Menu
▾
▴
phpwiki-talk
|
From: Tara S. <te...@cl...> - 2001-11-09 19:17:13
|
http://tara.scdi.org/wiki/admin.php won't load. The wiki is in a=20 .htpasswd protected directory (username: guest, password: star). Any ideas? browser status bar switches back and forth from connecting to...=20 connected... transferring... connecting... connected... transferring... Tara --=20 Je r=E9ponds au mieux de mes connaissances Climb to the Stars! - http://climbtothestars.org/ no tables: http://climbtothestars.org/coding/tableless/ Pompeurs Associ=E9s - http://pompage.net/ |
|
From: Jeff D. <da...@da...> - 2001-11-09 19:54:03
|
On Fri, 09 Nov 2001 20:13:32 +0100 "Tara Star" <te...@cl...> wrote: > http://tara.scdi.org/wiki/admin.php won't load. The wiki is in a > .htpasswd protected directory (username: guest, password: star). Oh. Yes. PhpWiki's authentication does not mix well with server handled HTTP authentication. You are just hitting all the problems, aren't you? :-) For 1.2.x, I think the solution is to edit admin.php, and delete or comment out the $adminpasswd checks. Change: if (empty($wikiadmin) || empty($adminpasswd)) { to if (empty($wikiadmin) /* || empty($adminpasswd) */) { And: if (($PHP_AUTH_USER != $wikiadmin ) || ($PHP_AUTH_PW != $adminpasswd)) { to if (($PHP_AUTH_USER != $wikiadmin ) /* || ($PHP_AUTH_PW != $adminpasswd)*/ ) { Also set $wikiadmin to the username who you'd like to grant admin privileges to. I think (but I'm not certain --- so this might be a security problem) that as long as apache is doing the authentication, $PHP_AUTH_USER will always be set the the authentication user name. For 1.3.x, at this point the solution is basically the same, except you have to edit lib/WikiUser.php. Comment out or delete line 148: if (!empty($passwd) && $passwd == ADMIN_PASSWD) (but leave the next line intact.) At line 160, change: if (!defined('ADMIN_USER') || !defined('ADMIN_PASSWD') || ADMIN_USER == '' || ADMIN_PASSWD =='') { to if (!defined('ADMIN_USER') /* || !defined('ADMIN_PASSWD') */ || ADMIN_USER == '' /* || ADMIN_PASSWD =='' */) { And, as before, set ADMIN_USER (in index.php) to be the username to whom you want to grant administrative privs. (I haven't tested this hack with 1.3.x, so if you have trouble, let me know.) (At some point, we'll stop using HTTP authenication to gather the username/passwd, and this problem will go away. But we're not there yet.) |
|
From: Tara S. <te...@cl...> - 2001-11-09 20:19:30
|
Jeff Dairiki wrote: [snip] > Oh. Yes. PhpWiki's authentication does not mix well with=20 > server handled HTTP authentication. >=20 > You are just hitting all the problems, aren't you? :-) I'm a specialist ;) > For 1.2.x, I think the solution is to edit admin.php, and > delete or comment out the $adminpasswd checks. [snip] done, it works. Thanks! > For 1.3.x, at this point the solution is basically the same, > except you have to edit lib/WikiUser.php. [snip] Actually, I'm not going to password-protect 1.3 - just curious, is there=20 a way to "force" contributers to sign in with a UserName before editing=20 a page? --=20 Je r=E9ponds au mieux de mes connaissances Climb to the Stars! - http://climbtothestars.org/ no tables: http://climbtothestars.org/coding/tableless/ Pompeurs Associ=E9s - http://pompage.net/ |
|
From: Jeff D. <da...@da...> - 2001-11-09 20:35:24
|
On Fri, 09 Nov 2001 21:15:47 +0100 "Tara Star" <te...@cl...> wrote: > is there > a way to "force" contributers to sign in with a UserName before editing > a page? Not currently. It wouldn't be hard to hack in such a feature, but it doesn't buy you much, since people can sign in with any name they chose. I'm not going to mess with it until user auth gets more done --- and at that point, I think it's not really a useful feature, since then you'd probably rather someone sign in as a real registered user (registering first if necessary). |
|
From: Tara S. <te...@cl...> - 2001-11-09 21:13:18
|
