Menu
▾
▴
phpwiki-talk
|
From: Antony S. <Ant...@ph...> - 2009-09-06 13:02:35
|
Hi.
I'm trying to use PHPwiki on a Debian Etch machine and having problems with
authentication.
It's Debian Etch (which I can't upgrade to Lenny for unrelated hardware
reasons), which gives me PHPwiki version 1.3.12p3-5etch1.
I'm using Apache 1.3.34, and MySQL 5.0.32 as the backend database, and it's a
fresh install of the phpwiki package, with only the changes noted below.
I have two problems:
1. I want to operate this Wiki so that only authorised users can access it
(both for reading and for writing) - it's basically a collaborative
development tool which needs to be on the Internet to allow access for
diversely located people, but we don't want it to be wide open and publicly
visible or editable. Therefore I have followed the instructions in
config.ini to require passwords for login:
; True User Authentication:
; To require user passwords:
; ALLOW_ANON_USER = false
; ALLOW_ANON_EDIT = false
; ALLOW_BOGO_LOGIN = false,
; ALLOW_USER_PASSWORDS = true.
; Otherwise any anon or bogo user might login without any or a wrong password.
I have set all four variable to the required values and restarted Apache, and
yet it is still possible to log in with a random username and no password
(ie: a Bogo login). How do I get the functionality as documented - True User
Authentication? Do I need to reset / reconfigure / restart something else
after changing the config.ini file?
2. I cannot create an Admin user and log in as such. If I
edit /etc/phpwiki/config.ini and set:
ADMIN_USER = Admin
ADMIN_PASSWD = Admin
(and restart Apache afterwards just in case) then when I go to the URL of my
Wiki site, I now get:
Fatal Error:
lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update your
configuration.
lib/IniConfig.php:221: Notice: missing config setting for ADMIN_USER
(...repeated 2 times)
lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update your
configuration.
So, in config.ini, I have ADMIN_USER set, therefore this error message makes
no sense. What should I check instead?
I hope someone can help with either / both of these problems.
Please let me know if further data on the setup would be helpful.
Regards,
Antony Stone.
--
Most people are aware that the Universe is big.
- Paul Davies, Professor of Theoretical Physics
Please reply to the list;
please don't CC me.
|
|
From: Massimiliano P. <ma...@gm...> - 2009-09-07 07:40:07
|
Hi Antony,
I am not an expert, but it seems that you edit a config file while
your phpWiki reads another one. Make sure you are editing (path to
phpWiki)/config/config.ini. Also, though it doesn't hurt, it shouldn't
be needed a complete apache restart since the config.ini file is read
at every HTTP access.
Hope this helps.
Bye
Massimiliano Pagani
http://www.maxpagani.org/
On Sun, Sep 6, 2009 at 3:02 PM, Antony
Stone<Ant...@ph...> wrote:
> Hi.
>
> I'm trying to use PHPwiki on a Debian Etch machine and having problems with
> authentication.
>
> It's Debian Etch (which I can't upgrade to Lenny for unrelated hardware
> reasons), which gives me PHPwiki version 1.3.12p3-5etch1.
>
> I'm using Apache 1.3.34, and MySQL 5.0.32 as the backend database, and it's a
> fresh install of the phpwiki package, with only the changes noted below.
>
>
> I have two problems:
>
> 1. I want to operate this Wiki so that only authorised users can access it
> (both for reading and for writing) - it's basically a collaborative
> development tool which needs to be on the Internet to allow access for
> diversely located people, but we don't want it to be wide open and publicly
> visible or editable. Therefore I have followed the instructions in
> config.ini to require passwords for login:
>
> ; True User Authentication:
> ; To require user passwords:
> ; ALLOW_ANON_USER = false
> ; ALLOW_ANON_EDIT = false
> ; ALLOW_BOGO_LOGIN = false,
> ; ALLOW_USER_PASSWORDS = true.
> ; Otherwise any anon or bogo user might login without any or a wrong password.
>
> I have set all four variable to the required values and restarted Apache, and
> yet it is still possible to log in with a random username and no password
> (ie: a Bogo login). How do I get the functionality as documented - True User
> Authentication? Do I need to reset / reconfigure / restart something else
> after changing the config.ini file?
>
>
> 2. I cannot create an Admin user and log in as such. If I
> edit /etc/phpwiki/config.ini and set:
>
> ADMIN_USER = Admin
> ADMIN_PASSWD = Admin
>
> (and restart Apache afterwards just in case) then when I go to the URL of my
> Wiki site, I now get:
>
> Fatal Error:
> lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update your
> configuration.
