[pmwiki-users] UserAuth2 : Working with ZAP?

ThomasP pmwikidev at sigproc.de
Mon Dec 17 06:33:17 CST 2007 

On Wed, December 12, 2007 12:03 am, Dean Staub wrote:
> Hi Thomas, thanks for your response.
>
> I have found some time to follow your instructions above.
> The results of your debug output are as follows for the error accessing
> a zap function;
>
> 2007-12-12 09:18:56 EST  USAU  Someone trying to access page
> Site.ZAPConfig at level read.
> 2007-12-12 09:18:56 EST  USAU  Site.ZAPConfig is a content page: yes
> 2007-12-12 09:18:56 EST  USAU  Access to Site.ZAPConfig at level read
> granted.
> --------------------------------------------------------------------------------
> 2007-12-12 09:19:22 EST  USAU  Warning: Someone asking for permission
> for unknown level 'zap'. Refused.
>
> and for accessing the attribute page I get;
> 2007-12-12 09:49:16 EST  USAU  Someone trying to access page
> Site.ZAPConfig at level attr.
> 2007-12-12 09:49:16 EST  USAU  Site.ZAPConfig is a content page: yes
> 2007-12-12 09:49:17 EST  USAU  Access to Site.ZAPConfig at level attr
> NOT granted.
> 2007-12-12 09:49:17 EST  USAU  Current cache utilization: 26 perm
> queries, 0 user recs, 1 group recs, 0 ip range recs.
> 2007-12-12 09:49:17 EST  USAU  In total 1 uncached perm record loads, 1
> uncached perm queries.
>

Hello,

I had obviously overlooked your response.

The debug log is fortunately quite unambiguous: the levels attr and zap
are not granted.

For the level 'attr', I just noticed that at the moment it's "hardwired"
denied, but it's sufficient to uncomment the line in userauth2.php
containing the word "frequently" to get this part already resolved. (This
will just grant 'attr' queries exactly to the admin only.)

For the zap level, looking into zap.php shows the "guilty" line as

if(!CondAuth($pagename, "zap")) ZAPabort('submit', "You are not authorized
to submit this form. ");

As to what Dan said, it can obviously be allowed to anyone without
problems, so if you set

$UA2AlwaysAllowedLevels[] = 'zap';
$HandleAuth['zap'] = 'zap'; // this line currently only

in your local/config.php, it should be fine.

Let me know whether it worked, I will then accommodate the changes into
future versions.

Thomas

> I'm sorry, I am no expert at php, just a bit of a hacker, otherwise I
> would invest some time into trying to solve it myself.
>
> (I have a single admin setup)
>
> If you could lead me in the right direction here, I would be most
> greatful to test any ideas you have.
>
> Also just a note about your Debug.php script, I had to also add the line
> $EnableDebug = 1; for it to work (I didn't see it mentioned on your
> profile page :-) )
>

Thanks, I have updated my profile page.

More information about the pmwiki-users mailing list