Category: User Administration (Registration, Login & Banning)

Request passcode to register: fails.

Example 1: (Still broken?) I toggled on "Request passcode to register:" and "Prevent automatic/robot registration:", as well as "user tracker" selected at registration time, and after the registration steps, and filling the user tracker information, I get the message (like): "Register code not valid. You need to know the register code to register in this web site" (approx)

Tried three times with different browsers and users names (and double checking the passcode to register): same effect.

When I toggle off the "Request passcode to register:", then everything works fine.

Example 2:
Request password to enter = on
User tracker (for registration) = on
...initial screen of choose name, enter password and email works.
...second screen with user tracker info fails on submit.

Tested with:
1. Passcode only - Success
2. Passcode & email verification - Success
3. Email verificaton & user tracker - Success
4. Passcode & user tracker - Fail

All I really need is Passcode & user tracker to work together!

I can't login to http://wiki-translation.com (using 1.10svn from june'08) with my openid account
http://xavidp.openid.es

I successfully used that openid account months ago to create a linked tiki account here (xavidp), but it seems that currently it doesn't work. Using the openid box I get the error:

"Authentication error; not a valid OpenID."

Maybe openid is broken? We are using kubrick theme there...

Ask for a new password on tikiwiki.org

You will see you have to click two links

1. to reset your password
2. to login with temp password (this link is missing http://)

"new user registration" has problems.
Problemss stated for TIKIWIKI 1.9.8.3 tried on newest PHP versions 5.2x (+newest MySAL)
- Fantastico install of 1.9.8.3 also concerned. -

It is either a config error by admin, or a problem of latest stable TIKIWIKI (Oct. 2007) with neweset versions of PHP, or something similar. Various tests + details are described - please visit the links below.

Hopeful to get opinions on this before going on with my tests.

If it is not a software bug, then it would at least probably be an aspect about the ergnomics of instructions. When this problem will be settled and if found of general interest, I will perhaps add the experience to the TIKIWIK docs.


Details are in the FORUM: Architecture/Installation :
http://tikiwiki.org/tiki-view_forum.php?topics_offset=1&topics_sort_mode=commentDate_desc&forumId=6

There the item:
"Register as a new user" does not excecute - config error? or bug in v.1.9.8.3 ?" :
http://tikiwiki.org/tiki-view_forum_thread.php?comments_parentId=27095&topics_offset=3&topics_sort_mode=lastPost_desc&forumId=6

Hi,

I think there is a usability bug when the option "Re-validate user by email after unsuccessful logins" is selected.
After x unsuccessful logins, the user gets an email with a link like :

http://www.mydomain.com/tiki/tiki-confirm_user_email.php?user=xxxxxxx&pass=yyyyyyyyyyyyyyyyyyyyyy

When following this link, the user gets the message: "This feature is disabled". Nothing is clear on what to do next, if one's account is still valid or not, and how to change one's password if forgotten.

Tikiwiki version used: 2.2
Options selected:
* Crypt password method: crypt-md5
* Validate users by emails: yes
* Registered Users can change password : yes
* Re-validate user by email after unsuccessful logins: 3

This is a new feature arrived in BRANCH-1-9

1. add feature_print and checks
2. add tiki_p_print and checks

---
The above problem-description makes no sense... please look at tw#74 for that
---
Problem rephrased:

The "Source" button is currently dependant on tiki_p_view_history - it should have a perm of its own.

We had just reconfigured the disk to RAID1 and backed up mysql, tiki, and php on our linux box.

Now, we are getting "Page cannot be displayed" after we edit the homepage and try to save it. It is happening on tiki-editpage.php but it is there. The permissions are 644 apache.

The second thing seen is the forums messages can't be accessed anymore.

Does anybody have experience with these problems? Any suggestions? Perhaps we should re-install all the software.

Using 1.10cvs from August 1st, 2007.
On easyphp-1.8 environment (thus, Window$ XP)

Steps I did:
* updated cvs code
* called tiki-install.php to create a new clean install over an old tiki110cvs databse (assuming it deletes all tables and re-creates them as needed), using basic profile for easy use
* installation says eveything ok, no sql queries failed.
* login to new site as admin/admin
* change password to another string (simple string with only letters, between 6 and 8 chars. in all my attempts)
* after password is changed, error produced:
** I cannot login to the site. Using the right admin/pass., I see the homepage again as anonymous (so I'm not logged in).
** If using a wrong pass, I see the user/pass error message.

Tried reinstalling several times with different passwords, no success.
* the funny thing is that the new admin pass. seems to be recorded ok, since I can re-access the tiki-install.php using that new admin password.

Using 1.10cvs from mid june 2007

I'm using the "Admin > login > Use tracker for more user information"
Created a simple tracker, with some fields, including the "username" field, but not the email, right now, since that was already introduced in the first registration screen.

2 improvements would be needed/very welcome:

(1) Username was not assigned to the item in the user tracker, even if the user had selected a username in the previous screen (first registration screen - tiki-register.php).

(fyi: later on, When I, as a registered user, edited my item afterwards, the username info was well selected automatically).

(2)
This user info tracker (tracker id 1) had those fields:
^
~pp~
Id position name type options isMain Multilingual Tbl vis Searchable Public Hidden Mandatory Description
1 edit 10 Nom text field 1 y n y y y n y Nom de la... remove down
2 edit 20 Cognoms text field n n y y y n y Cognoms de... remove down
3 edit 30 Usuari user selector 1 y n y y y n y Nom... remove down
4 edit 40 Telèfon text field 1,50,,,50 n n n y y n n Telèfon/s... remove down
5 edit 50 Correu-e email 1 n n n y y n n Correu-e... remove down
6 edit 60 Barri / Població textarea 1,50,10,1000,1000 n n n y y n y Barri i... remove down
7 edit 100 Foto image 80,80,400,400,400 y n y n y n n Fotografia remove down
8 edit 200 Comentaris textarea 1,50,10,1000,1000 n n y n y n n La teva... remove down
~/pp~^

At "Admin > login > Displays UserTracker information in user information page. Format: trackerId, fieldId1, fieldId2, …:", these was the field content:

^
1,1,2,4,6,7,8
^

I also tried includind field 3 - the user selector - (i.e.: 1,1,2,3,4,6,7,8), but similar effect: I couldn't see the username shown in the second screen, and It was not set on the tracker (confirmed as admin user)

I would like a way to invite people to come to a Tiki site after I have added their login. (different of the use where people self-register)

Right now, I simulate a lost password message (which I customize).

Maybe this could become a new feature available to admins when

1- after a successful user creation at tiki-adminusers.php
2- when administering a user account
3- from : tiki-adminusers.php with the batch command to send to many new users.

The system would send an email with a one-click login and be sent to the user tracker
tiki-view_tracker_item.php?view=+user

Person who triggers this email alert should be in BCC. (to have a trace). Even better would be to have this logged somewhere but this could be for phase 2.

We could have a new mail template in templates/mail/welcome_message.tpl or in a wiki page (better!)


What do you think?

An attempt to log in using PAM (php-auth-pam) gives the following error message:

Notice: Undefined variable: error in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554

Warning: Error variable must be passed by reference in /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php on line 554

Warning: Cannot modify header information - headers already sent by (output started at /var/www/tikiwiki/tikiwiki-1.9.7/lib/userslib.php:554) in /var/www/tikiwiki/tikiwiki-1.9.7/tiki-login.php on line 292


I'm using:
- php5-auth-pam-0.4-9.2 (Debian package)
- tikiwiki-1.9.7 (source)

Using 1.10cvs from mid june 2007.

Using 2.0 RC2 August 2008

Request passcode to register: fails.

__Example 1:__ (Still broken?) I toggled on "Request passcode to register:" and "Prevent automatic/robot registration:", as well as "user tracker" selected at registration time, and after the registration steps, and filling the user tracker information, I get the message (like): "Codi de registre no vàlid. Necessites saber el codi de registre per donar-te d'alta en aquest lloc web" (catalan)-> Register code not valid. You need to know the register code to register in this web site" (approx)

Tryied three times with different browsers and users names (and double cheking the passcode to register): same effect.

When I toggle off the "Request passcode to register:", then everything works fine.

__Example 2:__ (mlpvolt)
Request password to enter = on
User tracker (for registration) = on
...initial screen of choose name, enter password and email works.
...second screen with user tracker info fails on submit.

Contributors

When a new user registered with anti-bot and user tracker for more user information getting error message that registration code is invalid.

Here are steps to reproduce the problem.

1) Setup user information tracker with couple of fields.
2) Go to registration page
3) Enter registration details and click 'register'
4) This will take you to new screen where user tracker information needs to be filled.
5) Once you fill the user tracker information and click 'Save'
6) You will get error message that registration code is invalid

"Password Strength Checker is an application that is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits of faulty password formulation. Since no official weighting system exists, Password Strength Checker has created its own formulas to assess the overall strength of a given password."
http://www.webappers.com/2008/03/17/integrate-password-strength-checker-into-registration-forms/

We would need something like this, but LGPL

#check who did it
#decide new default setting

Are upgrades affected?

I have encountered a few snags after upgrading from Tiki 1.9.11 to 2.0

One of the problems is that I am unable to register / add users, because of the following error message:

An error occured in a database query!
Unknown column 'email_confirm' in 'field list'

This happens on
tiki-register.php (registration) and tiki-adminusers.php (batch upload / add)

Is there a fix for this?

Seems like Tanzania keeps falling out of the country list. This was the case some years ago. Might as well add Swahili as a language option if applicable.

