[pmwiki-users] URGENT: Global Password Reset

H. Fox haganfox at gmail.com
Thu Aug 4 21:45:56 CDT 2005

On 8/2/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Mon, Aug 01, 2005 at 10:21:29AM -0400, Ryan D'Baisse wrote:
> >    I am currently running v2.0 beta 19.  Someone has learned the password
> >    that I used for securing private sections of my wiki (the same password
> >    was used for pages, groups, etc.).  I have changed the password within the
> >    configuration file, but need to reset what is stored for the other
> >    resources.  Is this possible?  If so, how?
> A quick solution may be to simply invalidate the compromised
> password(s) entirely:
>     $ForbiddenPasswords = array('secret', 'tanstaafl');
>     if (in_array($ForbiddenPasswords, @$_POST['authpw'))
>       unset($_POST['authpw']);
> This prevents 'secret' and 'tanstaafl' from ever being used as a
> valid authorization password, regardless of what pages may be
> using it.

Rearranged, it works.

## Invalidate particular password(s)
$ForbiddenPasswords = array('secret', 'tanstaafl');
if (in_array(@$_POST['authpw'], $ForbiddenPasswords)) {


More information about the pmwiki-users mailing list