[pmwiki-users] Password Locations

Peter redfive at gmail.com
Mon Sep 29 19:05:01 CDT 2008


This hopefully will be an easy question.   I've looked over the Passwords
part on the website but I can't find my answer.

I'm trying to change the password on my Wiki and I'm having a bit of
trouble.   Below is part of my config.php and let me explain what's
happening.  My admin password (qqq) works fine.  My attr password is the
same so it works fine.  My edit password (xxx) is given out to my employees
and it's not fine.

The problem began when I wanted to change the old edit password (yyy) since
we had a bit of a turnover in staff and I didn't want any wiki vandalism.
Currently the 'yyy' password will get you edit privileges into the site and
I don't want it to.  When I uncomment out the ForbiddenPasswords section
suddenly the new edit password 'xxx' fails to work.  They are completely
different passwords.  The 'zzz' password is quite similar to the 'yyy'
password and hence it's there also in case any guesswork is attempted and to
also remind me not to use that one.  To fix my issue where nobody can log in
but myself I have to comment out the ForbiddenPasswords section.

My question is where is the 'yyy' password being stored that also knocks out
the 'xxx' password?

$DefaultPasswords['admin'] = crypt('qqq');
$DefaultPasswords['attr'] = crypt('qqq');
$DefaultPasswords['edit'] = crypt('xxx');

##$ForbiddenPasswords = array('yyy', 'zzz');
##if (in_array(@$_POST['authpw'], $ForbiddenPasswords))
##unset($_POST['authpw']);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080929/e0655334/attachment.html 


More information about the pmwiki-users mailing list