I have an error when I try to add a new user:

{img src=images/code.png}%%% {CODE()} Context:
File tiki-adminusers.php
Url tiki-adminusers.php
Query:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values(?,?,?,?,?,?,?,?,?,?,?,?,?)
Values:
0 trenad
1
2 n.trepanier@rrsss16.gouv.qc.ca
3
4 1224014104
5 $1$98TWiy55$sm3YVgaZTDG8wTR6O9kvz0
6 1224014104
7 1224014104
8 1224014104
9 NULL
10 NULL
11 NULL
12 NULL
Message:
Unknown column 'email_confirm' in 'field list'
Built query was probably:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values('trenad','','n.trepanier@rrsss16.gouv.qc.ca','','1224014104','$1$98TWiy55$sm3YVgaZTDG8wTR6O9kvz0','1224014104','1224014104','1224014104',NULL,NULL,NULL,NULL){CODE}

Do you guys have any idea what is happening.

User set forum style as Plain and save it after next login style is Threaded again.

Contributors

Contributors

I have been having problems upgrading from previous versions and decided to install a new blank install of v7. Everything works fine until I try and log in with the admin user name and password I created during the install process. I receive a message that cookies need to be enabled. This is not a message that I have had before on any prior versions and cookies are definitely enabled in my browser. I have tried with Chrome, FireFox and IE and the problem is the same on v7. I have seen various discussions on this topic in the forums but it seems there is no resolution for this one and no clear answer as to what is causing it. My URL's have no ~ in them.

The login window in Tiki7, using the Fivealive Theme, and when using the "Register" and "I forgot my password" features, those two link options are too close together unlike in Tiki 6.x.

In v6 those options were horizontally side-by-side. In v7 they are stacked vertically. When pointing directly on the text for "Register" the option "I forgot my password" is selected. To select the Register option, you have to move the pointer above the "Register" option to activate that page.

This happens regardless of OS or browser as I've tried it in XP Pro (32bit) using Firefox 5, Win7 Ultimate (on a 64 bit virtual machine), using Chrome and Firefox5 and Ubuntu 10.4 (32bit), using Firefox 5, Konqueror and Chromium.

Though I've been able to figure out where to hover the pointer to make the appropriate selection, my site visitors aren't likely to figure that out and leave the site out of frustration.

Does the "Users Information Tracker Fields Asked at Registration Time" work for someone in 6.1? it used to work in 5.x. not pretty.

This feature was not particularly important if the trackers with registration="y" would work nicely. Read more here.
[http://irc.tiki.org/irclogger_log/tikiwiki?date=2011-01-08,Sat&sel=52#l48|http://irc.tiki.org/irclogger_log/tikiwiki?date=2011-01-08,Sat&sel=52#l48]

1 click to add a login box instead of using the login module.

A user with all forum-perms except tiki_p_admin_forum can edit any forum post.
That shouldn't be like that..

A user is subscribed to a forum. Everything works fine (no messages are sent by the server to blank email addresses).

An admin deletes that user.

When a new message is posted to that forum, there is a message sent to a blank address, which is then returned to the server users from which the posts where sent.

It seems as if the forum still tries to send a copy of the post to that user, but has no address to send it to, since the user was deleted.

I can't seem to get the self registration of a new user to work in a new install of Tikiwiki 4.0. I can do the self registration, and get the email to validate, and can even successfully validate the account. However, once validated, any subsequent time I try to resign on, I get "Error" page showing "Account Disabled".

If admin account validation is enabled, Admin receive mails to confirm users registration.

But, if the admin is logged (with its own account) on tiki when he clicks the confirmation url, the user is not well-registered (provpass is still there in DB).

Whereas if he is not logged on, the registration works well.

Ex.:
tiki-adminusers.php?group=Editors


It will make it easier to manage groups.

You cant set it that individual polls can be set to viewed by only certain groups.

~~#c00:UPDATE 1-APR-2010 - An out-of-the box TW 4.2 install no changes to login parameters leads to a non-functional validate-by-email feature when adding users. The user receives an email with a link containing the user name in plain text and an encrypted password that appears to be invalid. Oddly, if the user clicks the "I forgot my password" link, then they are permited to choose a new password, without having to submit (or even know) the original password. Tiki 3.3 and 3.5 are working great with respect to emailing links to new users, then logging them in with the encrypted (tiki-generated) password, then forcing them to select their own password. With respect to 3.3 I have made changes to the login configurations. With respect to 3.5, however, I have not changed anything, but it still works great emailing the first-time-user a link with an encrypted password, and having that password work.~~

See the attached document for a step-by-step recreation of the problem. New 4.1 install, only minor configuration of login - requires both letters and numbers in password.

Add new user with generated password, and user must change password uupon first login leads to error when user attempts to do so.

User Email Confirmation: Confirming or not confirming the user's email address has no effect on this bug.

Minimum password length: password length (tried 1 and 6) has no effect on this bug.

Password - letters or letters and numbers: seems to have no effect on this bug.

I have upgraded from 1.9.11 to 2.0 and now I cannot add users manually in "Admin users"

I get the following error when adding user "testuser" with pasword "testuser" as an example...

An error occured in a database query!

Context:
File tiki-adminusers.php
Url tiki-adminusers.php
Query:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values(?,?,?,?,?,?,?,?,?,?,?,?,?)
Values:
0 testuser
1
2
3
4 1220738236
5 $1$opJz3I9u$Qcgr2S0jFBIBklNAdZyv60
6 1220738236
7 1220738236
8 1220738236
9 NULL
10 NULL
11 NULL
12 NULL
Message:
Unknown column 'email_confirm' in 'field list'
Built query was probably:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values('testuser','','','','1220738236','$1$opJz3I9u$Qcgr2S0jFBIBklNAdZyv60','1220738236','1220738236','1220738236',NULL,NULL,NULL,NULL)

If I create a new group in tiki-admingroups.php, and want to add a user, I must go to tiki-adminusers.php

I should be able to add users to groups from tiki-admingroups.php, with a drop-down (if < 500 users) or a search username box (if users > 500) , or something like this...

When I set the site to closed in the general admin, I then can not login to open the site.

I had tested this successfully in version 3.3, but now with the upgrade to version 4.0 it does not seem to work. Here are the steps to recreate the issue:

1. Set up a TikiWiki so that users need to be validated by an Admin prior to actually logging in.

2. Register as a new user and get the following message:

Your account request has been stored and will be activated by the admin as soon as possible.
You'll receive email notification once your account is activated.
Please do not attempt to login until you receive the email notification.

3. Log in as 'admin' and navigate to Users page of admin tools. Push the round green checkmark graphic which has a hover display that says "Validate user: junkman". It sends me to this URL:

http://www.mywebsite.info/tiki-login_validate.php?user=junkman&pass=n

On that page the site returns a simple dialog box that says "Invalid username or password". Who's username & password? The Admin's?

At this point it wants to redirect me to the home page and I cannot get these new users validated.

On the Admin section -> Log In -> Authentication method: Tiki

The setting Users can register is uncheck.
All the sub setting are hidden but some setting seams to still applied.

Example : If "Validate new user registrations by email" is checked the user will be forced to validate his email.

After some bad experience (ours and from other users), Rick (Rick99) and I suggest:

^RFE should be that the following username should __not__ be changable or deletable:
* __admin__

And the following groupnames should __not__ be changable or deletable:
*__registered__
*__anonymous__

Additionally, there should be a usergroup __administrator__ that has ''all'' permissions. This would allow Tiki-admins to easily create new Admin logins, with their own usernames.
^

__added: ensure password reminder works out of the box__

A couple of usability issues could be fixed here.

a) remind/reset passwords is off by default - should be on?
b) no email is set on admin by the installer

this would prevent most newbie lost admin password issues i think. - mlpvolt


Last [http://tikiwiki.org/tiki-view_forum_thread.php?comments_parentId=24817&topics_threshold=0&topics_offset=0&topics_sort_mode=lastPost_desc&topics_find=&forumId=2|thread about it at tw.o here]


Related issue: http://dev.tikiwiki.org/tiki-view_tracker_item.php?trackerId=5&itemId=1074

I often want to edit users that request registration (such as add them to a group). It would be nice if the "user validated" page had a link to the page to edit that user's settings.

new user can register but after admin validate his account user can't login because have no password in database

version: tikiwiki 1.9.9 - sirius
conf: allowRegister=y ; validateRegistration=y ; validateUsers=n

The group members tab is falsely capped, only displays 24 members, more exist in group when you check the admin>users screen.

It would be lovely to set some new user defaults at
* Admin (home) > Login > User defaults, and/or
* Admin > Groups > (Edit a single group)

The ability to Subscribe/watch/monitor new users in the site or to that specific group, to specific Tiki objects.

Which tiki objects?: I would say, in this order:
# specific forums
# specific blogs
# specific calendars
# specific newsletters (ML: we can already subscribe groups to newsletters)
# specific wiki pages
# specific structures
# specific trackers
# specific categories
# new articles

This is specially useful for new users of the site, where they don't know yet how to subscribe to specific areas, etc. Very needed for educational scenarios, but I can see many other places where new users are a bit lost for some time while they learn how to use the Tiki site.

