[pmwiki-users] authentication problems (built-in and authuser)

Bronwyn Boltwood arndis at gmail.com
Wed Nov 23 13:13:11 CST 2005


I no longer have any idea what to do about the authentication problems
in a wiki that I'm building for a local business.  PmWiki is acting as
a simple CMS for a very small site.  I've written a custom skin that
only shows you editing commands once you login.

I'm just about ready to defenestrate PmWiki over this.  I've read the
documentation several times over, and have spent 5 days or so
wrestling with this bloody series of problems.  It keeps changing
behaviour slightly -- sometimes it works in one browser, and then
later it breaks there too.  Anything but work consistently enough to
deliver the site to the client.

I've tried it on localhost (running the WAMPserver package) and my
webhost.  I started with 2.0.13, and upgraded to 2.1 beta2.  I've
commented out *everything* out of my config.php but the security rules
shown below.

##  Sets sitewide passwords. See PmWiki.Passwords, PmWiki.PasswordsAdmin,
##  and Cookbook.AuthUser.
$DefaultPasswords['edit'] = 'id:*';
$DefaultPasswords['upload'] = 'id:*';
$DefaultPasswords['attr'] = 'id:webmaster,bronwyn';
$DefaultPasswords['admin'] = 'id:webmaster,bronwyn';
#
## Define usernames and passwords.
$AuthUser['gerry'] = crypt('gerryspassword');
$AuthUser['pat'] = crypt('patspassword');
$AuthUser['webmaster'] = crypt('webmasterspassword');
$AuthUser['bronwyn'] = crypt('bronwynspassword');
#
## Enable authentication based on username.
include_once('scripts/authuser.php');
#
##  Set $Author according to $AuthID
if ($AuthId) {
    $Author = $AuthId;
    setcookie('author',$Author,0,'/');
    }

I had been using the login script from the cookbook for a login
mechanism, but to better control the experiment, I've eliminated it
for now. Instead the login link goes to Site.Login, which has a read
password of id:*

About 1 time out of 10, going to Site.Login and putting in valid
credentials will actually work.  But most of the time, it just
refreshes the page and presents the authentication form again.  It's
done this with both 2.0.13 and 2.1 beta2.

I can't even get things to work with the very vanilla setup of two
sitewide passwords -- one for edit and one for admin -- and the
read-protected Site.Login page!  Even that way, it insists on having
the most privileged password before displaying page content.  Pm,
surely this isn't by design?

Bronwyn




More information about the pmwiki-users mailing list