[pmwiki-users] URGENT: Global Password Reset
H. Fox
haganfox at gmail.com
Thu Aug 4 21:45:56 CDT 2005
On 8/2/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Mon, Aug 01, 2005 at 10:21:29AM -0400, Ryan D'Baisse wrote:
> > I am currently running v2.0 beta 19. Someone has learned the password
> > that I used for securing private sections of my wiki (the same password
> > was used for pages, groups, etc.). I have changed the password within the
> > configuration file, but need to reset what is stored for the other
> > resources. Is this possible? If so, how?
>
> A quick solution may be to simply invalidate the compromised
> password(s) entirely:
>
> $ForbiddenPasswords = array('secret', 'tanstaafl');
> if (in_array($ForbiddenPasswords, @$_POST['authpw'))
> unset($_POST['authpw']);
>
> This prevents 'secret' and 'tanstaafl' from ever being used as a
> valid authorization password, regardless of what pages may be
> using it.
Rearranged, it works.
## Invalidate particular password(s)
$ForbiddenPasswords = array('secret', 'tanstaafl');
if (in_array(@$_POST['authpw'], $ForbiddenPasswords)) {
unset($_POST['authpw']);
}
Hagan
More information about the pmwiki-users
mailing list