[dokuwiki] Re: Warning message if not logged in

From: Gina Häußge <gina@xxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Wed, 29 Oct 2008 19:12:27 +0100

Hello there,

Frank Thommen wrote:
> I, too, have noticed this.  In our setup it happens, when I am
> authenticated through the webserver and have the same username but a
> different password for DokuWiki or if my username is different from any
> DokuWiki login.
> 
> When I set my DokuWiki password to be identical to the webserver
> password, I'm automatically logged in to the wiki if the username is the
> same.

This behaviour was fixed in the current development version [1][2]. If
you don't want to update to "bleeding edge", you might want to simply
remove the lines

  // if no credentials were given try to use HTTP auth (for SSO)
  if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) &&
    !empty($_SERVER['PHP_AUTH_USER'])){
      $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
      $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
  }

from your inc/auth.php, that should fix it as well.

The login credentials as entered through the webserver's authentication
dialog are btw provided to DokuWiki (or any script for that matter) via
the server environment, SSL happens "earlier" and has nothing to do with
those internals.

Greetings,
  Gina

[1] :
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commit;h=20081012131042-2b4f5-029f4f0ffa6c89e23653584c8bb41db78834cc73.gz

[2] :
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commit;h=20081012131125-2b4f5-8270c19ba0e164de7b83188ad8955cc3a7ef6275.gz

References:

[dokuwiki] Warning message if not logged in
From: Jerry Schwartz

[dokuwiki] Re: Warning message if not logged in
From: Frank Thommen

[dokuwiki] Re: Warning message if not logged in

Other related posts: