[pmwiki-users] more on action=login not grok admin

[Tegan Dowling]

On 11/16/06, Russ Fink <russfink at hotmail.com> wrote:
> I'm writing some conditional markup, and realized that authid is true for
> any legitimate user authenticated /except/ admin.  To that end, I find I
> need to put "[ auth admin || authid ]" in all (:if:) clauses where I think I
> should just be able to get away with "(:if authid:)".
>
> I still have the following problem.  Per some suggestions, I moved the
> authuser.php after I set all my passwords, and that didn't change anything.
> I tried using "Admin" instead of "admin," no change.  Finally, one user
> suggested that this problem was asked in July, and the asker received some
> code for it.  Can someone e-mail me that fix, and better, can that just get
> committed into the main distro?
>
> Here is my message again.
>
> User "admin" not accepted by ?action=login for any page, under Pmwiki
> version 2.1.26, using AuthUser.
>
> Steps:
>
>    1. Configure system for AuthUser. Create a couple of users, and a group
> "@admins" that includes the users. For instance, create "russ" and put him
> in the @admins group.
>    2. Set up site-wide default passwords to "@admins" group in the
> config.php script for edit and attr, leave "read" blank.
>    3. Preliminary - Go to Main.HomePage?action=logout to start.
>          1. I visit Site.AuthUser?action=attr - I am asked for a password,
> good. Do not do anything, just verify not already admin, witnessed by the
> fact that it wants a password. I have this page locked to all but admin.
>          2. I try Main.HomePage?action=edit and am asked for a password.
> Again, I didn't log in, just verified I need a password to continue.
>    4. Problem Steps - Go to Main.HomePage?action=logout, then
> Main.HomePage?action=login.
>          1. Log in as "admin" - What I get back is "Name/password not
> recognized"
>          2. Without logging out, I try Site.AuthUser?action=attr again -
> this time, I am not asked for a password. This tells me that the previous
> "name/pass not recognized" is in error, and that I am actually logged in as
> admin.
>          3. I go to Main.HomePage?action=logout, then
> Main.HomePage?action=login. I log in as "russ" then try to edit main:
> Main.HomePage?action=edit and this works.
>    5. It works correctly when the action target is not "login." For
> instance, I go to Main.HomePage?action=logout, then
> Main.HomePage?action=edit, it asks for a password, I log in as "admin" and
> it works.

Russ:  Here's a portion of the thread from June 9, entitled "Author
setting in two different ways"

> On 6/9/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > On Fri, Jun 09, 2006 at 12:02:27PM -0500, Jon Haupt wrote:
> > > Hi there,
> > >
> > > So I'm using AuthUser and enforcing author tracking on my wiki.
> > > Everything works fine except that one group on my wiki has a simple
> > > read/edit password (so it doesn't require authenticated ID).  The
> > > problem here is if they type in an author name, this isn't copied to
> > > $Author like an $AuthId is.  Is there a way to do this so that either
> > > way, the author cookie is automatically set if they enter one (whether
> > > it's an authenticated ID or just a name to go with the password)?
> >
> > It's not pretty, but try the following in local/config.php:
> >
> >   if (@$_POST['authid'] && !@$_COOKIE['author'])
> >     $_POST['author'] = $_POST['authid'];
> >
> > This will use the username field (from the authentication form)
> > to set the author cookie if one hasn't already been set.

I followed up on July 1 and July 11, raising what I think is the same
issue that you're having.  When we're trying to use BOTH the native
password-only authentication scheme AND the AuthUser, user
authentication scheme on the same wiki, the rules governing the
Site/AuthUser page don't quite apply in the password-only situation,
and we get a message that appears to be denial of login, even though
administrative-level authentication is in fact recognized.