[pmwiki-users] Passwords

pmwiki at 911networks.com pmwiki at 911networks.com
Tue May 30 19:26:36 CDT 2006

Patrick R. Michaud wrote:
  > While it could be a problem with crypt or encryption, usually
  repeated requests for a password indicate a problem with session
> handling or url redirects in the webserver.

Could very well be.

Here is the Sessiom section of the php.ini

session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = 

and here is the httpd.conf

ServerRoot "/opt/lampp"
Listen 80

LoadModule php4_module        modules/libphp4.so
LoadModule php5_module        modules/libphp5.so

<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
User nobody
Group nogroup

ServerName localhost

DocumentRoot "/opt/lampp/htdocs"

<Directory />
     Options FollowSymLinks
     AllowOverride None

<Directory "/opt/lampp/htdocs">
     Options Indexes FollowSymLinks ExecCGI Includes
     AllowOverride All
     Order allow,deny
     Allow from all

<IfModule dir_module>
     DirectoryIndex index.html index.html.var index.php 
index.php3 index.php4

<FilesMatch "^\.ht">
     Order allow,deny
     Deny from all

ErrorLog logs/error_log
LogLevel warn

<IfModule alias_module>
     ScriptAlias /cgi-bin/ "/opt/lampp/cgi-bin/"

<Directory "/opt/lampp/cgi-bin">
     AllowOverride None
     Options None
     Order allow,deny
     Allow from all

DefaultType text/plain

<IfModule mime_module>
     TypesConfig etc/mime.types
     AddType application/x-compress .Z
     AddType application/x-gzip .gz .tgz
     AddHandler cgi-script .cgi .pl
     AddType text/html .shtml
     AddOutputFilter INCLUDES .shtml

EnableMMAP off
EnableSendfile off

> In particular, if there are any url redirects being used to
> access the page, then any passwords being submitted tend to get
> lost in the redirect (which is why "disable clean urls" is a
> common recommendation).

Done: $EnablePathInfo = 0;  No difference

> You might try explicitly setting $ScriptUrl in the local/config.php
> file.  If that doesn't work, is there a url I could look at?

$ScriptUrl = '';

Did not help. Thanks for offering to actually look at it, but I 
can't give you access, it's an internal server and I don't 
control the router firewall, Port 80 is redirected to another 
[public] webserver.
> Also, try accessing pmwiki.php with ?action=diag -- what value
> is being reported for 'DefaultPasswords'?

     [DefaultPasswords] => Array
             [admin] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0
             [read] =>
             [edit] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0
             [attr] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0


More information about the pmwiki-users mailing list