH_INFO =3D true > TEMP_DIR =3D /home/runega2/whitewall/tmp > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. Downl= oad > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Phpwiki-talk mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwiki-talk > -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
