[Phpwiki-talk] User Authorization and Page File Creation for non-existent pages

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Good Morning!

A follow-up and a new question:

1. I'm still having trouble determining how to grant write access to
authorized users.

I'm using the File method for user authorization.

USER_AUTH_ORDER = "File"

The description from config.ini is:
File:          Store username:crypted-passwords in .htaccess like files.
               Use Apache's htpasswd to manage this file.

This implies to me that is an ".htaccess like file" and not .htaccess
itself. What is the name of this file, and where is it located? I could
then use htpasswd on it to allow users to edit the wiki.

2. People appear to be attempting to break into the system by attempting
to access pages that do not exist. Each one of these attempted access
creates a new file. For example, here is one of several new files this
morning:

/home/harold/BhWikiData/page_data/http%3A%2F%2Fejdarc.venissieux.free.fr%2Fa_virer_joomla%2Fimages%2Ffbfiles%2Fimages%2Fcache.txt%3F

I have tried making the files read only until I am updating the wiki, but
this gives those reading the wiki errors since the access of the page
cannot be recorded in the page file.

To deal with this so far, I have done a dump of all pages, move all the
existing files to a backup directory, then do a restore. If it looks good,
I then delete the backup directory.

Is there a way to prevent this file creation when someone tries to access
a page that does not exist?

THANKS!

Harold
http://bh.hallikainen.org/

> Hello Harold,
> The .htaccess file is a file used by Apache to protect a directory and
its
> subdirectories.
> For PhpWIki, you find find an .htaccess file in the root directory and
in
> some of the subdirectories.
> You should adapt their content to your needs.
> Best regards,
> Marc-Etienne
> -----Original Message-----
> From: Harold Hallikainen [mailto:ha...@ha...]
> Sent: Tuesday, May 15, 2018 11:41 PM
> To: Discussion on PhpWiki features, bugs, development.
> <php...@li...>
> Subject: [Phpwiki-talk] User Authorization - resend from different email
I'm using the File method for user authorization.
> USER_AUTH_ORDER = "File"
> The description from config.ini is:
>  File:          Store username:crypted-passwords in .htaccess like
files.
> ;                  Use Apache's htpasswd to manage this file.
> What is the name of this file, and where is it located?
> THANKS!
> Harold
> --
> FCC Rules Updated Daily at http://www.hallikainen.com Not sent from an
iPhone.
> ------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging
tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk

-- 
FCC Rules Updated Daily at http://www.hallikainen.com
Not sent from an iPhone.