Related:
*[wish988|Forum: Let forum admins/moderators add groups and/or users as watching the forum]
*[tiki-index.php?page=Business%20Plans|Let small business start ups access collaborative sharing where the document being shared is not visible by anyone else]


Anywhere there is a watch eye, it should be possible for an admin to have group members watch this category

On a new installation of TikiWiki 1.9.4 (installed via Fantastico on a LAMP server), I get the following error:

Notice: Only variable references should be returned by reference in /home/hocho/public_html/wiki/tikiwiki/lib/adodb/adodb.inc.php on line 834

Warning: Cannot modify header information - headers already sent by (output started at /home/hocho/public_html/wiki/tikiwiki/lib/adodb/adodb.inc.php:834) in /home/hocho/public_html/wiki/tikiwiki/tiki-adminusers.php on line 414


All I did was create a new group and try to assign the group to a new user.
I also don't know why it is using ADOdb when I am using MySQL.

All other functionality of TikiWiki seems fine.

Hello,

As I told about, after upgrading from 4.2 (I am testing from 4.3) many errors occurs. This theated in a glabal way in id4377.

After connecting as administrator if you submit "Users management" and try to modify a user preférences you will reach a

__fatal error__ :

Table "<your database>.tiki_trk_1" missing

You will find joined the htm saved from "page source code"

I've set up a user tracker at registration time on tw.o, when TwCOmmunity group is chosen between the two listed right now at registration time.
http://tikiwiki.org/tiki-register.php

This tracker mainily requests selecting a checkbox to indicate that the user understands and will follow the rules and guidelines of TW Community, etc.

I've set up a user field at that tracker, so that we can see when each users decided to join TW Community by selecting that checkbox. And while the compulsory checkbox is not acting as compulsory (due to bug), which users did accept and which ones didn't accept.
http://tikiwiki.org/tracker8

Wishes:

# Option to allow deleting any user that was registered more than N days ago, and who still hasn’t passed the email validation step and/or the admin approval stage. Or through multiple selection of those users and click on "action on selected" delete. (ionce they are properly filterable). Wish from Alain.
+.
# Option to resend the confirmation email to the selected users
(in one server where we had intruders from time to time, and sys admins blocked php mailing for weeks, many users probably didn't get the validation email... And nowadays, I don't know how to split myself the requests by bots from the real users willing to join. I recently discovered (after upgrading to tiki 4.1 las week), that that site accumulated more than 100+ users like this...., among 500+ users in total. Wish from Xavi.

When enabled feature_search it is possible for
Anonymous user to read protected pages via
special search request

Just try "a" or any other word that is in hidden
or protected area in search box - tiki-
searchresults.php give U text from hidden
pages

from tiki-searchresults.php



http://tikiwiki.org/tiki-view_forum_thread.php?
topics_offset=0&forumId=4&comments_parentI
d=16071

Any registed user can use "Switch User".

I think this is very important, because everybody is able to be admin. :-(

Or can i dit a Misconfiguration? I dont think so.

---

today i see, everybody IS admin! (but i don't assign admin-perms to these users)

---

I found the Problem:

if i have tiki_p_search-permission so i have all "tiki"-perms too :-(

- How can i configure a group (or all users / anonymous) that they can use "search" (most important function of a wiki, i think) whithout make them admin?

When logging into my site under various accounts the Apache web server intermittently crashes with the following error in the error log:

[Thu Oct 26 00:20:05 2006] [notice] Parent: child process exited with status 3221225477 -- Restarting.
[Thu Oct 26 00:20:05 2006] [notice] Apache/2.0.59 (Win32) SVN/1.3.1 PHP/5.1.6 DAV/2 configured -- resuming normal operations

I have not made any modifications to the TikiWiki code (1.9.6) or changes to my server configuration. Everything was working normally for several months before the error started to appear.

I am able to force a similar crash to occur every time throught the Community -> User List feature (tiki-list_users.tpl). I debugged the template code and found that userlink in the following caused the crash:

{section name=changes loop=$listusers}
<tr>
<td class="odd"> {$listusers[changes].login|userlink} </td>
<td class="odd"> {$listusers[changes].realName} </td>
{if $feature_score eq 'y'}

Any help?

-Anthony

See video:

{FLASH(movie="tiki-download_item_attachment.php?attId=62",width=>876,height=>677,quality=>high)}{FLASH}

One cannot assign permissions on individual FAQs. This prevents from creating FAQ for different level of users.

Hi, I've just added a new banning by ip rule at tw.o:

Title User/IP Sections Action
IP_dedes151_81.18.70.166 81.18.70.166 blogs, categories, cms, directory, faqs, featured_links, file_galleries, forums, galleries, gmaps, mytiki, poll, user_messages, wiki page

but I got message
^
Notice: this variable may not be empty: user
^
On a tiki screen as if I was not logged (and I was, as user xavidp with admin rights).
But below, after the footer section, a new tiki header and the rest of another tiki page appeared, and it looked as if Tiki recognized me as logged on the header (my picture is shown), but the login module was also shown for anonymous to log in, on the right column.

See html attached.

The rules seemed to be saved.

Rule activated by dates
Rule active from
Rule active until
Upgraded tiki: Shows years 1969 till 2010
Clean install: Only gives the year 2010 to chose from
This year is almost over so whould be nice to have some later years to chose from.

banning user doesn't work for me at doc.tw.o. (using 1.9.7, I guess)

I've just made a trial with my user (common registered user, "xavi") at doc.tw.o from my admin account there(xavidp).
|| Rule title | xavi trial
Username regex matching: | xavi
IP regex matching: . . .| ''(empty)''
Banned from sections: | wiki checkbox
Rule activated by dates | checked
Rule active from | 1 june 2007
Rule active until | 10 june 2007
Custom message to the user | trial xavi
||

Btw, the rule was saved, and after that, I could see a line in the rules list showing my new rule:
|| Title | User/IP |Sections | Action
xavi trial | xavi | wiki | X
another one (krisna) ...
another one (anonymous - IP)... ||

After that, I logged in on another browser to check if my user xavi was banned indeed, but I could login with no problems, and open a page for editing. (what kind of behavior was banning suppose to give?)

I the main browser (still as user xavidp), I changed language, went back to this url (by writing its url directly on the browser http://doc.tikiwiki.org/tiki-admin_banning.php ), Changed language to English, and suddenly, my new rule for xavi user was not there any more!
¿¿¿¿????

There were only the ohter two rules...

|| Title | User/IP |Sections | Action
another one (krisna) ...
another one (anonymous - IP)... ||

I guess some bug is around, behind that naughty behavior... ;-)

It would be useful to extract all permissions of File Galleries or Wiki pages or Forums, etc

This would provide a way for admins to know who actually has access to what.

TikiWiki 1.9.8, 1.9.9, 1.9.10, 1.9.11 does not provide binddn and bindpw, when initializing LDAP auth object in userslib.php.

So Tiki can't use authorized LDAP requests...

It would be great to be able to bind arbitrary actions to user creation.

For example, I would like to have a blog created on user registration, named after the username.
Then I might want to have only that user with permissions for some items.
Maybe point the user's group homepage to something user-specific.

And et cetera :)

Discussion over at ((Spam Protection))

http://www.wikimatrix.org/wiki/feature:Blacklist

The number count in a password is rated using this piece of code in lib/tiki-js.js:

// Numbers
var nNumberCount = countContain(strPassword, m_strNumber);
// -- 1 number
if (nNumberCount == 1)
{
nScore += 10;
}
// -- 3 or more numbers
if (nNumberCount >= 3)
{
nScore += 20;
}

This causes a password with 1 number to get 10 points extra, a password with 2 numbers extra points, and a password with 3 or more numbers 20 extra points.

When logging in wrongly with LDAP (no such user or wrong password), will get:

Fatal error: Call to undefined method Net_LDAP2_Error::getEntry() in /var/www/html/watwiki/lib/auth/ldap.php on line 257

(or white screen unless Error reporting is turned on for all)

Strangely this only happens if you key in a password 5 characters or longer. A shorter password will just show "Invalid password" or "Invalid username" as the case may be.

When you have a group name like "Finance and Marketing Departments" and you create another group called "Finance and Marketing Departments Moderators". You will not be able to add users into the latter group if that user is already in the first group. This is caused by "duplicate key" error in the attempt to add the user, because the key length limitation is 32 chars.

This bug might probably be Mysql settings dependent.

There seems to be a button broken in tiki-admin_users.php, after changing the users's password, the confirmation screen appears and the "confirm" button does nothing.

Tested in three different installs in 5.3, including after svn up.
Tested in FF and IE8.

just discovered a bug in TikiWiki 3.2:

when you increase the password "minimum length" setting in Administration/Login, all accounts that do not comply with the new setting will no longer work:
TW will show "Invalid username or password" for these accounts.

resetting the minimum length to the old value will immediately re-enable the accounts.

IMHO, TW should enforce the policy on /new/ accounts and /changed/ passwords only. it should not prevent any existing users from logging in.

When using LDAP External authentication, I am unable to create a new user on the user administration page.

It does not require a password to create the user, but when you click Add, you receive the error message "Password should be at least characters long"


Users are created when they login the first time, but I need to configure permissions before they login.

We recently upgraded from Tiki-4.X to Tiki-5.X. We are running Tiki-5.3.

There seems to be a bug when trying to modify a user under the administration page (tiki-adminusers.php). When trying to click on a user, one is asked to confirm (which is a new workflow) and then taken to the Edit User page. However, when one tries to modify something (e.g. password, email address), you are asked to confirm again, but it never completes.

Here is a set of detailed steps to reproduce the problem:
# Go to admin users (tiki-adminusers.php)
# Click on user "demo"
# Click "Click here to confirm your action"
# Change email address from demo@demo.com to demo@demo.org
# Click "Save"
# Click "Click here to confirm your action"
* Nothing happens. The page address is "tiki-adminusers.php#", but it never changes from the confirm action page. "Go Back" does not work, but "Return to Home Page" does.

