[pmwiki-users] DBauth question

Jason Frisvold xenophage0 at gmail.com
Tue Jun 27 08:01:18 CDT 2006


On 6/27/06, Marc Cooper <gmane at auxbuss.com> wrote:
> The plan is to replace dbauth with authuser_dbase. I was working on this
> with the author, Ben, but he is in the middle of some academic work, and
> I've not heard from him in a while. That said, dbauth does the same
> thing, the new version has a few tweaks that, for example, allow you to
> put the variables in your config.php rather than having to edit the
> recipe.

Cool!  :)  I'm looking forward to this.  DBAuth at the moment seems
more of a hack than a recipe..  No offense meant.  :)  I had to hack
it up a bit to make it work the way I wanted.

Any chance you're looking into groups as well?  As in, retrieving from
the database a list of the groups that the user is in???  I'm digging
into how to handle that now..

> To create the db, you will need MySQL installed. You can then create a
> table with only two fields - for the user name and password. The
> password should be encrypted with MD5 or SHA1 - MySQL will do this for
> you.

It's worth noting that you can pretty much use any table definition
for this.  I have a pre-existing database used for authentication for
a large intranet system.  Just modifying the SQL select statement was
enough to make this work.

> I'd also comment out the $AuthForm lines in dbauth.php, since this
> overrides Site.AuthForm and it's easier to manage this within PmWiki,
> imo.

Hrm..  easier to manage how?  Just comment out the $AuthForm?

> > I'm using a modified version of the FAST Membership
> > (newuser.php) recipe which writes the user name and password to a
> > htpasswd file, and was wondering if I couldn't just change a line or
> > two to have it write to the database instead.
>
> Probably, though it will be a few more lines, especially if you add
> error checking.

You also need lines to connect to the database to begin with.  But,
this should be simple enough.  In fact, DBAuth contains most of what
you need with the exception of the SQL statement to enter the data.

> > My current system works
> > fine, but is a htpasswd file really plausible if you have say a 1000
> > users?  Or would it be a bit slow?

There is a limitation to the number of users you can have in that
file.  I forget the exact number, but when you run into it, you likely
won't know and it will drive you crazy trying to figure out whats
going on.  Basically, once you hit that magic number, any additional
users won't authenticate..  Really frustrating.

> No reason at all. In addition, I have my own version of dbauth in
> which I perform a range of functions against the database at login and
> store what I need in session variables, so that I don't need to go to
> the db repeatedly.

If you do go this route, though, use good table design.  Don't litter
the user auth tables with useless junk that is better suited to it's
own table...

> > And lastly, are there some
> > wiki-based admin interface for editing the database, or would it all
> > have to be manually edited?

Editing just the users?  Or more?  You could use phpmyadmin for this.
Personally I don't like using that program because of security
concerns, but with the proper precautions it should be ok...

> However, as I asked elsewhere, I'm stuck on a really, really basic
> PmWiki lack of knowledge thing :-(

I think I'm in the same boat..  I'm decent with php and sql, but I'm
not familiar at all with the pmwiki code yet...

> --
> Best,
> Marc


-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com




More information about the pmwiki-users mailing list