This is a talk page for improving Passwords.

There's a little bit "over the top" FUD with regards to conditional markup surrounding auth. Perhaps instead of scaring users away, a page could be setup to describe how this can be done safely? It's not that hard.


It is not very responsible to call an actual danger FUD (disinformation strategy disseminating negative and dubious or false information in an appeal to fear). See Test.CondAuthNotLocked for 3 easy ways to circumvent any conditional. --Petko July 22, 2017, at 05:10 AM

@ccox In case Petko's demo didn't convince you, could you elaborate on how you think it could work safely and "not that hard"? In case a secure method exists, we can probably reduce the warnings. In case the method turns out insecure, it might help us improve the warnings to avoid the impression of FUD.
Sven August 05, 2017, at 01:12 PM

How do I/Can I make the read permission for a discussion page (Talk/{$Group}-{$Name}) automagically mirror the read permission of {$Group}/{$Name} at least when the Talk page is created by following a "Discuss this page" link?

LarsEighner October 12, 2011, at 10:24 PM

From the page: To enter pass phrases or passwords with spaces in them simply quote them, eg

"My s3cret pass frase#
note this change was done by PM some time ago for me simon October 04, 2009, at 12:30 PM

What to do if wiki-sessions do not work?

I tried the solution above; and the browser get the sessions. But still I can use authorisation of one wiki for another wiki...

Are passwords sent in the clear? What is the method by which passwords are encrypted and transmitted?

Is there a way to remove the username field when requiring passwords for a page?

I found a way to do it for the entire wiki but not for individual pages yet. Go to the wikilibd directory and look for the file "Site.AuthForm". Towards the very bottom of the page you will see a section of code that looks like this:

    "text='''$[Password required]'''%0a(:messages:)%0a(:if enabled 
    InvalidLogin:)* $[Name/password not recognized]%0a(:if:)%0a(:input 
    auth_form:)%0a(:if enabled EnableAuthUser:)$[Name]:(:input text 
    name=authid:)\\%0a(:if:)$[Password]:(:input password name=authpw:)%0a
    (:input submit value='OK':)%0a(:input end:)%0atime=1135895744"

Simply remove the

    "$[Name]: (:input text name=authid:)\\%0a(:if:)"

section on the second line right before the password input.

Don't modify the files in wikilib.d. You should just edit the wiki page Site.AuthForm on your wiki, and remove the line $[Name]:(:input text name=authid:). Note, however, that PmWiki displays the Name: field only if you have enabled AuthUser, and you actually need to enter user names. --Petko February 14, 2009, at 04:41 PM

If you do remove the username box, or delete Site.AuthForm.php altogether, you might have trouble making the password box work on its own. I found one solution when I inserted the words authuser='' directly on the source file at the top of the pages in question. Though it's no big deal to do so on hundreds of pages at a time by using SearchReplace, it appears that making the addition or change on just one page, perhaps Main.HomePage, will open the whole site to being accessed with just, or only, a password. Leaving the target blank, or authuser='', has the same effect as empty quotes do in config.php (and I'm going to try coding this trick in that file, again); that is, the page opens with just a password filled in, even if the user login field is empty or doesn't exist through removing the lines specified, as stated above. If you want to do your whole wiki.d directory, (not necessary in the case I just tried) just download it with ftpCommander, and use HFTP (Handy File Tool), to add the line across the site and re-upload the edited files. Other file managers will require PmWiki files to be zipped as unauthorized file types, and you will have to temporarily delete the htaccess file to unzip them (sometimes this works, and other times it doesn't. Sometimes you can add files to wiki.d by inflating a zipped folder named wiki.d containing the files at the pmwiki.php site level. It all depends on what changes you've made along the way.

Is there a web admin form for GroupAttributes?action=attr pages? I have a number of group pages and was wondering if there is a web admin form (somewhat like the HtpasswdForm) that would enable me to manage groupattribute passwords for each group easily? Thanks!

Why do I doesn't see any password in my local file for "read" and "edit", and in spite of that, my wiki is always asking me for a password ?

You seem have used once the ?action=attr . Then, you should again used that way to cancel it.

This is a talk page for improving PmWiki.Passwords.