[pmwiki-users] Fox: replace password in SiteAdmin.AuthUser?

pmwiki.johnny1000 at spamgourmet.com pmwiki.johnny1000 at spamgourmet.com
Thu Feb 9 05:24:36 PST 2023 

Greetings,

PmWiki version 2.3.18
Fox version 2020-11-02 (which was actually committed 2022-11-02)

For a couple of days I've been trying to get a Fox form to replace 
(change) a logged in user's password.
I want my users to be able to change their passwords.

It's to be a private family site, only accessible logging in with 
username+password. That part works.

I have set up authuser like this:

include_once("$FarmD/scripts/authuser.php");
$DefaultPasswords['read'] = 'id:*';
$DefaultPasswords['edit'] = 'id:admin';

I have set up my users in SiteAdmin.AuthUser like this:

username: (:encrypt password:)

Which, upon saving SiteAdmin.AuthUser, gets turned into something like this:

username: $2y$10$ie/E38n2xsgsPg9BJPQPV.rCRMWJCr0dAcUs4sRy1mZ9uwf.BtKSG

I have set up Fox (for testing) like this:

$FoxAuth = 'ALWAYS';
$FoxPagePermissions['*.*'] = 'all';
include_once("$FarmD/cookbook/fox/fox.php");

When I go into production, $FoxPagePermissions will be set up with 
"proper" page and group permissions.

I have set up a page with a fox form for a logged in user to change 
their password like this:

(:fox change_password_form:)
(:foxreplace target=SiteAdmin.AuthUser put=regex mark="{(tolower 
{$Author})}: .*" foxtemplate="{(tolower {$Author})}: {(mycrypt 
{$$new_password})}":)
New password:\\
(:input password name=new_password:)\\
(:input submit post 'Save new password':)
(:foxend change_password_form:)

The form will be expanded with different checks, but for now I just want 
to succeed in changing the password.

I have tried different ways of escaping "(:encrypt ...:)" in 
foxtemplate, but they all just change the encrypted password to some 
form of the "(:encrypt ...:)" markup.

Therefore I have added my own markup expression "{mycrypt ...}", to 
change the markup expression into an encrypted password, like this:

$MarkupExpr['mycrypt'] = 'mycrypt($args[0])';
function mycrypt($string) {
     return pmcrypt($string);
}

My markup expression does change the input string to an encrypted 
string, but that string does not work as a valid encrypted password in 
SiteAdmin.AuthUser.

I notice that when I manually enter "(:encrypt ...:)" into 
SiteAdmin.AuthUser, the encrypted result always start with the sequence 
"$2y$10$".
But my own markup expression's encrypted strings always start with "y$".

Manually changing "y$" to "$2y$10$" in SiteAdmin.AuthUser doesn't help.

So now I'm stuck.

Any ideas?

Best regards :o)

Johnny :o)

More information about the pmwiki-users mailing list