[pmwiki-users] authentication problems (built-in and authuser)

Bronwyn Boltwood arndis at gmail.com
Thu Nov 24 10:05:42 CST 2005


On 11/23/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> On Wed, Nov 23, 2005 at 06:18:07PM -0500, Bronwyn Boltwood wrote:
> >    The authtest site definitely works better than my test sites have --
> >    logging in and out seems to work. (Yes, this is impressive after what
> I've
> >    been seeing.)  But it's not a representative test yet, since only
> editing
> >    is passworded.
>
> OOPS!  I commented those out when troubleshooting the "id:*" bug
> and forgot to uncomment them.  It's fixed now.


It's okay; we all do that from time to time. :)

Here's what happened when I played with our test installation some more.
1. edited Site.Login to have text of:

(:if auth edit:)
%green%Welcome, '''{$Author}'''
(:ifend:)

(:if auth admin:)
%blue%You have admin rights.
(:ifend:)

2. set attributes on Site.Login to have read password of id:* and was logged
out by system.
3. logged in as bronwyn successfully; logged out.
4. tried to log in as gerry.  no welcome message or logout stuff in
sidebar.  reload page -- same.  went to homepage, and now I can see that I'm
logged in as gerry.
5. went back to login page.  no welcome message as there should be, but not
asked for password.  logout block in sidebar is gone again.
6. hit edit.  was asked for name and password.  gave gerry's credentials,
submitted, page reloads still wanting credentials.  tried bronwyn account
just in case.  same thing.  tried webmaster and pat accounts; same.
7. went back to homepage; logged out.  logged in as pat with same oddities
as described earlier for gerry.  edited a few pages successfully.  went back
to login page; same behaviour as for gerry.
8. tried to edit login page; got in with webmaster password.  all seemed
well so got out of edit, and page text was displayed as it should be.
9. logged out and logged in again as bronwyn.  login page behaves as
expected.

Contrary to points 4, 5, and 7, I should be getting the welcome message and
other sections wrapped in (:if auth edit:) even as a lowly user, but I'm
not.  This is one of the problems I was having with my own installs.  Points
6 and 8 are aggravatingly familiar too..

I wonder how hard it is to have error messages for "bad password and
username combination" and "insufficient rights".  They'd be helpful.

>    - The login mechanism can be either:
> >        - The login script from the cookbook.  Its best point is that it
> >    redirects to the page the user was at.
> >        - A read-protected Site.Login , for id:* or whatever the sitewide
> edit
> >    password is.  Right now, since the attr and admin passwords in your
> test
> >    site are locked, I can't try making one to see how this works.
>
> PmWiki 2.1 will have ?action=login available, which will display
> Site.AuthForm under the current url.  I think I'll do this for
> 2.1.beta4.


Cool.  Not too far away then.  Hopefully before I need to give my "how to
edit" tutorial?  :)

Is there some url redirection taking place in the Apache
> configuration somewhere...?  Redirects tend to play havoc
> with posted form values, and that might be why you're never
> getting past the login form.  It might be nothing -- but
> I'm not sure why Apache is setting REDIRECT values for
> a url that seems to be already pointing to the correct target.
>

I'm not certain, but I have a guess.  I have a regular account with add-on
domains (rather than a proper reseller's account), and grinningfrog is an
add-on domain.  So that might be causing the redirects.  However, that can't
be the only source of my difficulties, because I had the same problems on
localhost, where AFAIK there isn't any redirection.

Bronwyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20051124/ae142398/attachment.html 


More information about the pmwiki-users mailing list