phpwiki-talk

[Phpwiki-talk] User Authtification with phpwiki

[Anderson, S. <SAn...@nt...>]

Hi,

sorry, if this is mentioned in the FAQ or anywhere:
I have a phpwiki-1.3.10 here.
I choosed POP3-Authentification, which works, but i have a problem with =
the config.ini.

I set:
ALLOW_ANON_USER =3D false
ALLOW_ANON_EDIT =3D false
ALLOW_BOGO_LOGIN =3D false,
ALLOW_USER_PASSWORDS =3D true.
Now everybody has to authentificate to see or edit the wiki. Problem =
is: If i authenticate the wiki doesn't remember that. I have to =
authenticate after every action that is taken.=20

If i set: (
ALLOW_ANON_USER =3D true
ALLOW_ANON_EDIT =3D false
ALLOW_BOGO_LOGIN =3D false,
ALLOW_USER_PASSWORDS =3D true
) because i want anonymous reading to be possible, i can edit the Wiki =
even if i'm not authenticated.

Is there something more in config.ini i have to change?

I should mention, that the wiki is also protected via HTTP_Basic_Auth.

Perhaps anybody has some hints for me,

thanks in advance

S=F6ren

Re: [Phpwiki-talk] User Authtification with phpwiki

[Reini U. <ru...@x-...>]

Anderson, Soeren schrieb:
> sorry, if this is mentioned in the FAQ or anywhere:
> I have a phpwiki-1.3.10 here.
> I choosed POP3-Authentification, which works, but i have a problem with the config.ini.
> 
> I set:
> ALLOW_ANON_USER = false
> ALLOW_ANON_EDIT = false
> ALLOW_BOGO_LOGIN = false,
> ALLOW_USER_PASSWORDS = true.
> Now everybody has to authentificate to see or edit the wiki. Problem is: If i authenticate the wiki doesn't remember that. I have to authenticate after every action that is taken. 
> 
> If i set: (
> ALLOW_ANON_USER = true
> ALLOW_ANON_EDIT = false
> ALLOW_BOGO_LOGIN = false,
> ALLOW_USER_PASSWORDS = true
> ) because i want anonymous reading to be possible, i can edit the Wiki even if i'm not authenticated.
> 
> Is there something more in config.ini i have to change?
> I should mention, that the wiki is also protected via HTTP_Basic_Auth.
> 
> Perhaps anybody has some hints for me,

That's not an auth probem, but a session problem.

Maybe our (automatic) HttpAuth should be fixed against session problems. 
I'll test that.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

Re: [Phpwiki-talk] User Authtification with phpwiki

[Arnaud F. <ar...@cr...>]

Le mer 22/09/2004 =E0 17:44, Reini Urban a =E9crit :

> That's not an auth probem, but a session problem.
>=20
> Maybe our (automatic) HttpAuth should be fixed against session problems.=20
> I'll test that.

Another HttpAuth problem is that you can't get Admin privilege ...=20
That's a BIG problem.
--=20
Arnaud Fontaine
Jabber: sh...@ra...
ICQ: 3504789

Re: [Phpwiki-talk] User Authtification with phpwiki

[Reini U. <ru...@x-...>]

Arnaud Fontaine schrieb:
> Le mer 22/09/2004 =E0 17:44, Reini Urban a =E9crit :
>>That's not an auth probem, but a session problem.
>>
>>Maybe our (automatic) HttpAuth should be fixed against session problems=
.=20
>>I'll test that.
>=20
> Another HttpAuth problem is that you can't get Admin privilege ...=20
> That's a BIG problem.

Ah! Good catch.
--=20
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/

Re: [Phpwiki-talk] User Authtification with phpwiki

[Arnaud F. <ar...@cr...>]

Le mar 28/09/2004 =E0 14:39, Reini Urban a =E9crit :
> Arnaud Fontaine schrieb:
> > Le mer 22/09/2004 =E0 17:44, Reini Urban a =E9crit :
> >>That's not an auth probem, but a session problem.
> >>
> >>Maybe our (automatic) HttpAuth should be fixed against session problems=
.=20
> >>I'll test that.
> >=20
> > Another HttpAuth problem is that you can't get Admin privilege ...=20
> > That's a BIG problem.
>=20
> Ah! Good catch.

I've just checked the _HttpAuthPassUser class.

In method userExists() wich is called in the class constructor, you set
the user level to WIKIAUTH_USER ... without checking if the user is
admin.

...
        $this->_level =3D WIKIAUTH_USER;  <---- HERE !!!!
        return $this;
...

hmm ... I'm to lazy to go check the code to find how to correct this ;)
I guess you have to make a _AdminUser object with the login and password
then call the checkPass method ?

--=20
Arnaud Fontaine
Jabber: sh...@ra...
ICQ: 3504789

Re: [Phpwiki-talk] User Authtification with phpwiki

[Reini U. <ru...@x-...>]

Arnaud Fontaine schrieb:
> Le mar 28/09/2004 =E0 14:39, Reini Urban a =E9crit :
>>Arnaud Fontaine schrieb:
>>>Another HttpAuth problem is that you can't get Admin privilege ...=20
>>>That's a BIG problem.
>>
>>Ah! Good catch.
>=20
>=20
> I've just checked the _HttpAuthPassUser class.
>=20
> In method userExists() wich is called in the class constructor, you set
> the user level to WIKIAUTH_USER ... without checking if the user is
> admin.
>=20
> ...
>         $this->_level =3D WIKIAUTH_USER;  <---- HERE !!!!
>         return $this;
> ...
>=20
> hmm ... I'm to lazy to go check the code to find how to correct this ;)
> I guess you have to make a _AdminUser object with the login and passwor=
d
> then call the checkPass method ?

Unfortunately, because he can also be a member of the admin group.
I'll test a better solution.

--=20
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/