I installed Tiki 5.3 from Fantastico and then ran the setup script.

I was able to create some new users and assign them to groups.

The problems manifested when I attempted to change the default admin password and the password that I forgot for one of the new users.

Upon clicking "Edit Account Settings" next to the user, tiki-adminusers.php is displayed with the user number (e.g. tiki-adminusers.php?user=3).

There are three buttons, clicking the one to "confirm" the action causes tiki-adminusers to display a form for editing the password, email, etc. for the user.

"Saving Changes" causes tiki-admin users to again present the three buttons, this time without any user number on the URL.

Clicking to "Confirm" adds a "#" sign to the end of the URL, but nothing seems to happen.

The original password is unchanged and other values entered on the form are unchanged.

By clicking on the column header in the list of users in order to change the order of listing, the page is blank (just a little square appears in the upper right)

Right now, there's no way to resend either the email to the admin to validate a user or resend the email to the user to validate their email address. If either of those emails fail to happen or they get sent to "spam", the user cannot log in.

Since wiki page names should avoid special characters, we'll need to think about maybe using character substitutions in page names (a instead of à, _ instead of ') and use the description field for the exact format.

Please coordinate here: ((Character substitutions))

Contributors

Since this is vast project, we'll use a wiki page: ((CRM))

The registration email seems to give boxed char when mail templates are in french.

I had to add utf8_encode()
to LINE 2727 of lib/userslib.php
$mail_data = utf8_encode($smarty->fetch("mail/$mailTemplate.tpl"));
in order to correct the text display problem.


But when I debug with
$mail_data = mb_detect_encoding($smarty->fetch("mail/$mailTemplate.tpl"));

It return the tpl as already in UTF-8, but I had to utf-8 it again to correct it, can someone look into this?

This is a problem if you don't want Registered users to have this permission. (Often, we want Registered to have all the permissions of anonymous)

in tiki-admin.php?page=features
There is "Contact us" and "Contact Us (Anonymous)"

in tiki-admin.php?page=general, we have more related options
"Contact user:"
"Allow anonymous users to "Contact Us":"


All these options should be on Contact Us admin page (to be created)

1) Column colapsing is not remerbered whenever I change from one page to another.

2) And also have had some problems with their navigators saying "cookies must be on" when they are on, no matter wich browser is being used. This happends as they attemp to login. After many tries the user can login.


Using:
Tiki 6.1 fresh code install, on past 6.0 db updated to 6.1.

Removing an avatar results in an broken image link.

Reproduce:
* Hovering the mouse pointer on a user name reveals the user details.
* Create an avatar for that user.
* Hovering the mouse pointer on the user name now shows the user details including avatar.
* Delete the avatar.
* In place where the avatar was showing before, there's now a broken image in the user details.

Tiki site: http://list.vic-fontaine.com/
demo user/ password: smarty

Try creating a new user in tiki-admin_users.php.

Whether the password don't match or not you are asked to confirm the action. Is this really needed? Anyway if the passwords don't match you get an error after confirming the action and then the "Go Back" does not work... it is very troublesome.

Users should be able to add their own data in custom fields in tiki-user_preferences.php

Users could publish their phone number, their ICQ address, etc

Sometimes, users forget their usernames and end up creating duplicate accounts.

Here are two things which would help:
1- Users should be able to have a password reset/reminder while only knowing their email. __fixed in 1.10__

2- In tiki-adminusers.php, the search box should work for emails also (not just usernames) __fixed in 1.10__


Related: [tiki-view_tracker_item.php?itemId=1069]
Also, in 1.9.x, usernames are CaSe SenSitive. __fixed in 1.10__

TikiWiki often has drop-down menus with many choices.

Ex.: drop-down list of users, or wiki pages, etc

That is ok for a few hundred. But what if you have 300 000 users or 300 000 wiki pages?

There should be a setting where beyond a certain number, the drop-down become a search box.

In 1.10 now we can set to login as e-mail and display realname wherever possible. But the user wiki page by default is set to 'UserCreate<e-mail>. We should still allow user to create his page with 'UserCreate<username/real name>'.

The recommended behaviour should be if user chooses e-mail to be private or it could be if admin sets to disaply realname wherever possible, then it should use 'UserCreate<realname>' other cases it can be based on e-mail.

suggested by r1 on #tikiwiki
http://24ways.org/2007/capturing-caps-lock

To speedup this site, delete any login which:

1- has not voted in tracker ratings
2- has not submitted, modified or commented a tracker item
3- no tracker item is submitted to them

In short, all logins which are not useful here at the moment. Logins will be recreated here at their next login via InterTiki anyway...

This would be great ((tw:Dogfood)) to better organize our community and let users join groups according to their interests.

As suggested by Nyloth at TikiFest Strasbourg,

1- "Sender Email" could be set by default to no-reply@domain.tld
2- It could be requested as part of the install script.

Many features don't work well until it's set (ex.: Inter-User message, registration with email validation, etc)

Can someone give more details on this one?

I believe the problem occurs when someone goes to edit a page then uses the browser buttons, links or types a new URL without clicking either the svae or cancel buttons. -- mdavey

A related issue is that the lock is checked /before/ all the permissions checks have been done. The result is that one can try to edit a page as anonymous, get an error warning, login, try again only to be told that 'Anonymous' is editing the page. -- mdavey

obs: waiting for cvs to unlock to commit

When user try to register they get the following message after pressing "register":

Your email could not be validated; make sure you email is correct and click register below.

Even if the email has been configured to be not required. (I did not try a blank installation.)
dthacker: Was this installation an upgrade or a new install at version 1.10?

Also the email field is present during registration (I don't know if this is related to the bug or if this is normal behaviour)
dthacker: Asking for the email is normal.

This with the following options enabled (and all the others disabled) in the login settings:
(some extra listed here just in case)
* Users can register: yes
* Crypt passwords method: hash-md5
* Reg users can change password: yes
* Reg users can change theme: yes
* Reg users can change language: yes
* Minimum username length: 3
* Minimum password length: 3
* Re-validate user by email after days: -1
* Re-validate user by email after unsuccessful logins: -1
* HTTPS login: disables
* Protect against CSRF with a confirmation step: yes
* Protect against CSRF with a ticket: yes
---
dthacker:
I am unable to reproduce this using your settings. Could you please retest using the latest SVN version?

Users are able to customize Forum Threat layout in a menu on top of the threat with number of posts per page, style, sort by. In My Tiki users are able to set this as preference for user to user messages. This should be possible for the Forum layout too!

Some users prefere the Forum old-post-first and all posts on one page, others prefere latest-post-first and 10 or 20 messages per Page. I would like users to set personal preferences for the discussion forum too. Not for each forum, but once per user, globally in myTiki.

This is a standard feature of most bulletin Board software and the TikiForum should have it too :)

TWiki has the ability to refer to an Admin specified .htpassword file for user control. This is highly useful for having a single point of administration. The tough part is that TWiki doesn't manage the user experience (password changing, etc) very well.

For a TikiWiki enhancement, I would have the following wish:
(1) For the login/authorization, when set to WEB, admin should be allowed to set the path to the apache password file (typically a .htpasswd but names are arbitrary).
(2) Should allow the optional use of .htgroup settings as a means of setting member group. This would then override or augment TikiWiki's groups -- or better yet tikiwiki would manage the .htgroup file in this case.

Benefits of this enhancement:
(1) This would greatly streamline multiple tiki's on a single hosted site (like a corporate intranet).
(a) Single location for user entry for all tiki's that look to the same .htpasswd file
(b) Single location for group entry for all tiki's that look to the same .htgroup file
(b) No mess trying to setup InterTiki
(2) Might also simplify setting up of MultiTikis on a single site by clarifying and simplifying user and group setup.
(3) Would clarify user setup using the Web Authorization method
(a) Right now, one needs to add the user to the .htpasswd file to give them authorization (Locked Area Lite works well for this) and then ALSO add the user to the TikiWiki. The problem is if there are multiple TikiWiki's, then it could be a lot of work adding a username and their groups to each of the TikiWiki's.
(b) The process above (3a) is pretty unclear and takes some figuring out for a newbie tikiwiki admin like myself.

This improvement in Tiki would be very welcome. After spammers add noise to your site (in one day, 10 comments to different places in your tiki from 10 different ip's!), it would be nice if there was the chance that the tiki admin can ban all those 10 ip's with a minimum number of clicks (besides removing many spam comments at once, which can be done already).

This is some possible way to add if (from the interface point of view):

{img src=img122}

Self explicative?
User selects multiple checkboxes, and clicks on some button below which sends all that information (those ip's from those comments) to fill admin banning data (storing the data already for the 10 ip's at once).
Alternatively, one by one, prefilling the interface one by one.

{img src=img123}

Currently (2.x), admins can configure new registrations to select specific groups during registration. I would like to request the following enhancments:

# Specify a default group. Currently, there is no default. I want to be able to configure a default group (i.e., adding checked="checked"...)
#Allow admins to confirm group requests. For example, I want to allow users to ''request'' to join an admin-level group upon registration, but I want the current admin to be able to verify this, before the user gets admin access.

When using a user tracker to collect additional information per user during registration process, it would be great if you could specify to include that information in the user popup/mouseover.

