This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the issue tracker at Github.

Closed
Won't implement

FS#414 enable user accounts with null passwords

ACL & Authentication

2005-06-21 kam

We decided we wanted our user accounts to all have the null string as their password.
This makes sense when the wiki is run in a protected multiuser environment where all
users are trusted (we decided that the password was an initial barrier to use/adoption).

I set up users.auth "by hand" but was stuck when Dokuwiki would automatically logout
the user the minute he tried to edit.

The following patch to auth.php seems to "fix" this, but my feeling is that maybe there
should be a configuration variable which enables this (that behavior _was_ a feature,
right?)...

--- auth.php 2005-06-21 09:34:12.000000000 +0300
+++ auth.php.orig 2005-05-07 12:22:55.000000000 +0300
@@ -97,7 +97,7 @@
// get session info
$session = $_SESSION[$conf['title']]['auth'];

- if($user){
+ if($user && $pass){
// we got a cookie - see if we can trust it
if(isset($session) &&
($session['user'] == $user) &&
2005-06-21 kam
after looking at how the patch got clobbered
by the formatting, I'm attaching it as a file,
also...
- dokuwiki.patch application/octet-stream
2005-07-05 kam

In the case that null string passwords are wanted, it would be nice if the
config variable (or an additional config variable) would automatically change
the registration dialog so that
all the passwords issued are null strings and the dialog itself informs
the user of this rather than (or in addition to) sending email.