From: Reini U. <ru...@x-...> - 2009-09-10 12:33:49
|
2009/9/9 Antony Stone <Ant...@ph...>: > On Wednesday 09 September 2009 16:35, Reini Urban wrote: > >> 2009/9/9 Antony Stone <Ant...@ph...>: >> > On Sunday 06 September 2009 14:02, Antony Stone wrote: >> >> ; True User Authentication: >> >> ; To require user passwords: >> >> ; ALLOW_ANON_USER = false >> >> ; ALLOW_ANON_EDIT = false >> >> ; ALLOW_BOGO_LOGIN = false, >> >> ; ALLOW_USER_PASSWORDS = true. >> >> ; Otherwise any anon or bogo user might login without any or a wrong >> >> password. >> >> >> >> I have set all four variables to the required values and restarted >> >> Apache, and yet it is still possible to log in with a random username >> >> and no password (ie: a Bogo login). How do I get the functionality as >> >> documented - True User Authentication? Do I need to reset / reconfigure >> >> / restart something else after changing the config.ini file? > >> Tell us your USER_AUTH_ORDER >> These are effective with ALLOW_USER_PASSWORDS >> >> If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage" >> BogoLogin is in use as you observed. > > I have not explicitly set USER_AUTH_ORDER (the instructions for getting True > User Authentication don't tell me I need to), therefore I expect the setting > to have the value in /usr/share/phpwiki/config/config-default.ini, which is: > > USER_AUTH_ORDER = PersonalPage > > Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL > backend database, I'd quite like all the authentication data to be in there > as well)? Yes, please. "USER_AUTH_ORDER = Db" for Mysql auth > Thanks for the reply - it's good to see there's someone else around here :) Most of the developers are rather busy -- Reini Urban http://phpwiki.org/ http://murbreak.at/ |