checked the supplied link. most interestingly Main.HomePage?action=attr shows the edit password set by site. still (:if auth edit:) evaluates to true for non-logged in users while (:if auth admin:) evaluates to false.
can you post the contents of your entire local/config.php? (minus clear passwords, of course) sadly my servers are running php versions 5.2.6 and 5.2.12, so I cannot verify if this is a 5.3 related problem. to verify or falsify that faulty crypt implementation in php 5.3 theory, you could use md5 or sha-1 encrypted passwords stored in a .htpasswd (see the Passwd section in http://www.pmwiki.org/wiki/Cookbook/AuthUser). josh -- ALJOSCHA SONDERHOFF brand & marketing office +49 2238 4629519 mobile +49 1511 5794189 fax +49 2238 963023 email <[email protected]> GASSI-TV Aurikelweg 22 50259 Pulheim, NRW GERMANY http://gassi-tv.de On Nov/10, 2011, at 1900 , [email protected] wrote: > Date: Thu, 10 Nov 2011 11:13:14 -0500 > From: "Sun, Yue" <[email protected]> > To: "'[email protected]'" <[email protected]> > Subject: [pmwiki-users] Password protection not working > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > We have a pmwiki site (version 2.2.0) that has been up for a few years. > Recently we upgraded to RedHat 5 and PHP 5.3.7, after that the password > protection is not working any more. To help figure out the problem, I've set > up a new pmwiki 2.2.34, and use the simple config file with > > $DefaultPasswords['edit'] = crypt('operations'); > > and > > $EnableDiag = 1; > > but still the Edit is open to everyone and never got a password prompt. When > I changed $DefaultPasswords['edit'] ='@lock'<mailto:='@lock'> and the > password was prompted. I notice there are some discussions about the new > crypt() in php 5.3 and doubt if it's related to the issue I am having. Here > is the test pmwiki I set up > http://newsletter.vaughanpl.info/pmwiki/pmwiki.php. Can someone provide a > help? Do I have to downgrade to php 5.2? > > Any comments or suggestions would be appreciated!! > > Yue > > ________________________________ > This e-mail, including any attachment(s), may be confidential and is intended > solely for the attention and information of the named addressee(s). If you > are not the intended recipient or have received this message in error, please > notify me immediately by return e-mail and permanently delete the original > transmission from your computer, including any attachment(s). Any > unauthorized distribution, disclosure or copying of this message and > attachment(s) by anyone other than the recipient is strictly prohibited. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20111110/4690ae9a/attachment-0001.html> _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
