Re: [Phpwiki-talk] Authentication puzzles

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Monday 07 September 2009 08:39, Massimiliano Pagani wrote:

> Hi Antony,
>     I am not an expert, but it seems that you edit a config file while
> your phpWiki reads another one. Make sure you are editing (path to
> phpWiki)/config/config.ini.

That is a symbolic link to /etc/phpwiki/config/ini on this Debian machine.

Therefore there is only one file.  I can be fairly sure I am editing the 
correct file because I see the new name I gave the wiki in that config file 
when I access the web server.

> Also, though it doesn't hurt, it shouldn't be needed a complete apache
> restart since the config.ini file is read at every HTTP access. 

Ah, thanks, I wasn't sure what, if anything, I needed to do after changing 
this file to make it take effect.

I must say that reading and parsing a plaintext config file on every single 
HTTP access seems worryingly inefficient, though...

> On Sun, Sep 6, 2009 at 3:02 PM, Antony Stone wrote:
> > Hi.
> >
> > I'm trying to use PHPwiki on a Debian Etch machine and having problems
> > with authentication.
> >
> > It's Debian Etch (which I can't upgrade to Lenny for unrelated hardware
> > reasons), which gives me PHPwiki version 1.3.12p3-5etch1.
> >
> > I'm using Apache 1.3.34, and MySQL 5.0.32 as the backend database, and
> > it's a fresh install of the phpwiki package, with only the changes noted
> > below.
> >
> >
> > I have two problems:
> >
> > 1. I want to operate this Wiki so that only authorised users can access
> > it (both for reading and for writing) - it's basically a collaborative
> > development tool which needs to be on the Internet to allow access for
> > diversely located people, but we don't want it to be wide open and
> > publicly visible or editable.  Therefore I have followed the instructions
> > in config.ini to require passwords for login:
> >
> > ; True User Authentication:
> > ; To require user passwords:
> > ;   ALLOW_ANON_USER = false
> > ;   ALLOW_ANON_EDIT = false
> > ;   ALLOW_BOGO_LOGIN = false,
> > ;   ALLOW_USER_PASSWORDS = true.
> > ; Otherwise any anon or bogo user might login without any or a wrong
> > password.
> >
> > I have set all four variable to the required values and restarted Apache,
> > and yet it is still possible to log in with a random username and no
> > password (ie: a Bogo login).  How do I get the functionality as
> > documented - True User Authentication?  Do I need to reset / reconfigure
> > / restart something else after changing the config.ini file?
> >
> >
> > 2. I cannot create an Admin user and log in as such.  If I
> > edit /etc/phpwiki/config.ini and set:
> >
> > ADMIN_USER = Admin
> > ADMIN_PASSWD = Admin
> >
> > (and restart Apache afterwards just in case) then when I go to the URL of
> > my Wiki site, I now get:
> >
> > Fatal Error:
> > lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update
> > your configuration.
> > lib/IniConfig.php:221: Notice: missing config setting for ADMIN_USER
> > (...repeated 2 times)
> > lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update
> > your configuration.
> >
> > So, in config.ini, I have ADMIN_USER set, therefore this error message
> > makes no sense.  What should I check instead?
> >
> >
> >
> > I hope someone can help with either / both of these problems.
> >
> > Please let me know if further data on the setup would be helpful.
> >
> >
> > Regards,
> >
> >
> > Antony Stone.

-- 
"I estimate there's a world market for about five computers."

 - Thomas J Watson, Chairman of IBM

                                                     Please reply to the list;
                                                           please don't CC me.