Not logged in. · Lost password · Register

All posts by jossif (10)

topic: Disabling ?do=check  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #1
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: Found it
local.php

$conf['disableactions'] = 'debug,check';

It will be good to have this set as default in the dokuwiki installation.

-- Jossi
topic: Disabling ?do=check  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #2
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: Disabling ?do=check
How do I disable ?do=check

I do not want users to find out the info displayed by do=check

-- Jossi
topic: How to insert the name of user in page?  in the forum: General Help and Support Plugins
Avatar
jossif #3
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 2766
Thanks, Chi.

That plugin does it.

- Jossi
topic: Custom auth backend (Problem getting groups)  in the forum: General Help and Support Features and Functionality
Avatar
jossif #4
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: Custom auth backend
I have implemented a custom auth backend using the basic.class.php

I am using the trustExternal function, and everyuthing works well, except that groups are not recognized.

This is what I am doing, after fetching the user's record from  my database:


$fname              = "$row[fname]";
$lname              = "$row[lname]";
$email             = "$row[email]";   
#Groups are stored in my database as a comma separated list:       
# such as "user,admin,team"
$grps             = explode (",","$row[grps]");       

#set the globals for dokuwiki

$USERINFO['name'] = $fname . " ". $lname;
$USERINFO['mail'] = $email;
$USERINFO['grps'] = $grps;           
$_SERVER['REMOTE_USER'] = $user;
$_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
$_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;


What is happening is that I can login OK, but then any page I try to access, it gives me an access denied. If I  go back to plain auth, and the user has same groups, it works OK.

What I am doing wrong?

-- Jossi
topic: www writable security risk?  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #5
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: www writable security risk?
Is there a security risk in having dokuwiki directories being writable by www?

I just found a roge php script in one of these directories (a Russian cpanel script)

-- Jossi
topic: How to insert the name of user in page?  in the forum: General Help and Support Plugins
Avatar
jossif #6
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: How to insert the name of user in page?
I need to be able to automatically add to a page the name of a user. Similar to what the signature does.

Something along the lines of [[user:@USER]] that will render on the page as [[user:John Smith]]

Is this possible? Is there a plugin for this?

-- Jossi
topic: SSL problem? (I get intemitent access problems on SLL)  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #7
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: SSL problem?
:(
I am experiencing a frustrating issue with dokuwiki. If I access the site via http, it works fine. But when I try via hhtps it hangs intermittently.

Has anyone experienced such a problem?

-- Jossi
topic: IP Address Verification (Problem with IP address verification)  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #8
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 2729
Thank you.

I removed the IP from the function and all works well now.

-- Jossi
topic: IP Address Verification (Problem with IP address verification)  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #9
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
In reply to post ID 2722
The load balancer in this case is at the client side and not at the server side, Andi.

I have several users that have load balancer in their premises, usually 2 to 4 Internet connections each =via a different IP address. The IP addresses are all on different ISPs so the netblocks are all different.,

So, if I edit the auth_browseruid().
function auth_browseruid(){
  $uid  = '';
  $uid .= $_SERVER['HTTP_USER_AGENT'];
  $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
  $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
  $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
  #$uid .= substr($_SERVER['REMOTE_ADDR'],0,strpos($_SERVER['REMOTE_ADDR'],'.'));
  return md5($uid);
}

and comment that last line, will resolve my problem?

But what about locks? I can see that the lock/unlock mechanism uses also the IP address of the client.


-- Jossi
topic: IP Address Verification (Problem with IP address verification)  in the forum: General Help and Support Installation and Configuration
Avatar
jossif #10
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: IP Address Verification
I can see that DW uses some kind of IP address verification of the logged in client for security reasons. The problem is that it breaks when you are using a load balancer (in which the web browser can be using two simultaneous http sessions, each with a different IP address.

I also breaks on fast switching proxies in which IP addresses can change rapidly.

Is there a way to disable this aspect of DW?

I can see a function in common.php: function clientIP and another function in auth.php: auth_browseruid.

Any help in disabling the use of client IP addresses during auth and creation of cookie will be appreciated.

-- Jossif
Close Smaller – Larger + Reply to this post:
Special characters:
Special queries
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2020-01-27, 18:59:15 (UTC +01:00)