[pmwiki-users] Password Locations

Peter redfive at gmail.com
Tue Sep 30 20:01:09 CDT 2008 

Thanks to Hans who pointed me in the right direction.  I've now fixed my
problem below however I've delved into the usernames/groups issue and
require a bit more prodding along.

I've gone into my SiteAdmin.AuthUser section and followed the appropriate
directions.  I've enabled my extension in my config.php.

I have a list of users in there with their password encrypted correctly.  I
think this is done right.  I also have set those users into a group called
@esupport
I think I've done that correctly.  I've copied what I have below
Authorization groups

Authorization groups are specified with a leading "@" sign. Define either
the login accounts belonging to a group or the groups for a login account:

    # @writers: alice, bob
    # carol: @editors, @writers
    # @admins: alice, dave

@esupport: tim, rob, mattp, liz, mattj, davef, daveb, anthony, roge


In my config.php I have the following
## This does the Various User Groups I'm doing
include_once("$FarmD/scripts/authuser.php");

## You'll probably want to set an administrative password that you
## can use to get into password-protected pages.  Also, by default
## the "attr" passwords for the PmWiki and Main groups are locked, so
## an admin password is a good way to unlock those.  See PmWiki.Passwords
## and PmWiki.PasswordsAdmin.
$DefaultPasswords['admin'] = 'encryptedpass';
$DefaultPasswords['attr'] = 'encryptedpass';
$DefaultPasswords['edit'] = '@esupport';
$DefaultPasswords['read'] = '@esupport';

$ForbiddenPasswords = array('yyy', 'zzz');
if (in_array(@$_POST['authpw'], $ForbiddenPasswords))
unset($_POST['authpw']);

I can't log in with the various names I've set.  What am I missing or what
have I done wrong?

Thanks all!

Peter

On Mon, Sep 29, 2008 at 8:05 PM, Peter <redfive at gmail.com> wrote:

> This hopefully will be an easy question.   I've looked over the Passwords
> part on the website but I can't find my answer.
>
> I'm trying to change the password on my Wiki and I'm having a bit of
> trouble.   Below is part of my config.php and let me explain what's
> happening.  My admin password (qqq) works fine.  My attr password is the
> same so it works fine.  My edit password (xxx) is given out to my employees
> and it's not fine.
>
> The problem began when I wanted to change the old edit password (yyy) since
> we had a bit of a turnover in staff and I didn't want any wiki vandalism.
> Currently the 'yyy' password will get you edit privileges into the site and
> I don't want it to.  When I uncomment out the ForbiddenPasswords section
> suddenly the new edit password 'xxx' fails to work.  They are completely
> different passwords.  The 'zzz' password is quite similar to the 'yyy'
> password and hence it's there also in case any guesswork is attempted and to
> also remind me not to use that one.  To fix my issue where nobody can log in
> but myself I have to comment out the ForbiddenPasswords section.
>
> My question is where is the 'yyy' password being stored that also knocks
> out the 'xxx' password?
>
> $DefaultPasswords['admin'] = crypt('qqq');
> $DefaultPasswords['attr'] = crypt('qqq');
> $DefaultPasswords['edit'] = crypt('xxx');
>
> ##$ForbiddenPasswords = array('yyy', 'zzz');
> ##if (in_array(@$_POST['authpw'], $ForbiddenPasswords))
> ##unset($_POST['authpw']);
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080930/bae547a8/attachment-0001.html

More information about the pmwiki-users mailing list