[pmwiki-users] Site.AuthList Questions

Tegan Dowling tmdowling at gmail.com
Wed Jun 27 16:42:32 CDT 2007


On 6/27/07, Sivakatirswami <katir at hindu.org> wrote:
>
> Tegan Dowling wrote:
> >
> > If only AuthUser didn't have that ?action=login bug.
>
>
> What is that?


That arises if you use both AuthUser *and* the original
password-authentication scheme -- so you do set an edit password in
config.php, for instance, or have a read or edit password in a group's
GroupAttributes?action=attr or in a page's ?action=attr  -- then you must be
careful not to use ?action=login to elicit such a password.

This is because having AuthUser enabled makes the wiki expect a
username-password match.  If the login screen is prompted by a link to a
page, or an edit link, all is fine.  The user enters the password alone, or
the password plus any username at all, and the wiki passes the user through
to the destination.

If, however, you use ?action=login to take the user to the login screen, and
the user enters that password, the wiki will indeed authenticate the user,
but won't take the user back to the page they were on when they clicked the
link.  Instead, the login screen remains -- confusing even expert users into
thinking that the password has failed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070627/b1742871/attachment.html 


More information about the pmwiki-users mailing list