01090: Can't add password protect

Summary: Can't add password protect
Created: 2009-04-21 23:32
Status: Closed - not a PmWiki bug
Category: Bug
From: Simin
Priority: 4
Version: 2.2.1
OS: Windows xp

Description: I've been trying and trying to get ANY for of security working on my pmwiki site. I'm a novice when it comes to coding but I think there may be something wrong with my crypt file. the '?action=crypt' function gives me no encrypted password.Below is what I get trying to encrypt 'secret'

Encrypted password =

To set a site-wide password, insert the line below in your config.php file, replacing 'type' with one of 'admin', 'read', 'edit', or 'attr'. See PasswordsAdmin for more details.


Could this be why both the '$DefaultPasswords['type']= crypt('typepassword');' function in config.php and the 'user: $1$ED3tibsz$ac1mwKooTdwNYIwxVgZ.0/' function in AuthUser aren't working?

Interesting development: I've just checked on the status of this query from a different computer and noticed that my example above of the authuser coding has been encrypted. I'm not sure if it did that when I posted it but that is the first time I've seen the encryption work. Does that help?

Doesn't this code below work for your wiki?

  $DefaultPasswords['edit'] = crypt('your-password');

It should set a password ('your-password', without the quotes) to edit any page. AuthUser should be enabled in order to work (and in that case, 'your-password' will still work, without typing a username in the login form). --Petko April 22, 2009, at 08:33 AM

Nope. I just copy & pasted the code into the config.php to make sure it was right but I can still edit without any password. And I haven't logged in at all today either, in case you were wondering. '?action=crypt' still gives me nothing either.

Strange. I have seen this rarely, if there is some mis-configuration in config.php. What additional recipes do you have enabled? The $DefaultPasswords part should be near the beginning of config.php, before "including" other scripts or recipes, and notably before calling CondAuth(). Is the site public and could I look at it? Adding $EnableDiag=1; to config.php may be useful. --Petko April 22, 2009, at 07:17 PM

pmwiki.php?action=crypt (click here) displays a form allowing you to encrypt your password. --Petko April 22, 2009, at 07:20 PM

The address is http://totallytechnical.com.au/pmwiki/pmwiki.php

I've only got the wiki title code before the password code. BTW what is a good & simple way to take the site offline (after you have had a look) till I secure it better?

I investigated and found a documented bug with the Suhosin module v. 0.9.22 which is exactly what you use. Not much to do, except upgrading PHP, or disabling Suhosin, or changing your hosting provider. Note that other software will have similar issues with the same hosting. (Also, sometimes you can use PHP4 instead of PHP5, it might work better.) To lock the wiki, you set $DefaultPasswords['edit'] = '@lock'; but you too will be unable to edit it. --Petko April 22, 2009, at 10:04 PM

Thanks for the help. I'll give my provider a call.