On 11/24/05, <b class="gmail_sendername">Patrick R. Michaud</b> <<a href="mailto:pmichaud@pobox.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">pmichaud@pobox.com</a>> wrote:<div><span class="gmail_quote">
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Thu, Nov 24, 2005 at 11:05:42AM -0500, Bronwyn Boltwood wrote:<br>> 4. tried to log in as gerry. no welcome message or logout stuff in<br>> sidebar. reload page -- same. went to homepage, and now I can see that
<br>> I'm logged in as gerry.<br><br>This is actually correct behavior, although as things are set up it's not<br>instantly obvious why. The "gerry" account doesn't have edit permission<br>to the Site.* pages, because of the edit password set in
Site.GroupAttributes.<br>So, (:if auth edit:) isn't true for "gerry" on any of the pages in the<br>Site group. Using (:if authid:) is a much better test to determine<br>if someone is authenticated.</blockquote>
<div><br>
This does make sense. I forgot because I had cleared that
password back when I was first setting up my dev wiki, and most of my
other wikis have only ever had one password. I humbly suggest
that the authtable add-on get turned into a recipe or be added to the
core? :) <br>
<br>
I've fixed up the conditional markup in my dev wiki now. Since
I'd never used authuser before -- I tried it out in hopes of fixing the
login bugs! -- it didn't occur to me to check for something more
suitable.<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> 6. hit edit. was asked for name and password. gave gerry's credentials,
<br>> submitted, page reloads still wanting credentials. tried bronwyn account<br>> just in case. same thing. tried webmaster and pat accounts; same.<br><br>Aha! This is the same problem as PITS #00551, which I also couldn't
<br>resolve until now. The problem turns out to be that after any<br>unsuccessful login, the system always continued to use the first username<br>that was entered even if a new one was entered. This bug will be fixed<br>
for 2.1.beta4, and should resolve a lot of the oddities you've been<br>seeing.</blockquote><div><br>
It does! I've been putting in nonsense credentials followed by
valid ones, and it works nicely now. So not only do I get
my problem fixed, I've actually been of service to the community! :)<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> I wonder how hard it is to have error messages for "bad password and<br>> username combination" and "insufficient rights". They'd be helpful.<br><br>I'm working on this for the updated authuser script. Unsuccessful
<br>authentications will probably display "incorrect username/password<br>combination", while unsuccessful authorizations will display<br>something like "(read|edit|attr|admin) privileges required by<br>(site|group|page)". Although I haven't figured out a good way to
<br>i18n that yet. :-|</blockquote><div><br>
It'll be a handy upgrade; might have kept me from crawling quite as far
up the wall as I did. :) Um...what about getting translations for
the entire phrases<br>
- incorrect username/password combination<br>
- privileges required by<br>
<br>
And word-by-word for<br>
- read<br>
- edit<br>
- diff or history<br>
- upload<br>
- attr<br>
- admin<br>
- site<br>
- group<br>
- page<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">> > PmWiki 2.1 will have ?action=login available, which will display<br>> >
Site.AuthForm under the current url. I think I'll do this for<br>> > 2.1.beta4.<br>><br>> Cool. Not too far away then. Hopefully before I need to give my "how to<br>> edit" tutorial? :)<br><br>
Well, 2.1.beta4 (just released) contains the bugfix for the previous<br>item, so hopefully 2.1.beta5. Depends on how much work I get done<br>this evening... :-)</blockquote><div><br>Now
I can't decide whether to tell you to take a well-earned break, or
crack the whip on you. ;) The read-protected login page now works
nicely, but the login recipe does not -- just reloads the page; no
form. Maybe it's not compatible with 2.1 betas? Of course,
there's some sense to just going with the read-protected Site.Login --
it will be one more reassurance that they did login successfully and
that it has their name right.</div></div><br>
In any case, thank you!<br>
<br>
Bronwyn<br>