[http://sourceforge.net/tracker/index.php?func=detail&aid=1325010&group_id=64258&atid=506846]

Bugs & Wish list

To reproduce:

1- visit as anonymous:
http://doc.tikiwiki.org/tiki-editpage.php?page=dhsgfkjsd&quickedit=edit

2- Click login
http://doc.tikiwiki.org/tiki-login_scr.php

and login

3- I am sent to:
http://doc.tikiwiki.org/tiki-editpage.php

instead of the page I was trying to edit:
http://doc.tikiwiki.org/tiki-editpage.php?page=dhsgfkjsd&quickedit=edit

{CODE(caption="tiki-login.php line ~308")}if ($prefs['limitedGoGroupHome'] == 'n' || $url == $prefs['site_tikiIndex'] || $url_path == $prefs['site_tikiIndex'] || basename($url_path) == $prefs['site_tikiIndex'] || ($anonymous_homepage != '' && ($url == $anonymous_homepage || $url_path == $anonymous_homepage || basename($url_path) == $anonymous_homepage)) || ($tikiIndex_full != '' && basename($url_path) == $tikiIndex_full)) {{CODE}

for $prefs['limitedGoGroupHome'] == 'y'
the sefurl will not match

Levels in tiki-assignpermission.php are confusing to the new tiki admins.

Homework feature has been kicked out - but the permissions are still in there, when looking at

Admin -> Groups

Hi there,
I would like to know if it is possible to force the tikiwiki login process.

I want the login page for the home page, in order to force the users to log in. I have to modify the tiki-index page ?Do you guys have any hint for doing that?

Any help will be much apreciated.
Luca

Problem: people forget their username

So Tiki has a feature to let people use their email as username. So far so good. But when people start using collaborative features, their email is disclosed (not good)

Perhaps Real Name could be shown instead of email/username?

There is a risk of confusion though because Real Names are not enforced to be unique.

Imagine a site where users can register themselves,a nd select to be just simple registered users, or to join "Comission A" in adition.
Group "Registered" has tracker 1 linked to it, and set to request some fields from it at registration time.
Group "Comission A" has tracker 2 linked to it, and set to request some fields from it at registration time.

And imagine that we want to allow the users initially registered just to "Registered" group, can join themselves the group "Comission A" later on, if they wish. We could use the SUBSCRIBEGROUP plugin for that (nice plugin!)

However, when user clicks on the "subscribe" button, he/she is not requested to fill in the tracker item needed to join that group, but nothing else and sees the same wiki page instead.
For consistency, that user should be directed to the tracker item insertion for that tracker2, so that all users from that group have filled the required fields, agreements (on checkboxes), etc.

Hello,
Installed tikiwiki 1.9 on a CentOS 4.4.
Assigned autenthication to external LDAP server ( Windows AD ) , but the problem
remains even with IMAP.
Login with admin works
Login with external users presents again the login screen ( no "bad password" just the login screen again and again )

I debugged the code and found the both IMAP and LDAP modeles correctly check the user
and at the end of tiki-login.php the "tiki-user-tikiwiki" Cookie is set with the IMAP/LDAP username, but then at start of "tiki-index.php" the $user variable is empty.
A further check states that session_id() at the end of tiki-login.php is different from session_id() at start of tiki-index.php ( and this explains why the value of variables are different ).
10 correct authentication produce 10 different PHPSESS file with correct username but tiki-index.php always load the first one ( without username set ).

This has been reproduced with php-4.3.9-3.22 on a Centos 4.2, 4.3 and 4.4

http://en.wikipedia.org/wiki/Gravatar
http://en.gravatar.com/site/implement/images/smarty/


https://www.libravatar.org/

I have created a new site, and asked some people to try and register on it, and tell me anything that confused them.

And it seems there is something about the registration sequence of Tiki that can be confusing to end users.

In Tiki, the sequence (as I have configured it) looks like this:

A) User registers
B) Admin receives a notification
C) Admin approves
D) User receives a notification asking for him to confirm his email. He clicks on a link to validate that he controls that email.

Because I am the sole admin and am not at my computer all the time (I do sleep 8h a day ;-)), there can be sometimes a couple of hours between A) and D). This means that for many hours, the user no “persistent” confirmation that his registration request has been noted. To be sure, when you register, Tiki prints a message on the screen that says you will receive an email notification and that this can take several hours. But it doesn’t send you an email until the Admin has approved the account. So, for say, 12 hours, you are wondering what’s going on, and you don’t have anything anymore that tells you it’s being processed (because the Tiki message is now gone from your browser). It’s easy for people to start wondering “Did this REALLY work? Did I REALLY see that message from the server saying that I would receive an email message?”. This is what happend to my test user.

In most systems I have worked with, the sequence is more like this:

1) User registers
2) User immediately receives a notification asking him to confirm his email. User clicks on a link to validate that he controls that email.
3) Admin receives a notification that someone with a valid email has requested a registration
4) Admin approves
5) User receives a note that his account has been approved

With this sequence, even if the admin takes a long time to approve the request, during that time, the user has a PERSISTENT acknowledgement in his email inbox.

Another advantage of the later sequence is that we don’t bug the Admin until we know that the email address is valid. With the current approach, if a spammer tries to register with an email that doesn’t exist, the Admin will be asked to approve the account anyway, and we will end up with an account that exists, but was never validated.

Do people agree with this analysis? And if so, do we know how easy or hard it would be to change the order so that step D) happens right after A) instead.

Include a "Secret Question" functionality during the registration process to be used prior to Password Resets & Forgotten Passwords.

When people register to a Tiki site, they sometimes use their email instead of a username. While this works, there should be a warning that this email will be visible in wiki page history, etc.

There is an option to use email as username, but this should not be for community sites.


Other checks would be for accents, existing username, etc.

When a user is banned in the master site, he should also be banned on slave sites.

This could be an option, but general banning is OK too.

Seen on themes.tikiwiki.org , latest BRANCH-1-9

A new user (and spammer at that) logs in to themes.tikiwiki.org via InterTiki. He posts some spams, but Last login is "Never (3 hours)"

If one is typing in the login hover and mouses out, no more typing is entered until one hovers over the login again.

After deleting spam, we can ((doc:Ban)) users but this should be easier/faster.


Ex.: after deleting a comment or rollbacking a wiki revision, have a link to ban the user.

Or maybe a "ban user" link from tiki-adminusers.php

With revision 31581 the LDAP group synchronisation has been limited to only happen 60 seconds after the login:

http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/trunk/lib/userslib.php?r1=31565&r2=31581&pathrev=31581

So far as I can see this method is only called during the LDAP login procedure, so the if-statement in line 1415 will always be false, thus no synchronisation will happen.

I checked this problem with 7.1, 7.2 and 8.3 and never succeded to get the groups from an AD although the LDAP login worked. After disseminating the code and removing this if-statement the feature works again.

I wonder what the the use of this if-statement was? The commit message refers to webdav changes - how does it affect this?
Can this statement be removed so LDAP group synchronisation works or is there another way to fix this?

LDAP group synchronisation is dependent on the "corresponding user attribute", a setting which is only needed if an external directory is used for group synchronisation.

The fix is simple - the combination of if-staments just need to be adjusted slightly - see patch.

When groups are synchronised with a big LDAP organisation many empty groups may end up in Tikiwiki.

This enhancement / patch adds an option to let the administrator of a tikiwiki instance decide whether during synchronisation of groups only the user assignments to existing groups will be done or if non-existent groups will be created in tikiwiki.

The default behaviour - as of now - is that when a LDAP user logs in all the groups he belongs to will be created in tikiwiki and he is being added as a member of these groups.

This enhancement adds the preference "ldap_create_groups_tiki" which is "y" by default - which corresponds to the current behaviour.

If "ldap_create_groups_tiki" is set to "n" and a LDAP user logs in the group synchronisation process will silently ignore groups that exist in LDAP but not in tikiwiki. Existing groups will be synced, though.

I am sent here

tiki-adminusers.php?user=abc&action=removegroup&group=xyz

Contributors

If HTTPS login is disabled and "protect all sessions" is activated, no one can login anymore.

Others to watch:

* Users can choose to stay in SSL mode after an HTTPS login
* Users can switch between secured or standard mode at login

I am referencing forum post: https://tiki.org/tiki-view_forum_thread.php?comments_parentId=43682&topics_offset=1

I would like the ability for users in child domains to access the TikiWiki site the same way users in the parent site are able to access it. According to the forum post, "Tiki is not currently capable of authenticating against multiple domains (or multiple LDAP servers)" and "The code could be modified to search, say, the global catalog for the user's DN and then authenticate against the corresponding domain, but this would be custom coding"

I would like an option to specify multiple domains, or a custom code I could use to search the global catalog for the user's DN.

Basically I want all of my users in all of my offices to access the Tiki site. Not just the home office users.

As an admin, I change the group of a user, and the default group.
The user needs to logout/login or the default group is not changed

I looked if something like this has been reported previously, but didn't find something that completely fits, so I post this and apologize if I missed something.

Since I have already put some detail into a [http://tiki.org/tiki-view_forum_thread.php?forumId=6&comments_parentId=44097#threadId44102|support request] and at the moment I believe it only concerns two Wikis belonging to the same admin, here is a description:

Steps to reproduce:
1) Take any Tiki installation and move a new directory
2) Create a new DB with a copy of the original DB
3) Upgrade and start it up
4) Log into the old installation as admin
5) Find out you're admin on the new one, too.

It may well be that for some admins this is a wanted behaviour like as a single-sign-on (SSO).

But it is my firm belief that any such behaviour is to be considerd a breach of security unless both admins have expressley activated this as a wanted behaviour. Possibly the problem also exists if two different admins operate two different Tikis on the same hosted volume, that somehow were created from one single predecessor, so maybe this is not as harmless as it might seem to be.

I do not know, but suspect, this could be a cookie issue.

