[pmwiki-users] Need help with Site/AuthUser

Jen Gagne jen at beware-of-art.com
Thu Jun 15 06:39:07 CDT 2006


Thanks Patrick! Let's see... I may have fixed at least some of this when I
restored pmwiki.php to the most recent version. I noticed an edit date of 6/14
on the file, and suspected maybe I did something to mung it since really I
shouldn't be editing that at all (right?)... so, I got the latest version from
the zip.

Now, in ?action=attr, when I set the edit password to @cons, it lets KublaiKhan
(one of my "cons" people) edit.

But -- here's the new weird part -- it won't let ME edit using my JenGagne
account, at least not consistently. More on that below...

> If I'm reading this correctly, that would mean that the password
> for JenGagne is the same as the 'admin' password that was set above.
> That's not a problem, but it does mean that JenGagne is effectively
> an admin and can obtain access to any page.
> *snip* The real test would be if the passwords are different.

I changed it last night for testing, since it being the same was why I didn't
originally realize the system wasn't letting me do stuff without the admin
password...

And, even though I am part of both @admins and @cons, it won't let JenGagne edit
pages consistently using that password (even though kublaikhan can?!) and won't
give me admin access without using the actual admin password.

But it's inconsistent -- sometimes it accepts my account password, sometimes
not. I'll poke around and figure out if there's some pattern to that. Maybe I
munged my forum code somehow and that's why it's giving me so much trouble.

I'll reply with more info on that later... Maybe my replacement of pmwiki.php
fixed at least some of this? It wasn't letting people log in at ALL before.

I reset the PW a few times to the same thing just to confirm I was really typing
it correctly. But, it still says "Name/Password not recognized."

> Is there a 'read' password set for the site or on the Site.AuthUser page
> somehow?

I set an read password of @admins on Site.Authuser only because I read... uh...
somewhere on the site, that that's a good idea for security. But if it doesn't
interfere, then OK. :)

Thanks for the reply!

-=- Jen




More information about the pmwiki-users mailing list