[pmwiki-users] error in .htpasswd - Auth

Patrick Ogay lists at basel-inside.ch
Fri Nov 11 03:46:27 CST 2005 

I guess this must be the problem:
I created a user "pmichaud"  (with  
action=setuser?&user=pmichaud&passwd=pmichaud)
the user is o.k. .htpasswd

pmichaud can login now, but with the first users password
It's even worse  that *anybody*  can login who knows this  password.
It's even more strange, because now  I have changed my user to the 
second place, and still pmichaud can only login with this user....urgh...
(I don't like the idea to store the correct password here in the Group:-),

pw-file: (first attempt)
pogay:u6cLSILEk15aQ
vhcuser:NPtapYBNVvC02
vorstand:tWWn6kTmNE/6o
pmichaud:WLul3vR1PMYlQ

pw-file (second attempt)
pmwiki:5OV8XuG1lKdQU
pogay:u6cLSILEk15aQ
vhcuser:NPtapYBNVvC02
vorstand:tWWn6kTmNE/6o
pmichaud:WLul3vR1PMYlQ


farmconfig:------------------------------------------------------------------------------------------------
#  funktioniert, wird dann z.T. in pw-file und lokal ausgelagert

#   $AuthUserHtPasswd     = "$FarmD/local/.htpasswd";
    $AuthUser['htpasswd'] = "/var/www/etc/.passwd";

 
###  pmwiki users
#    $AuthUser['pogay']    = '$1$W32gNGnz$qqRtTf.gwGj8KgFcrS9Ow/'; 
#    $Authuser['nic']      = '$1$W32gNGnz$qqRtTf.gwGj8KgFcrS9Ow/';
#    $Authuser['pat']      = '$1$W32gNGnz$qqRtTf.gwGj8KgFcrS9Ow/'; 
#    $AuthUser['pmwikif']  = '$1$yiQu4aL7$eQtLXJ5sJSuRQDUkHJrtK0';
#    $AuthUser['pmwiki2']  = crypt('pmwiki2');
#    $AuthUser['pmwiki3']  = '$1$W32gNGnz$qqRtTf.gwGj8KgFcrS9Ow/';

### apache users
#    $AuthUser['vhcusez']  = "$FarmD/local/.htpasswd";
#   $AuthUser['pogaz']    = "$FarmD/local/.htpasswd";
#    $AuthUser['vhcuser']  = "$FarmD/local/.htpasswd";
#    $AuthUser['bluguser'] = "$FarmD/local/.htpasswd";


    include_once('local/config.php');          # load per-field settings

    $DefaultPasswords['read']   = 'id:*'; /*alle die User haben */
#   $DefaultPasswords['read']   = 'id:pogay,nic';
    $DefaultPasswords['edit']   = 'id:pogay,nic';
    $DefaultPasswords['upload'] = 'id:pogay,nic';
    include_once("$FarmD/scripts/authuser.php");   /* User basierende 
Authenfification */

       /* Assign Logfile+ activate */

## Addons/User Actions
##adds action=setuser&user=user&passwd=passwd
## uses php "system" to execute a shellscript  in usr/local/bib
global $HandleActions;
SDV($HandleActions['setuser'], 'setUser');
function setUser($pagename) {
 echo "setuser".$_GET[user].$_GET[passwd];
 if ($_GET[user] && $_GET[passwd]){
   $cmd = "_htpasswd ".$_GET[user]." ".$_GET[passwd];
   echo "=$cmd=";
   system($cmd, $result);  
   /* $return = `cmd`; */
   echo "result=$result/";
  }
 else { /* alles listen */
  system("_htpasswd",$result);
  echo "result=$result/";
  echo "Lines<br>\n";
  reset($lines);
  while(list($k, $v) = each($lines)):
    echo "k=$k v=$v<br>\n";
  endwhile;

 }
 
}

More information about the pmwiki-users mailing list