[pmwiki-users] Passwords

pmwiki at 911networks.com pmwiki at 911networks.com
Tue May 30 19:26:36 CDT 2006 

Patrick R. Michaud wrote:
  > While it could be a problem with crypt or encryption, usually
  repeated requests for a password indicate a problem with session
> handling or url redirects in the webserver.

Could very well be.

Here is the Sessiom section of the php.ini

[Session]
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = 
"a=href,area=href,frame=src,input=src,form=fakeentry"

and here is the httpd.conf

ServerRoot "/opt/lampp"
Listen 80

<IfDefine JUSTTOMAKEAPXSHAPPY>
LoadModule php4_module        modules/libphp4.so
LoadModule php5_module        modules/libphp5.so
</IfDefine>

<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
User nobody
Group nogroup
</IfModule>
</IfModule>

ServerName localhost

DocumentRoot "/opt/lampp/htdocs"

<Directory />
     Options FollowSymLinks
     AllowOverride None
</Directory>

<Directory "/opt/lampp/htdocs">
     Options Indexes FollowSymLinks ExecCGI Includes
     AllowOverride All
     Order allow,deny
     Allow from all
</Directory>

<IfModule dir_module>
     DirectoryIndex index.html index.html.var index.php 
index.php3 index.php4
</IfModule>

<FilesMatch "^\.ht">
     Order allow,deny
     Deny from all
</FilesMatch>

ErrorLog logs/error_log
LogLevel warn

<IfModule alias_module>
     ScriptAlias /cgi-bin/ "/opt/lampp/cgi-bin/"
</IfModule>

<Directory "/opt/lampp/cgi-bin">
     AllowOverride None
     Options None
     Order allow,deny
     Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
     TypesConfig etc/mime.types
     AddType application/x-compress .Z
     AddType application/x-gzip .gz .tgz
     AddHandler cgi-script .cgi .pl
     AddType text/html .shtml
     AddOutputFilter INCLUDES .shtml
</IfModule>

EnableMMAP off
EnableSendfile off


> 
> In particular, if there are any url redirects being used to
> access the page, then any passwords being submitted tend to get
> lost in the redirect (which is why "disable clean urls" is a
> common recommendation).

Done: $EnablePathInfo = 0;  No difference

> 
> You might try explicitly setting $ScriptUrl in the local/config.php
> file.  If that doesn't work, is there a url I could look at?

$ScriptUrl = 'http://192.168.2.20/pmwiki.php';

Did not help. Thanks for offering to actually look at it, but I 
can't give you access, it's an internal server and I don't 
control the router firewall, Port 80 is redirected to another 
[public] webserver.
> 
> Also, try accessing pmwiki.php with ?action=diag -- what value
> is being reported for 'DefaultPasswords'?

     [DefaultPasswords] => Array
         (
             [admin] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0
             [read] =>
             [edit] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0
             [attr] => $1$R5Tw59.F$k8/VPXD3j4emIMbZKH5Zm0
         )


-- 
Thanks

More information about the pmwiki-users mailing list