UserAuth2-Talk
Comments
I wanted to secure the login and user management. I came up with this solution which seems to work, but I'd like feedback since I'm still new to modrewrite. Personally, I'd think it much cleaner if the code could do the redirects.:
if (@$_SERVER['HTTPS'] == 'on' || @$_SERVER['SERVER_PORT'] == '443')
{
$UrlScheme='https';
} else {
$UrlScheme='http';
}
$ScriptUrl = $UrlScheme.'://www.example.com/wiki';
$PubDirUrl = $UrlScheme.'://www.example.com/wiki/pub';
.htaccess
# Use mod_rewrite to enable "Clean URLs" for a PmWiki installation.
RewriteEngine On
# Define the rewrite base.
RewriteBase /wiki
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/wiki/Site/Login [OR]
RewriteCond %{QUERY_STRING} action=login [OR]
RewriteCond %{QUERY_STRING} ^n=Site.Login [OR]
RewriteCond %{QUERY_STRING} ^action=admin [OR]
RewriteCond %{QUERY_STRING} ^action=pwchange
RewriteRule (.*) https://www.example.com/wiki/$1 [R=permanent,L]
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !(\.gif|\.css)
RewriteCond %{REQUEST_URI} !^/wiki/Site/Login
RewriteCond %{QUERY_STRING} !^n=Site/Login
RewriteCond %{QUERY_STRING} !action=login
RewriteCond %{QUERY_STRING} !action=admin
RewriteCond %{QUERY_STRING} !action=pwchange
RewriteRule (.*) http://www.example.com/wiki/$1 [R=permanent,L]
# Send requests without parameters to pmwiki.php.
RewriteRule ^$ pmwiki.php [L]
# Send requests for index.php to pmwiki.php.
RewriteRule ^index\.php$ pmwiki.php [L]
# Send requests to pmwiki.php, appending the query string part.
RewriteRule ^([A-Z0-9\xa0-\xff].*)$ pmwiki.php?n=$1 [QSA,L]
I've removed any previous comments that I made here. Whilst I did have problems at first with:
- CleanUrls - see fix on main page re using '/' instead of '.' in the extra lines in config.php (at that time correct, now only dots should be used)
- Search box didn't work - I think this was down to using an early flavour of PMWiki (done)
(:pagelist:)markup broken - same as search box above. (done)- Not returning to correct page after logging in - same as CleanUrls
I did a clean install and have had no problems since - (I hope). I am enjoying using the software produced by people like PM and Thomas and my thanks go to them both.
Recommend
Use latest version of software at all times and be careful of settings and you'll not go wrong!
I would really like MySQL database authentication, as I have a password protected welcome page, forum and wiki, and adding new users is a pain, I have to add them in three different files (.htpasswd(until I find decent PHP/MySQL login script), wiki(using userauth2) and MyBB(in the MySQL database).
Having it all in one table in a MySQL database would be so much easier.
Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 40 bytes) in /home/*/public_html/*/*/*/wiki/cookbook/userauth2.php on line 1009 , Using the lastest version (stable5).
The required dot in the URL (. instead of /)
Why on earth is this a requirement? It's a pretty sad one. Most sites that I know where pmwiki is used for, have used the / instead of the dot. So none of them can use UserAuth2.
$HomePage and $LoginPage variables, and to the permission record. In both of these cases the dot should/ has to be used. Apart from these configuration related places, your pmwiki is allowed to use CleanUrls. (Slashes will then automatically mapped to dots internally for permission check.) ThomasP October 02, 2008, at 01:36 PM
I'm working with wikifields (Cookbook.WikiFarmAlternative) which places the pmwiki largely out of the way of the web path. The directory structure looks like this:
pmwiki-latest/ ---cookbook/ ------userauth2.php ------userauth2/ (hopefully this will only contain the static objects) ---local/ ------config.php (system-wide configurations, common to all wikifields) ------setworkdir.php (sets up the working directories for the wiki based on a variable set in each wiki's local/config.php) ---var/ (where work goes) ------WIKINAME/ (per-wiki directory) ---------wiki.d/ (where wiki pages live for this wiki) ---------userauth2/ (where dynamic userauth2 info lives for this wiki)
I'd prefer to be able to split out dynamic portions of userauth2 from static portions for the obvious benefit of keeping one copy of something everyone can run and still keep their data separate.
--tamouse September 20, 2011, at 08:12 AM
PKHG speaking (10 June 2007 9:00)
I am trying to understand the following error:
- Running PmWiki beta54 on the local webserver AbyssWebServer, authorization works fine.
Prefix WEB. - Running the same PmWiki (copy a whole directory) on XAMPP Apache, authorization does not work at all.
Prefix XAMPP. - I set AbyssWebSever listening to port 8888 (so both version run at the same time visible in tabs of FF)
Started debugging on 7.6.07. I use in userauth2.php this code.
function debugMsg($par1,$msg){
if($par1==''){
echo("<br >XAMPP $msg");
} else {
echo("<br />XAMPP array: $par1 <br />");
print_r($msg);
}
}
Output is generated by removing the // comment before appendToUA2ErrorLog commands, flushed by flushUA2ErrorLog.
- Opening of Site/Login gives output which on both versions a similar (difference is only a prefix WEB and XAMPP respectively).
- logging in, the WEB-version remembers the user: admin, the XAMPP version stays unauthorized (admin!).
- All SESSION variables XAMPP-version (except of CacheStarttime) have 'vanished'?
I am chasing the place where SESSION is cleared (unexpectedly).
originally entered at standalone page UserAuth2Devel (deleted)
Deprecation error on PHP 7.0
PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; UserSessionVars has a deprecated constructor in /home/paul/wwwroot/w/cookbook/userauth2/UserSessionVars.php on line 109, referer: https://sikkepitje.nl/Tech/Tech
I am no PHP god.. Anyone knows a quick fix to this?
PaulWiegmans februari 24, 2017
You may replace line 133 in userauth2/UserSessionVars.php
function UserSessionVars() {
by
function __construct() {
See http://php.net/manual/en/migration70.deprecated.php
mfwolff 2017-03-04