> lib/IniConfig.php:221: Notice: missing config setting for ADMIN_USER
> (...repeated 2 times)
> lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update your
> configuration.
>
> So, in config.ini, I have ADMIN_USER set, therefore this error message makes
> no sense. What should I check instead?
>
>
>
> I hope someone can help with either / both of these problems.
>
> Please let me know if further data on the setup would be helpful.
>
>
> Regards,
>
>
> Antony Stone.
>
> --
> Most people are aware that the Universe is big.
>
> - Paul Davies, Professor of Theoretical Physics
>
> Please reply to the list;
> please don't CC me.
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Phpwiki-talk mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwiki-talk
>
|
|
From: Antony S. <Ant...@ph...> - 2009-09-07 09:03:22
|
On Monday 07 September 2009 08:39, Massimiliano Pagani wrote:
> Hi Antony,
> I am not an expert, but it seems that you edit a config file while
> your phpWiki reads another one. Make sure you are editing (path to
> phpWiki)/config/config.ini.
That is a symbolic link to /etc/phpwiki/config/ini on this Debian machine.
Therefore there is only one file. I can be fairly sure I am editing the
correct file because I see the new name I gave the wiki in that config file
when I access the web server.
> Also, though it doesn't hurt, it shouldn't be needed a complete apache
> restart since the config.ini file is read at every HTTP access.
Ah, thanks, I wasn't sure what, if anything, I needed to do after changing
this file to make it take effect.
I must say that reading and parsing a plaintext config file on every single
HTTP access seems worryingly inefficient, though...
> On Sun, Sep 6, 2009 at 3:02 PM, Antony Stone wrote:
> > Hi.
> >
> > I'm trying to use PHPwiki on a Debian Etch machine and having problems
> > with authentication.
> >
> > It's Debian Etch (which I can't upgrade to Lenny for unrelated hardware
> > reasons), which gives me PHPwiki version 1.3.12p3-5etch1.
> >
> > I'm using Apache 1.3.34, and MySQL 5.0.32 as the backend database, and
> > it's a fresh install of the phpwiki package, with only the changes noted
> > below.
> >
> >
> > I have two problems:
> >
> > 1. I want to operate this Wiki so that only authorised users can access
> > it (both for reading and for writing) - it's basically a collaborative
> > development tool which needs to be on the Internet to allow access for
> > diversely located people, but we don't want it to be wide open and
> > publicly visible or editable. Therefore I have followed the instructions
> > in config.ini to require passwords for login:
> >
> > ; True User Authentication:
> > ; To require user passwords:
> > ; ALLOW_ANON_USER = false
> > ; ALLOW_ANON_EDIT = false
> > ; ALLOW_BOGO_LOGIN = false,
> > ; ALLOW_USER_PASSWORDS = true.
> > ; Otherwise any anon or bogo user might login without any or a wrong
> > password.
> >
> > I have set all four variable to the required values and restarted Apache,
> > and yet it is still possible to log in with a random username and no
> > password (ie: a Bogo login). How do I get the functionality as
> > documented - True User Authentication? Do I need to reset / reconfigure
> > / restart something else after changing the config.ini file?
> >
> >
> > 2. I cannot create an Admin user and log in as such. If I
> > edit /etc/phpwiki/config.ini and set:
> >
> > ADMIN_USER = Admin
> > ADMIN_PASSWD = Admin
> >
> > (and restart Apache afterwards just in case) then when I go to the URL of
> > my Wiki site, I now get:
> >
> > Fatal Error:
> > lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update
> > your configuration.
> > lib/IniConfig.php:221: Notice: missing config setting for ADMIN_USER
> > (...repeated 2 times)
> > lib/IniConfig.php:601: Error: ADMIN_USER may not be empty. Please update
> > your configuration.
> >
> > So, in config.ini, I have ADMIN_USER set, therefore this error message
> > makes no sense. What should I check instead?
> >
> >
> >
> > I hope someone can help with either / both of these problems.
> >
> > Please let me know if further data on the setup would be helpful.
> >
> >
> > Regards,
> >
> >
> > Antony Stone.
--
"I estimate there's a world market for about five computers."
- Thomas J Watson, Chairman of IBM
Please reply to the list;
please don't CC me.
|
|
From: Stefan <son...@ba...> - 2009-09-18 08:02:14
|
hi there, one tiny question: My server shows a local time 9:02 am phpwiki and recent changes shows after a fresh edit 8:02 am. All other php programs do show the correct time. Where can i change the global settings for phpwiki to use the servertime or correct time offset. there is no special user settings set. cheers Stefan |
|
From: Antony S. <Ant...@ph...> - 2009-09-09 11:35:54
|
On Sunday 06 September 2009 14:02, Antony Stone wrote:
> ; True User Authentication:
> ; To require user passwords:
> ; ALLOW_ANON_USER = false
> ; ALLOW_ANON_EDIT = false
> ; ALLOW_BOGO_LOGIN = false,
> ; ALLOW_USER_PASSWORDS = true.
> ; Otherwise any anon or bogo user might login without any or a wrong
> password.
>
> I have set all four variables to the required values and restarted Apache,
> and yet it is still possible to log in with a random username and no
> password (ie: a Bogo login). How do I get the functionality as documented
> - True User Authentication? Do I need to reset / reconfigure / restart
> something else after changing the config.ini file?
Is this list really as low-volume as it appears? Since I joined on Sunday
I've seen precisely three postings to it, two of them from me.
Am I asking in the wrong place? Is there somewhere else I can get help on
using PHPwiki?
Any helpful advice gratefully received - I'd really like to be able to use
this software, but in the absence of effective documentation, or somewhere I
can get help when the documentation fails, I'll have to give up and use
something else instead :(
Thanks,
Antony.
--
I conclude that there are two ways of constructing a software design: One way
is to make it so simple that there are _obviously_ no deficiencies, and the
other way is to make it so complicated that there are no _obvious_
deficiences.
- C A R Hoare
Please reply to the list;
please don't CC me.
|
|
From: Reini U. <ru...@x-...> - 2009-09-09 15:35:34
|
2009/9/9 Antony Stone <Ant...@ph...>: > On Sunday 06 September 2009 14:02, Antony Stone wrote: >> ; True User Authentication: >> ; To require user passwords: >> ; ALLOW_ANON_USER = false >> ; ALLOW_ANON_EDIT = false >> ; ALLOW_BOGO_LOGIN = false, >> ; ALLOW_USER_PASSWORDS = true. >> ; Otherwise any anon or bogo user might login without any or a wrong >> password. >> >> I have set all four variables to the required values and restarted Apache, >> and yet it is still possible to log in with a random username and no >> password (ie: a Bogo login). How do I get the functionality as documented >> - True User Authentication? Do I need to reset / reconfigure / restart >> something else after changing the config.ini file? > > Is this list really as low-volume as it appears? Since I joined on Sunday > I've seen precisely three postings to it, two of them from me. > > Am I asking in the wrong place? Is there somewhere else I can get help on > using PHPwiki? Probably not. > Any helpful advice gratefully received - I'd really like to be able to use > this software, but in the absence of effective documentation, or somewhere I > can get help when the documentation fails, I'll have to give up and use > something else instead :( Sorry. I was also out ideas, but now I got one. To me it also looked like Massimiliano said, wrong config.ini. Tell us your USER_AUTH_ORDER These are effective with ALLOW_USER_PASSWORDS If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage" BogoLogin is in use as you observed. -- Reini Urban http://phpwiki.org/ http://murbreak.at/ |
|
From: Antony S. <Ant...@ph...> - 2009-09-09 21:35:40
|
On Wednesday 09 September 2009 16:35, Reini Urban wrote:
> 2009/9/9 Antony Stone <Ant...@ph...>:
> > On Sunday 06 September 2009 14:02, Antony Stone wrote:
> >> ; True User Authentication:
> >> ; To require user passwords:
> >> ; ALLOW_ANON_USER = false
> >> ; ALLOW_ANON_EDIT = false
> >> ; ALLOW_BOGO_LOGIN = false,
> >> ; ALLOW_USER_PASSWORDS = true.
> >> ; Otherwise any anon or bogo user might login without any or a wrong
> >> password.
> >>
> >> I have set all four variables to the required values and restarted
> >> Apache, and yet it is still possible to log in with a random username
> >> and no password (ie: a Bogo login). How do I get the functionality as
> >> documented - True User Authentication? Do I need to reset / reconfigure
> >> / restart something else after changing the config.ini file?
> Tell us your USER_AUTH_ORDER
> These are effective with ALLOW_USER_PASSWORDS
>
> If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage"
> BogoLogin is in use as you observed.