Jeff Dairiki wrote: > On Fri, 09 Nov 2001 21:15:47 +0100 > "Tara Star" <te...@cl...> wrote: >=20 >=20 >>is there=20 >>a way to "force" contributers to sign in with a UserName before editing= =20 >>a page? >> >=20 > Not currently. It wouldn't be hard to hack in such a feature, > but it doesn't buy you much, since people can sign in with any > name they chose. I'm not going to mess with it until=20 > user auth gets more done --- and at that point, I think it's > not really a useful feature, since then you'd probably=20 > rather someone sign in as a real registered user (registering > first if necessary). I don't mind the fact they can choose any name. It's just that if I=20 remember well, the diff page will not put the name of the "modifier"=20 unless he/she logged in. That's why I want people to log in. When they=20 do, they'll use their name, that's not my worry. see what I mean? it's not nice to see a list of ips next to recent=20 changes ;) I don't need a password or security thing - maybe just a=20 cookie, yeah, that would be nice. A cookie :) --=20 Je r=E9ponds au mieux de mes connaissances Climb to the Stars! - http://climbtothestars.org/ no tables: http://climbtothestars.org/coding/tableless/ Pompeurs Associ=E9s - http://pompage.net/ |
|
From: Jeff D. <da...@da...> - 2001-11-09 21:30:47
|
On Fri, 09 Nov 2001 22:09:31 +0100
"Tara Star" <te...@cl...> wrote:
> see what I mean? it's not nice to see a list of ips next to recent
> changes ;) I don't need a password or security thing - maybe just a
> cookie, yeah, that would be nice. A cookie :)
This patch to templates/browse.html will make it so that the user won't
see an 'Edit' button unless he's signed in. (Beware that it's not
secure: by entering a suitable URL manually, one can still edit a page
without being signed in.)
Cookies are coming some time.
--- cvs.100/templates/browse.html Fri, 14 Sep 2001 13:12:37 -0700 dairiki
(phpwiki/6_browse.htm 1.1.1.1.1.1.1.1.2.1.1.10.1.3.1.14 644)
+++ cvs.100(w)/templates/browse.html Fri, 09 Nov 2001 13:21:54 -0800
dairiki (phpwiki/6_browse.htm 1.1.1.1.1.1.1.1.2.1.1.10.1.3.1.14 644)
@@ -67,6 +67,9 @@
<table class="toolbar" width="100%"
cellpadding=0 cellspacing=0 border=0><tr valign="baseline">
<td>
+ <?php if (!$user->is_authenticated()) { ?>
+ Please sign in before editing.
+ <?php } else { ?>
<?php if ($page->get('locked') && !$user->is_admin()) { ?>
Page locked
<?php } else { ?>
@@ -76,6 +79,7 @@
<a class="wikiaction" href="${ACTION}edit&version=${VERSION}"
>Edit old revision</a>
<?php } ?>
+ <?php } ?>
<?php } ?>
<?php if ($user->is_admin()) { ?>
<?php if ($page->get('locked')) { ?>
|
|
From: Gary B. <ga...@in...> - 2001-11-10 14:32:36
|
On Fri, 9 Nov 2001, Tara Star wrote: > Jeff Dairiki wrote: > > > On Fri, 9 Nov 2001, Tara Star wrote: > > > > > is there a way to "force" contributers to sign in with a UserName > > > before editing a page? > > > > Not currently. It wouldn't be hard to hack in such a feature, > > but it doesn't buy you much, since people can sign in with any > > name they chose. I'm not going to mess with it until > > user auth gets more done --- and at that point, I think it's > > not really a useful feature, since then you'd probably > > rather someone sign in as a real registered user (registering > > first if necessary). > > > I don't mind the fact they can choose any name. It's just that if I > remember well, the diff page will not put the name of the "modifier" > unless he/she logged in. That's why I want people to log in. When they > do, they'll use their name, that's not my worry. > > see what I mean? it's not nice to see a list of ips next to recent > changes ;) I don't need a password or security thing - maybe just a > cookie, yeah, that would be nice. A cookie :) Cookies are what I use for the GtmWiki (http://inauspicious.org/gtmwiki/); I never contributed the patch back since a) it is for 1.2, and b) some config data is hardcoded in one of the files, and I couldn't think of a cunning way to get it out. Maybe if I do then I will... Gary [ ga...@in... ][ GnuPG 85A8F78B ][ http://inauspicious.org/ ] |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X