Re: [Phpwiki-talk] admin.php 1.2.1 problem

[Jeff D. <da...@da...>]

On Fri, 09 Nov 2001 20:13:32 +0100
"Tara Star" <te...@cl...> wrote:

> http://tara.scdi.org/wiki/admin.php won't load. The wiki is in a 
> .htpasswd protected directory (username: guest, password: star).


Oh.  Yes.   PhpWiki's authentication does not mix well with 
server handled HTTP authentication.

You are just hitting all the problems, aren't you?  :-)

For 1.2.x, I think the solution is to edit admin.php, and
delete or comment out the $adminpasswd checks.

Change:
   if (empty($wikiadmin) || empty($adminpasswd)) {
to
   if (empty($wikiadmin) /* || empty($adminpasswd) */) {

And:
   if (($PHP_AUTH_USER != $wikiadmin  )  ||
       ($PHP_AUTH_PW   != $adminpasswd)) {
to
   if (($PHP_AUTH_USER != $wikiadmin  )  /* ||
       ($PHP_AUTH_PW   != $adminpasswd)*/ ) {

Also set $wikiadmin to the username who you'd like to grant admin
privileges to.  I think (but I'm not certain --- so this might be
a security problem) that as long as apache is doing the authentication,
$PHP_AUTH_USER will always be set the the authentication user name.


For 1.3.x, at this point the solution is basically the same,
except you have to edit lib/WikiUser.php.

Comment out or delete line 148:
            if (!empty($passwd) && $passwd == ADMIN_PASSWD)
(but leave the next line intact.)

At line 160, change:
        if (!defined('ADMIN_USER') || !defined('ADMIN_PASSWD')
            || ADMIN_USER == '' || ADMIN_PASSWD =='') {
to
        if (!defined('ADMIN_USER') /* || !defined('ADMIN_PASSWD') */
            || ADMIN_USER == '' /* || ADMIN_PASSWD =='' */) {

And, as before, set ADMIN_USER (in index.php) to be the username
to whom you want to grant administrative privs.

(I haven't tested this hack with 1.3.x, so if you have trouble,
let me know.)  

(At some point, we'll stop using HTTP authenication to gather
the username/passwd, and this problem will go away.  But we're
not there yet.)