I have not explicitly set USER_AUTH_ORDER (the instructions for getting True
User Authentication don't tell me I need to), therefore I expect the setting
to have the value in /usr/share/phpwiki/config/config-default.ini, which is:
USER_AUTH_ORDER = PersonalPage
Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL
backend database, I'd quite like all the authentication data to be in there
as well)?
Thanks for the reply - it's good to see there's someone else around here :)
Antony.
--
Atheism is a non-prophet-making organisation.
Please reply to the list;
please don't CC me.
|
|
From: Reini U. <ru...@x-...> - 2009-09-10 12:33:49
|
2009/9/9 Antony Stone <Ant...@ph...>: > On Wednesday 09 September 2009 16:35, Reini Urban wrote: > >> 2009/9/9 Antony Stone <Ant...@ph...>: >> > On Sunday 06 September 2009 14:02, Antony Stone wrote: >> >> ; True User Authentication: >> >> ; To require user passwords: >> >> ; ALLOW_ANON_USER = false >> >> ; ALLOW_ANON_EDIT = false >> >> ; ALLOW_BOGO_LOGIN = false, >> >> ; ALLOW_USER_PASSWORDS = true. >> >> ; Otherwise any anon or bogo user might login without any or a wrong >> >> password. >> >> >> >> I have set all four variables to the required values and restarted >> >> Apache, and yet it is still possible to log in with a random username >> >> and no password (ie: a Bogo login). How do I get the functionality as >> >> documented - True User Authentication? Do I need to reset / reconfigure >> >> / restart something else after changing the config.ini file? > >> Tell us your USER_AUTH_ORDER >> These are effective with ALLOW_USER_PASSWORDS >> >> If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage" >> BogoLogin is in use as you observed. > > I have not explicitly set USER_AUTH_ORDER (the instructions for getting True > User Authentication don't tell me I need to), therefore I expect the setting > to have the value in /usr/share/phpwiki/config/config-default.ini, which is: > > USER_AUTH_ORDER = PersonalPage > > Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL > backend database, I'd quite like all the authentication data to be in there > as well)? Yes, please. "USER_AUTH_ORDER = Db" for Mysql auth > Thanks for the reply - it's good to see there's someone else around here :) Most of the developers are rather busy -- Reini Urban http://phpwiki.org/ http://murbreak.at/ |
|
From: Antony S. <Ant...@ph...> - 2009-09-10 17:19:58
|
On Thursday 10 September 2009 13:32, Reini Urban wrote:
> 2009/9/9 Antony Stone <Ant...@ph...>:
> > On Wednesday 09 September 2009 16:35, Reini Urban wrote:
> >> 2009/9/9 Antony Stone <Ant...@ph...>:
> >> > On Sunday 06 September 2009 14:02, Antony Stone wrote:
> >> >> ; True User Authentication:
> >> >> ; To require user passwords:
> >> >> ; ALLOW_ANON_USER = false
> >> >> ; ALLOW_ANON_EDIT = false
> >> >> ; ALLOW_BOGO_LOGIN = false,
> >> >> ; ALLOW_USER_PASSWORDS = true.
> >> >>
> >> >> I have set all four variables to the required values and restarted
> >> >> Apache, and yet it is still possible to log in with a random username
> >> >> and no password (ie: a Bogo login).
> > I have not explicitly set USER_AUTH_ORDER (the instructions for getting
> > True User Authentication don't tell me I need to)
> > Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL
> > backend database, I'd quite like all the authentication data to be in
> > there as well)?
>
> Yes, please. "USER_AUTH_ORDER = Db" for Mysql auth
Thanks, that has created the "Login required" functionality that I needed (I
think it would be good if the docs in the config file said that this is
necessary). I put a username / password into the MySQL 'pref' table by hand,
and I can log in with those credentials.
Now I just need to deal with my other problem - how to allow the Admin user to
log in so that s/he can manage the other user accounts.
I have set
ADMIN_USER = Admin
ADMIN_PASSWD = Admin
in config.ini, but I can't log in with these credentials.
Do I need to manually insert them into the MySQL table as well, so that this
Admin User can then add the other normal accounts?
The documentation is not too clear on how the accounts are managed, and since
I haven't been able to log in as Admin yet, I'm simply assuming that it's
done through the /PhpWikiAdministration page...
Any helpful guidance would be much appreciated.
Thanks,
Antony.
--
In the Beginning there was nothing, which exploded.
- Terry Pratchett
Please reply to the list;
please don't CC me.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X