2006-12-13
jonb
Hi,
In upgrading from 2006-03-09d to 2006-11-06 I find authentication
via htaccess is not working.
I am using apache to do LDAP authentication, and then
htaccess class ([url]http://wiki.splitbrain.org/wiki:tips:htaccessauth#the_htaccess_class[/url])
to get authenticated users from apache.
It worked just fine for 2006-03-09d!
The dokuwiki 2006-11-06 symptom is...
[quote]
Permission Denied
Sorry, you don’t have enough rights to continue. Perhaps you forgot to login?
[/quote]
In apache's ssl_error_log I get lots of the following...
[quote]
[client 15.144.122.122] PHP Warning: Illegal offset type in /home/wwwrnd/public_html/dokuwiki-2006-11-06/inc/auth.php on line 384
[client 15.144.122.122] PHP Warning: Illegal offset type in /home/wwwrnd/public_html/dokuwiki-2006-11-06/inc/auth.php on line 389
[client 15.144.122.122] PHP Warning: Illegal offset type in /home/wwwrnd/public_html/dokuwiki-2006-11-06/inc/auth.php on line 394
[/quote]
Looking in auth.php I see ...
auth.php (2006-11-06)
---------------------
(lines 384, 389, 394 **)
[code]
function auth_nameencode($name,$skip_group=false){
global $cache_authname;
$cache =& $cache_authname;
** if (!isset($cache[$name][$skip_group])) {
if($skip_group && $name{0} =='@'){
$cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",substr($name,1));
}else{
** $cache[$name][$skip_group] = preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",$name);
}
}
** return $cache[$name][$skip_group];
}
[/code]
auth.php (2006-03-09d)
----------------------
[code]
function auth_nameencode($name,$skip_group=false){
if($skip_group && $name{0} =='@'){
return '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",substr($name,1));
}else{
return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",$name);
}
}
[/code]
Assuming the fault lies in the parameter $name,
Looking back in the code, it appears that auth_nameencode() is called with $name set
to $_SERVER['REMOTE_USER'].
From the debug output, REMOTE_USER is set to "jon.buckingham_hp.com" (seems reasonable)
for both 2006-03-09d and 2006-11-06 dokuwiki's.
Relevant local.php configs are...
[code]
$conf['authtype'] = 'htaccess'; //which authentication backend should be used
$conf['useacl'] = 1; //Use Access Control Lists to restrict access?
$conf['openregister'] = 0; // Since you are using Basic HTTP Registration, i think openregister will not work .
$conf['htaccess_defaultgrp'] = "guest";
if (isset($_SERVER['PHP_AUTH_USER']) and !isset($_SESSION[$conf['title']]['auth']['info'])) $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
[/code]
Any ideas?
Thanks,
Jon B
2007-01-04
loxley
Same problem here.
This will fix it:
Index: inc/auth.php
===================================================================
RCS file: /usr/local/cvsroot/dokuwiki/inc/auth.php,v
retrieving revision 1.5
diff -u -r1.5 auth.php
--- inc/auth.php 4 Jan 2007 11:18:04 -0000 1.5
+++ inc/auth.php 4 Jan 2007 11:37:54 -0000
@@ -385,17 +385,17 @@
global $cache_authname;
$cache =& $cache_authname;
- if (!isset($cache[$name][$skip_group])) {
+ if (!isset($cache[(string)$name][$skip_group])) {
if($skip_group && $name{0} =='@'){
- $cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+ $cache[(string)$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",substr($name,1));
}else{
- $cache[$name][$skip_group] = preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+ $cache[(string)$name][$skip_group] = preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
"'%'.dechex(ord('\\1'))",$name);
}
}
- return $cache[$name][$skip_group];
+ return $cache[(string)$name][$skip_group];
}
/**