Resolution could be that tiki-installer regenerates all security structures upon installation and/or upgrades, or at least asks the admin whether such should be reset. Also, there should be a button in the administration panel to reset this at any later time. In my opinion TikiWiki should at all times, if not told to behave otherwise, protect its instance against all other possible instances of itself...

At some point confusion may get so high to a user's browser that logging into Wiki B alone will not function, and you have to log into Wiki A to be able to access Wiki B. At the moment I experience this with my new 6.7 LTS and my old 1.9.8.3. sitting in different directories on the same volume, accessing to different MySQL DBs with differing user names and passwords...

Just to be sure that I'm not posting any vulnerability details, please contact me for more information: marja *at* svi *dot* nl.

Thanx!

To reproduce

# Install a fresh Tiki
# Create some usernames as usual
# Set "Use email as username" feature to yes
# Create more users (this time, username will be the email)
# Create a newsletter
# Subscribe the Registered group to the newsletter
# Send a newsletter

The system will crash and be unable to send the newsletter because some users don't have valid emails. If you error reporting is activated, you will get a message like this:

{CODE()}
System error.

The following error message was returned:

Duplicate entry '3-mcradmin-g' for key 'PRIMARY'
The query was:

INSERT INTO `tiki_newsletter_subscriptions` (`nlId`,`email`,`code`,`valid`,`subscribed`,`isUser`,`included`) VALUES (?,?,?,?,?,?,?)
Values:

3
mcradmin
6b78cc21c16e768dd8fbb6b538c6bf78
y
1339700591
g
n
The built query was likely:

INSERT INTO `tiki_newsletter_subscriptions` (`nlId`,`email`,`code`,`valid`,`subscribed`,`isUser`,`included`) VALUES ('3','mcradmin','6b78cc21c16e768dd8fbb6b538c6bf78','y','1339700591','g','n')
Things to check:

Is your database up and running?
Is your database corrupt? Please see how to repair your database
Are your database credentials accurate? (username, database name, etc in db/local.php)
Did you complete the Tiki Installer?
Please see the documentation for more information.
{CODE}

Often, we don't remember if we have already registered...

I have a new Tiki 9.0 install. Testing the user registration process, the antibot capcha image is not visible. So no-one can register!

I cut the image URL out of the webpage, and viewed it in isolation. It has a
path in the form "/temp/public/<UUID>.capcha.png".

I get a "403 access denied". I am not logged in, obviously. My temp/.htaccess
file has:

{CODE()}
<FilesMatch ".*">
order deny,allow
deny from all
</FilesMatch>
{CODE}

Whereas temp/public/.htaccess has:

{CODE()}
<FilesMatch ".*">
order deny,allow
allow from all
</FilesMatch>
{CODE}

These are as installed by Tiki.

If I delete temp/.htaccess, I can view the image. So it seems to be this which
is disallowing files in temp/public from being served, and this implies
temp/public/.htaccess isn't actually doing anything useful.

Refreshing my memory of how these things work, I read these:

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
http://drupal.org/node/93865

Admittedly it's a bit subtle. But it looks to me like the <FilesMatch ".*"> and
'allow from all'/'deny from all' directives are redundant and might not do what
they seem to do.

Ignoring what Tiki 9.0 has installed for me, I think what sounds like a correct
configuration would be to make use of the fact that .htaccess is inside an
implicit <Directory> section, and simply have:

temp/.htaccess:

{CODE()}
# deny access to this dir and children by default.
Order allow, deny
{CODE}

temp/public/.htaccess:

{CODE()}
# allow access to this dir and children by default
Order deny, allow
{CODE}

And if I put those in, it seems to work for me. I can access
temp/public/<blah>.captcha.png, but not temp/README in my browser.

This *does* seem to be at odds with the fact that this prevents new user
registrations and that if the Tiki-installed defaults didn't work, it's likely
someone would immediately notice that! However I've asked on the devel and user lists, but no-one seems able to comment.

http://article.gmane.org/gmane.comp.cms.tiki.user/3256

Note, one possibly relevant fact is that my shared hosting (Eleven2) doesn't
actually use Apache, they use Litespeed (which is meant to respect .htaccess and
supports the usual Apache configs). So far I've not noticed any funny behaviour
which suggests that it doesn't behave just like Apache.

It'd be a nice feature and enhancement of users' privacy and security, if users can drop an OpenPGP public key into their accounts and receive emails encrypted. Actually anyone can initiate a forgotten password request and will be able to take over an account if he or she manages to eavesdrop a user's email traffic.

More generally spoken, OpenPGP support opens a second auth channel in case users need to change certain settings semi automatic or are in environments with a higher security level which require more than just a password.

Using an installed GnuPG software instance by PHP scripts should not be a license issue despite GnuPG is GPL and not LGPL. But this is an issue I'll check.

Please see:
http://irc.tiki.org/irclogger_log/tikiwiki?date=2012-10-03,Wed&sel=483#l479

This following displays when the user was set up, not since "last visit date"

Since your last visit...
2012-11-21
9 new posts

I searched existing bugs and couldn't find any info pertaining to above.
Am I missing something obvious?

Thanks

Using services like http://www.stopforumspam.com can help to identify and handle spam-related mail addresses trying to create an account.

stopforumspam provides an API to test a mail address against a "known spammer"-list. This could be used to warn an admin before confirming an account.

I use email as username and user tracker for more information at registration.
If a user types in an invalid email address and wants to register. He gets an error, no user is registered BUT the user tracker gets an entry.

mostly I have to hit the save button twice. Perhaps that helps to find the bug?

Features Classification

It concerns the Passwords match and do not match.
Chealer explained to me that there is a language.js file to be created in the lang/<yourlang> folder (as in ca).
Since my ajax is on, the password check is not run from
tiki-js.js, checkPasswordsMatch
but from
register_ajax.js (please also add a header to this file), check_pass.
The tr function is not defined there, so it would not work.

See also
http://irc.tikiwiki.org/irclogger_log/tikiwiki?date=2010-10-19,Tue

P.S. I rated this 9, because there will be people who want ajax and another language, but do not like to dig js files for such a basic functionality.

If you're editing a page and you fail the CAPTCHA or your session expires, your whole edit is lost. Most users expect their browser to have saved the form data, many would know enough to log back in then hit the back button to get back to the form (or at least, hit "back" and copy the data for later pasting after login). This does not work - after a "back" the form is empty!

I'm ranking this bug as priority 7 because it is very serious - data loss and angry users. I think the solution is trivial, too: see below.

Contributors

Contributors

Our Active Directory is configured not to allow arbitrary LDAP searches for unprivileged users. However, these users can successfully bind to AD's LDAP interface. This would be enough for authentication and we would not need a special account for checking authentication.

I therefore removed parts of the function fetchData in /lib/pear/Auth/Container/LDAP.php:

{img src=images/code.png}%%% {CODE()}
function fetchData($username, $password)
{
$this->log('Auth_Container_LDAP::fetchData() called.', AUTH_LOG_DEBUG);
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}

$err = $this->_getBaseDN();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}

// UTF8 Encode username for LDAPv3
if (@ldap_get_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, $ver) && $ver == 3) {
$this->log('UTF8 encoding username for LDAPv3', AUTH_LOG_DEBUG);
$username = utf8_encode($username);
}

/* // make search filter
$filter = sprintf('(&(%s=%s)%s)',
$this->options['userattr'],
$this->_quoteFilterString($username),
$this->options['userfilter']);

// make search base dn
$search_basedn = $this->options['userdn'];
if ($search_basedn != '' && substr($search_basedn, -1) != ',') {
$search_basedn .= ',';
}
$search_basedn .= $this->options['basedn'];

// attributes
$searchAttributes = $this->options['attributes'];

// make functions params array
$func_params = array($this->conn_id, $search_basedn, $filter, $searchAttributes);

// search function to use
$func_name = $this->_scope2function($this->options['userscope']);

$this->log("Searching with $func_name and filter $filter in $search_basedn", AUTH_LOG_DEBUG);

// search
if (($result_id = @call_user_func_array($func_name, $func_params)) === false) {
$this->log('User not found', AUTH_LOG_DEBUG);
} elseif (@ldap_count_entries($this->conn_id, $result_id) >= 1) { // did we get some possible results?

$this->log('User(s) found', AUTH_LOG_DEBUG);

$first = true;
$entry_id = null;

do {

// then get the user dn
if ($first) {
$entry_id = @ldap_first_entry($this->conn_id, $result_id);
$first = false;
} else {
$entry_id = @ldap_next_entry($this->conn_id, $entry_id);
if ($entry_id === false)
break;
}
$user_dn = @ldap_get_dn($this->conn_id, $entry_id);

// as the dn is not fetched as an attribute, we save it anyway
if (is_array($searchAttributes) && in_array('dn', $searchAttributes)) {
$this->log('Saving DN to AuthData', AUTH_LOG_DEBUG);
$this->_auth_obj->setAuthData('dn', $user_dn);
}

// fetch attributes
if ($attributes = @ldap_get_attributes($this->conn_id, $entry_id)) {

if (is_array($attributes) && isset($attributes['count']) &&
$attributes['count'] > 0) {

// ldap_get_attributes() returns a specific multi dimensional array
// format containing all the attributes and where each array starts
// with a 'count' element providing the number of attributes in the
// entry, or the number of values for attribute. For compatibility
// reasons, it remains the default format returned by LDAP container
// setAuthData().
// The code below optionally returns attributes in another format,
// more compliant with other Auth containers, where each attribute
// element are directly set in the 'authData' list. This option is
// enabled by setting 'attrformat' to
// 'AUTH' in the 'options' array.
// eg. $this->options['attrformat'] = 'AUTH'

if ( strtoupper($this->options['attrformat']) == 'AUTH' ) {
$this->log('Saving attributes to Auth data in AUTH format', AUTH_LOG_DEBUG);
unset ($attributes['count']);
foreach ($attributes as $attributeName => $attributeValue ) {
if (is_int($attributeName)) continue;
if (is_array($attributeValue) && isset($attributeValue['count'])) {
unset ($attributeValue['count']);
}
if (count($attributeValue)<=1) $attributeValue = $attributeValue[0];
$this->log('Storing additional field: '.$attributeName, AUTH_LOG_DEBUG);
$this->_auth_obj->setAuthData($attributeName, $attributeValue);
}
}
else
{
$this->log('Saving attributes to Auth data in LDAP format', AUTH_LOG_DEBUG);
$this->_auth_obj->setAuthData('attributes', $attributes);
}
}
}
@ldap_free_result($result_id);


// need to catch an empty password as openldap seems to return TRUE
// if anonymous binding is allowed
*/ $user_dn = $username;
if ($password != "") {
$this->log("Bind as $user_dn", AUTH_LOG_DEBUG);

// try binding as this user with the supplied password
if (@ldap_bind($this->conn_id, $user_dn, $password)) {
$this->log('Bind successful', AUTH_LOG_DEBUG);
// check group if appropiate
if (strlen($this->options['group'])) {
// decide whether memberattr value is a dn or the username
$this->log('Checking group membership', AUTH_LOG_DEBUG);
$return = $this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username);
$this->_disconnect();
return $return;
} else {
$this->log('Authenticated', AUTH_LOG_DEBUG);
$this->_disconnect();
return true; // user authenticated
} // checkGroup
} // bind
} // non-empty password
// } while ($this->options['try_all'] == true); // interate through entries
// } // get results
// default
$this->log('NOT authenticated!', AUTH_LOG_DEBUG);
$this->_disconnect();
return false;
}
{CODE}

If would be nice to have a checkbox in the LDAP part of the admin page for selecting this behaviour.

Hi All,

I’m working on the Tikiwiki 2.2 with a LDAP authentication.

In the login option, I see it is possible to automatically give someone access in the Tiki if this person is in LDAP directory.

My question is: Is it possible to define access with a Distribution List group and not with the entire LDAP directory?

On another note, do you know why “LDAP Member is DN” can not be set to “yes?”

Thanks for your response

At first I had the problem with the Login Bug listed here:- http://tikiwiki.org/tiki-index.php?page=LoginBug&highlight=login%20bug

I have tried using all fixes on this page and to no avail.

Since then I have found that any function that uses the 'Click here to confirm action' page and button does not work. Are these interrelated? This happens if I try to delete a user, rollback a page in fact any function that uses that button and page?

Help or fixes would be very much appreciated as I have found tikiwiki excellent to use with my classes but these bugs are leading me to use something different next time!

hi,

i install the the tiki 3.0 but when i try to make the first login with admin give me a cookie error but i check and the cookies are enable.

any help
thank you

Select Login Auth : Tiki and Pear

Try login with a user who is not in ldap but in tiki own db. Login fails.

We now need to fiddle in the templates to remove the print icon. In many cases, a print option is not useful.

Need both a tiki_p style permission and a feature_print style feature for this. Need to document the actual names we used, too.

One tiki-wide setting to deactivate all printable pages all links to these pages (with the little printer icon).

This will also be useful for http://mobile.tikiwiki.org/ Let's try to do before 1.9.1

obs: waiting for cvs to unlock to commit

This started when I discovered that when trying to register with an address using the "GMail-Format" like
normal.mail+something@gmail.com and it will fail although the address is valid. I have made a quick fix to allow '+' in the name part of the email address, but obviously more can be done to make this more RFC compliant. Will have to double check that email actually sends, of course.

Some references:

[http://www.regular-expressions.info/email.html]
[http://en.wikipedia.org/wiki/E-mail_address#Plus_.28or_Minus.29_addressing]

I initially reported the bug as if it happened only when you had more than 10 groups, and wanted to assign the users to a group greateer than the 10th postition. Now I've realized that it also fails for any group in the list (also for one of the groups within the first 10 listed): the selection of users is lost, thus no user is assigned to the group you select.
:-/

----
To reproduce the bug:
You need to have more than 10 groups defined in the Tiki.
And also several users (+100 in my case)

From admin users menu:
* Select several users (in my case, I selected to view 20, ordered by last login)
* click on manage groups assignments

^
__GROUP PART__
If the group you want to assign them to is not in the list of the first ten (for instance, it's the eleventh in the list alphabetically ordered), then you cannot select that group for those users.
If you try to go to next page of groups (I guess), then the selection of users is lost.
Using 1.9.2.
-----
This bit was fixed by sylvie last week. Xavi (31/01/06)
^
Still buggy:
^
__USERS PART__
To reproduce:
Reorder the list of users by any field so that you get some users in the list that where not seen at the default view of users (that's a __key point __to reproduce the bug).

Select some of those users, to assign them to a group. After I click on submit button (with "manage group assignments" selected), then the page is loaded with the default ordering, so that those users are not listed in the page. If I select then the group to have them assigned to, and submit, the users are not assigned to that group.

However, if I restart the process, but request to show 1000 users (what ever number, but ensure you list ALL of them). Reorder again users (last connected, for instance). Then select some of them. Click to "manage group assignments), and then, the page will loose the ordering, but at least you'll be able to see your users among the long list, and tehy keep the box toggled on (so that __selection is not lost!__). In this case, assigning to a group worked!

The bug must be somehow related to the registers that are ot selected to be shown, even if they are still selected to be assigned to the group.
Hope this helps to fix the bug. Xavi 31/01/06
---
This second part was fixed by sylvie after the report, later on the same 31/01/06...,
at tiki-adminusers.tpl ^

Contributors

Tiki login page wrongfully increments tiki_pageviews hit count

After upgrading from 1.9.11 to 2.0 an error occurs with a missing field (email_confirm) when trying to add a new user as summarised at the end of this post. This seems to be repeatable across several sites that I have upgraded from 1.9.11 so I am assuming something wrong with the upgrade script. Have checked the database using phpMyAdmin and whilst the field is present on a brand new install it is consistently missing in all the upgrades. Manually adding the field from phpMyAdmin rectifies the problem.

Would be very useful to have the full 2.0 data structure documented since I am seeing inconsistencies between the the number of tables in an upgraded site versus a new 2.0 site (upgrade had more tables) - some sort of test utility to validate the data structure would also be very very useful.



__ERRORS RECEIVED WHEN TRYING TO ADD A NEW USER:__

An error occured in a database query!

Context:
File tiki-adminusers.php
Url tiki-adminusers.php
Query:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values(?,?,?,?,?,?,?,?,?,?,?,?,?)
Values:
0 testuser
1 testuser99
2 admin@enmoreservices.com
3
4 1221214268
5 $1$9LOB42RB$ZHSl8Al4i9Aw4KcLnHlpa.
6 0
7 1221214268
8 1221214268
9 NULL
10 NULL
11 NULL
12 NULL
Message:
Unknown column 'email_confirm' in 'field list'
Built query was probably:
insert into `users_users`(`login`, `password`, `email`, `provpass`, `registrationDate`, `hash`, `pass_confirm`, `email_confirm`, `created`, `valid`, `openid_url`, `lastLogin`, `waiting`) values('testuser','testuser99','admin@enmoreservices.com','','1221214268','$1$9LOB42RB$ZHSl8Al4i9Aw4KcLnHlpa.','0','1221214268','1221214268',NULL,NULL,NULL,NULL)

Perm plugin is very useful and works well. It is very similar to the group plugin. It weighs just a few k and I see no advantage of putting in mods.
http://mods.tikiwiki.org/details.php?type=wikiplugins&mod=perm

Similar to group plugin, we need "if/else" concept:
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=994

So we could do things like this in wiki pages:
if tiki_p_edit "please click here to edit" else "please click here to login"

Also, group plugin is still in mods, but already in main code base so it should be cleaned out of mods.

Using 1.10cvs from the last week of October'07.
Multiple assignment of users to a group is not working. Log shows as if those users were effectively assigned to group Editors (in my case), but after that, when I refresh the list of users, those users are still only belonging to registered group, and not Editors.

However, if I assign one by one, through the key icon, they are well set to the Editors group.

http://moviments.net/intercanvisarxius/

(this is the same site as http://intercanvis.net but for testing, using latest 1.10 cvs code)

Hello, I have been receiving this error ever since I upgraded to 2.0 (I have since upgraded to 2.1 and then 2.2). When I try to add a new user, I receive this MySQL error message. I have not found any workaround.

I did a clean install and clean database install and was unable to duplicate this error that way.
MySQL version 4.0.18 local on a Suse OES 1 box. TikiWiki 2.2, started occuring in 2.0.

{img src=show_image.php?id=62}



Thanks for the help!

If I have a login box module, and I visit tiki-login_scr.php, I get two places to login

Same thing with error pages which offer to login.

If your users login has a ".", as in "firstname.lastname", the remember me feature breaks.

