[pmwiki-users] Always logged in for my IP (no password requested) : how to ?

Petko Yotov 5ko at 5ko.fr
Fri Sep 7 12:06:41 CDT 2012 

> Nothing more related to password (no authuser, no userauth) ; plus
> have a visible edit password.

I see the problem. Indeed, AuthDNS is designed to work with AuthUser, and in  
your case there is a simpler solution.

> $DefaultPasswords['admin'] = crypt('xxx');
> $DefaultPasswords['attr'] = crypt('xxx');
> $DefaultPasswords['edit'] = crypt('yyy');
> $DefaultPasswords['upload'] = crypt('xxx');

Add the following code

if($_SERVER['REMOTE_ADDR'] == '127.0.0.1') { # your IP address here
  $_POST['authpw'] = 'xxx';                  # the admin password
}

This means that you have your admin passwords in clear in config.php and  
someone with access to the filesystem can read them (for example a  
technician of your hosting provider).

If this is not a problem for you, that is the simplest and easiest solution.  
If it is a problem, the the simplest and easiest solution is much harder and  
complex.

PmWiki can store just encrypted hashes of the passwords (see ?action=crypt)  
but in that case you cannot be logged-in automatically.

Or, you could, if you enable AuthUser and configure AuthDNS to log you in as  
a user with admin rights.

in config.php:
  $DefaultPasswords['admin'] = array('$1$XV7s5b8q$ooqwV/Y6fccfztURhyfye/',  
    'id:gb'); # encrypted password from ?action=crypt + identified user
  $DefaultPasswords['attr']   = '@lock'; # that means admins only
  $DefaultPasswords['upload'] = '@lock'; # that means admins only

  # if you have published your edit password on your site, you could leave
  # it here in clear, otherwise encrypt it too.
  $DefaultPasswords['edit'] = crypt('yyy'); # or '$1$...' without crypt()


in SiteAdmin.AuthDNS, your IP address and the admin user's id:
  127.0.0.1: id:gb

in SiteAdmin.AuthUser, set a password for user gb (read docs)

And to be automatically logged in, go to AnyPage?action=authdns.

Enabling AuthUser will add a username: field at the login form (which may  
disturb your editors who only need to supply the password. You can remove it  
from the page Site.AuthForm.

Petko

More information about the pmwiki-users mailing list