Re: [pmwiki-users] Always logged in for my IP (no password requested) : how to ?

Fri, 07 Sep 2012 10:07:15 -0700 

Nothing more related to password (no authuser, no userauth) ; plus
have a visible edit password.



I see the problem. Indeed, AuthDNS is designed to work with AuthUser, and in  
your case there is a simpler solution.



$DefaultPasswords['admin'] = crypt('xxx');
$DefaultPasswords['attr'] = crypt('xxx');
$DefaultPasswords['edit'] = crypt('yyy');
$DefaultPasswords['upload'] = crypt('xxx');


Add the following code

if($_SERVER['REMOTE_ADDR'] == '127.0.0.1') { # your IP address here
 $_POST['authpw'] = 'xxx';                  # the admin password
}


This means that you have your admin passwords in clear in config.php and  
someone with access to the filesystem can read them (for example a  
technician of your hosting provider).



If this is not a problem for you, that is the simplest and easiest solution.  
If it is a problem, the the simplest and easiest solution is much harder and  
complex.



PmWiki can store just encrypted hashes of the passwords (see ?action=crypt)  
but in that case you cannot be logged-in automatically.



Or, you could, if you enable AuthUser and configure AuthDNS to log you in as  
a user with admin rights.


in config.php:

 $DefaultPasswords['admin'] = array('$1$XV7s5b8q$ooqwV/Y6fccfztURhyfye/',  
   'id:gb'); # encrypted password from ?action=crypt + identified user

 $DefaultPasswords['attr']   = '@lock'; # that means admins only
 $DefaultPasswords['upload'] = '@lock'; # that means admins only

 # if you have published your edit password on your site, you could leave
 # it here in clear, otherwise encrypt it too.
 $DefaultPasswords['edit'] = crypt('yyy'); # or '$1$...' without crypt()


in SiteAdmin.AuthDNS, your IP address and the admin user's id:
 127.0.0.1: id:gb

in SiteAdmin.AuthUser, set a password for user gb (read docs)

And to be automatically logged in, go to AnyPage?action=authdns.


Enabling AuthUser will add a username: field at the login form (which may  
disturb your editors who only need to supply the password. You can remove it  
from the page Site.AuthForm.


Petko


_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users






















					Reply via email to