[pmwiki-users] Passwords not working

Nils Knappmeier nk at knappi.org
Thu Sep 7 14:59:19 CDT 2006


pmwiki at 911networks.com schrieb:
> On Thu, 7 Sep 2006 13:04:20 -0500
> "Patrick R. Michaud" <pmichaud at pobox.com> wrote:
>
>   
>> On Thu, Sep 07, 2006 at 10:44:54AM -0700,
>> pmwiki at 911networks.com wrote:
>>     
>>> Hi,
>>>
>>> I use Xampp on Suse 10.0, use the defaults, 2.1.22 and
>>> followed http://pmwiki.org/wiki/PmWiki/Installation
>>>
>>> when I enabled the passwords:
>>> http://pmwiki.org/wiki/PmWiki/PasswordsAdmin
>>>
>>> used a123456 as a temporary password: 
>>>
>>> $DefaultPasswords['admin'] = crypt('a123456');
>>> $DefaultPasswords['edit'] = crypt('a123456');
>>>
>>> When I try to do an edit, it prompt for the password, then
>>> gives me a blank page.
>>>
>>> Any suggestion?
>>>       
>> Are you using cleanurls?
>>     
>
> Just the rewrite 301 from sqlhacks.com to www.sqlhacks.com
>
> <VirtualHost *:80>
>     DocumentRoot /opt/lampp/htdocs/sqlhacks.com
>     ServerName sqlhacks.com
>     ServerAlias www.sqlhacks.com
>     ErrorLog /opt/lampp/logs/sqlhacks.com-error_log
>     CustomLog /opt/lampp/logs/sqlhacks.com-access_log common
>     php_value session.save_handler user
>     RewriteEngine on
>     RewriteCond %{HTTP_HOST} ^sqlhacks.com [NC]
>     RewriteRule ^(.*)$ http://www.sqlhacks.com/$1 [L,R=301]
> </VirtualHost>
>   
I had the problem once, that I wasn't able to save any pages. It was/is 
a wiki that was supposed to run on a https-Server that shouldn't be 
accessible over http (without ssl). I had to change the value of 
$ScriptUrl because it always led back to the plain http-version.

However: I think the problem is, that the ServerName is sqlhacks.com and 
not www.sqlhacks.com. Maybe try exchanging the values of ServerName and 
ServerAlias.

I suppose what happens is this: You are at a page, on the server 
http://www.sqlhacks.com. The $ScriptUrl probably contains the value 
'sqlhacks.com' (because this is the ServerName), so when you enter the 
password and klick "Submit" you'll be taken to 'sqlhacks.com' and 
redirected to 'www.sqlhacks.com'. During the redirect, the post-data of 
the request is lost, so the password never arrives at 'www.sqlhacks.com' 
and you are prompted to enter a password again.

So:  Try

    ServerName www.sqlhacks.com
    ServerAlias sqlhacks.com

Nils



>   
>> Have you changed the default value of $ScriptUrl?
>>
>>     
>
> No
>
>   
>> Is there a url we can look at?
>>     
>
> Yes, but it's not public yet, I can send you a private email with
> the IP address.
>
>   





More information about the pmwiki-users mailing list