[pmwiki-users] Always logged in for my IP (no password requested) : how to ?

Petko Yotov 5ko at 5ko.fr
Fri Sep 7 12:06:41 CDT 2012

> Nothing more related to password (no authuser, no userauth) ; plus
> have a visible edit password.

I see the problem. Indeed, AuthDNS is designed to work with AuthUser, and in  
your case there is a simpler solution.

> $DefaultPasswords['admin'] = crypt('xxx');
> $DefaultPasswords['attr'] = crypt('xxx');
> $DefaultPasswords['edit'] = crypt('yyy');
> $DefaultPasswords['upload'] = crypt('xxx');

Add the following code

if($_SERVER['REMOTE_ADDR'] == '') { # your IP address here
  $_POST['authpw'] = 'xxx';                  # the admin password

This means that you have your admin passwords in clear in config.php and  
someone with access to the filesystem can read them (for example a  
technician of your hosting provider).

If this is not a problem for you, that is the simplest and easiest solution.  
If it is a problem, the the simplest and easiest solution is much harder and  

PmWiki can store just encrypted hashes of the passwords (see ?action=crypt)  
but in that case you cannot be logged-in automatically.

Or, you could, if you enable AuthUser and configure AuthDNS to log you in as  
a user with admin rights.

in config.php:
  $DefaultPasswords['admin'] = array('$1$XV7s5b8q$ooqwV/Y6fccfztURhyfye/',  
    'id:gb'); # encrypted password from ?action=crypt + identified user
  $DefaultPasswords['attr']   = '@lock'; # that means admins only
  $DefaultPasswords['upload'] = '@lock'; # that means admins only

  # if you have published your edit password on your site, you could leave
  # it here in clear, otherwise encrypt it too.
  $DefaultPasswords['edit'] = crypt('yyy'); # or '$1$...' without crypt()

in SiteAdmin.AuthDNS, your IP address and the admin user's id: id:gb

in SiteAdmin.AuthUser, set a password for user gb (read docs)

And to be automatically logged in, go to AnyPage?action=authdns.

Enabling AuthUser will add a username: field at the login form (which may  
disturb your editors who only need to supply the password. You can remove it  
from the page Site.AuthForm.


More information about the pmwiki-users mailing list