[pmwiki-users] Argon2ID authentication

[Peter van Es]

I am setting up a new PMWiki site. 

I have user records in a database table on the same host. It contains username’s and passwords which are Argon2ID salted hashes. They can be verified using the php function: https://www.php.net/manual/en/function.password-verify.php
which just needs the hash, and the password entered by the user.

I’m looking into using recepies:

1. standard authuser.php, which is where the password is checked, if I’m not mistaken
2. AuthUserDB which looks overly complicated given that all user management and password resets are done on another system
3. and the adodb-connect.php script

However, most of these do not appear to have been updated since 2007… 

Should I simplify things and just build my own customised database layer, and modify authuser.php to use the password verify function?
Additionally I want to add groups to the user so that I have more fine-grained access control…

Thanks in advance for your guidance

Peter van Es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20260422/741fc648/attachment.html>