This is the snippets in tiki-login.php use to set the cookie:

{img src=images/code.png}%%% {CODE()}
// Now if the remember me feature is on and the user checked the rememberme checkbox then ...
if ($rememberme != 'disabled') {
if (isset($_REQUEST['rme']) && $_REQUEST['rme'] == 'on') {
$hash = $userlib->get_user_hash($_REQUEST['user']);
$hash = $userlib->create_user_cookie($_REQUEST['user']);
$time = substr($hash,strpos($hash,'.')+1);
setcookie($user_cookie_site, $hash.'.'.$user, $time, $cookie_path, $cookie_domain);
$logslib->add_log('login',"got a cookie for $remembertime seconds");
}
}
{CODE}


The cookie content has the following format:
{img src=images/code.png}%%% {CODE()}
md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']).(date('U') + $remembertime).$user
{CODE}

The following code in userslib.php parse the cookie content. This function will successfully returns
the user only if your users login does not have a ".", otherwise this function will always return
false, and users have to re-login everytime.

{img src=images/code.png}%%% {CODE()}
function get_user_by_cookie($hash) {
list($check,$expire,$userCookie) = explode('.',$hash);
if ($check == md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'])) {
$query = 'select `user` from `tiki_user_preferences` where `prefName`=? and `value`=? and `user`=?';
$user = $this->getOne($query, array('cookie',"$check.$expire", $userCookie));
if ($user) {
if ($expire < date('U')) {
$query = 'delete from `tiki_user_preferences` where `prefName`=? and `value`=?';
$user = $this->query($query, array('cookie',$hash));
return false;
} else {
return $user;
}
}
}
return false;
}

{CODE}

Sometimes, I want to restrict who uses Tiki's internal search engine. Maybe I have some non-linked pages, that people can discover via the search engine.

In Admin -> Login check both:
- Users can register:
- ... but need admin validation:

Admin validation isn't required, new users still can register and login immediately.

We were trying to have the new antibot captcha working in a Tiki site based on Tiki trunk (during TikiFestBarcelona2 - mid July 2010), were a user tracker was set to collect more information from users at registration time.

when we enabled zend new antibot-captcha , no antibot code was shown at registration time, because there seems to be some conflict with the user tracker.
Once the user tracker was disabled, the antibot-captcha was shown properly, etc.

----
Update: disaled the new zend antibot catpcha, in order to use the former simple captchaimage, but that one is not working either, if user tracker is on.

One can ask for the realName "admin" and get it with no problem. In fact, all the 1000 users of a site could be called admin.
TW51

In earlier Tiki versions, the CAPTCHA for the registration was separate from other anti-bot protection. It was possible to have CAPTCHA protection for some areas (such as comments and trackers) but not other areas (such as registration).

I have several sites that use "Require Admin Approval" and/or passcode options for Registration, so the CAPTCHA is not needed.

In Tiki 6, CAPTCHA was made global -- there is no longer any way to have CAPTCHA support for some items, such as comments, but not other items (such as registration).

On a new 1.10 installation...

When logging in as the ADMIN for the first time, the Change Password Enforced page appears (requiring new admins to select a new password). The OLD PASSWORD field should be maintained (pre-filled) with the existing admins password (by default: ADMIN). This __used__ to be the case in 1.9.

Pre-populate the OLD PASSWORD field with the user's existing password. This field should be disabled, so the user cannot change it.

There is a very common use case where a specific Group should be given User admin permission, ie tiki_p_admin_users, so that the setting up of new users can be delegated.

However this permission allows the user with these added permissions to edit the admin details and therefore be in a position to assign new users and themselves to the Admins Group - which has 'security' (in the broadest sense) implications.

Changes that avoid this are needed so that the admin details can only be changed by the admin.

FIXED

When using OpenID + Registration CAPTCHA...
With Tiki 2.2...

I attempted to register using my OpenID:

#On the Login page, I entered my OpenID.
#My OpenID was validated and Tiki shows the page where I can either associate my OpenID with an existing Tiki account, or register as a new user.
#I completed the registration form (including the correct CAPTCHA), but Tiki keeps saying that the Anti-bot code was incorrect.

Additionally, the registration form presented with the OpenID __does not__:
*Display the password minimum requirements (such as number of characters).
*Allow for the selection of groups.


__Duplicate of {wish id=1505}__

For sites with open content it's very important that a visitor who came through a link from search engine or somewhere else would have minimum problems with adding new information to the wiki.
My personal example: I have a blog on livejournal.com and now plan to create a homepage based on tiki, but I don't want to make all of my friends from LJ to pass registration on my site. Even if they all would, it's unreal to make them all use the same logins as there.

Active Directory doesn't allow for anonymous searches of its structure. Instead, an username and password for an account with search access must be given when connecting.

Use case:

We want users to update their profiles every once in a while.

So the system should be reminding users to click on tiki-view_tracker_item.php?view=+user and update their user profile.

Eventually, an email reminder could be cool as well.

Anonymous can view this gallery:
http://www.marclaporte.com/gallery1
And there is a list to the galleries:
Put I can't list the available galleries (available to anonymous)
http://www.marclaporte.com/tiki-galleries.php


There is a related problem with tiki-list_gallery.php where a :

if ($tiki_p_admin_galleries != 'y')

which prevents all individual image gallery permission checks

If a user has no access to a feature or a wiki page, normally the login page is shown. However, if the site has a phpLayers menu (E.g. {phplayers id=43 type=horiz} in Site Identity features - Custom Code - Content ), the phpLayers menu fails and dies. The user only sees a blank page with the message "LayersMenu Error: setMenuStructureString: empty string. Halted".

when downloading image/jpeg type of user avatar it fails due to problem in execution of SQL query. It seems that binary uploads that for sure contains special characters destroys the SQL statament to be queries.
My TikiWiki is 1.9.1 configured with Postgersql 8.x
For more info see --> https://sourceforge.net/tracker/index.php?func=detail&aid=1283624&group_id=64258&atid=506846

See message on the security list related to user administration

tiki-objectpermissions.php references tiki_p_admin_objects which is not defined. For that reason the test in line 11 fails and even admin does not have the permissioin the change permissions of article themes.

When you edit a banning rule, that rule gets deleted (at least, from the list at the Banning interface in Tiki).

To reproduce:
* go to tiki-admin_banning.php
* add a rule for this ip "91.201.66.6" (real ip of spammers, btw) with the title "91.201.66.6_regular_spammers"
* Check all features
* Check the setting to activate the rule by dates
* Select the maximum possible time frame (btyw, this only allows selecting within the same year: reported by somebody else already in another bug report; see [bug3643])
* add some custom message
* save
* click at the title of your rule in order to have it open for edition again for you
* the rule is deleted from the list of rules, and the edit interface is empty

---
confirmed in two different tiksi from different servers... (btw, 5.x is also affected)

Community / User features /
User Preferences Screen: yes

Community / General /
Show user's real name instead of login (when possible): yes

The realName user preference is not used in trackerlist, tracker, and pretty tracker. Actually, why the when possible? Is not it where implemented?

Note that
- in my case the e-mail is used as the login name
- it does work when adding new comments to trackers
used: TW5.0Beta1

It is possible to include groups recursively.
As a result the users that belong to those groups receive a CGI Error when trying to login.

The login settings page should be refactored to eliminate the presentation of unneeded configuration options.

Steps to reproduce:

Use admin rights for the following steps

1. Create at least 2 categories
2. Give Registered (default no rights changed) User group access to one of them and deny access to the other
3. Now create 1 Wiki site in each Category
4. Link both pages from the tiki.index.php via Wiki link

5. Log in as the Registered user now
6. Try viewing both Sites via the Wiki link on one u get the error that u dont have permission to do so
7. Now click on the Link
Create this page (page will be orphaned)
8. Now u can view the page even though u arent allowed to do so
9. Uncheck the category change the site and u are even able to save the edits u did even though u dont have permission to do so

Hello,

I am testing the registrations into one of the sites I develop (the first test 4.1)
The message sent to the user as various content and "structure" errors.

1- the system inserts HTML comment [<!-- TPL: mail/user_validation_mail.tpl -->]
because the option
(preference name: log_tpl) was activated
These comment are displayed into the message and placed (3 times) in not a right place.
A blank line into the mime definition is interpreted as begin of text.

2- Even the option is not used there is a blank line into mime commands so the second part of mime definition are not taken in account and appear as document text....

Join three file *.eml
*name ended "b-html_v4b.eml" which is sent with option log_tpl
*name ended "-b.eml" without option log_tpl
*name ended "-b-v5.eml" without option log_tpl with corrections integrated : mail well displayed has text:plain

This makes us unable to start normal exploitation of the site, till is not solved.
We track all messages display and check French translation.

I don't had time till know to go to the soft structure to find the error.

Best regards

It should be useful for registered developers to have the option to join documents to the bug-track during main redact

''__the b-html_v4b.eml__''
X-Account-Key: account36
X-UIDL: 12627.....48.mail97.ha.ovh.net,S=1947
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <teawik@trebly.net>
Delivered-To: bty-........@trebly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 6 Jan 2010 01:33:36 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 6 Jan 2010 01:33:36 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 6 Jan 2010 01:33:36 -0000
Delivered-To: trebly.net-bty-...........@trebly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 6 Jan 2010 01:33:36 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 6 Jan 2010 01:33:36 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 6 Jan 2010 01:33:36 -0000
Received: from unknown (HELO teawik.trebly.net) (bty@trebly.net@213.251.189.205)
by ns0.ovh.net with SMTP; 6 Jan 2010 01:33:35 -0000
MIME-Version: 1.0
From: Teawik@trebly.net
Return-Path: Teawik@trebly.net
Reply-To: Teawik@trebly.net
Subject: <!-- TPL: mail/user_validation_mail_subject.tpl -->Votre inscription Tiki (teawik.trebly.net)
X-Ovh-Tracer-Id: 16748887014789590094
X-Antivirus: avast! (VPS 100105-0, 05/01/2010), Inbound message
X-Antivirus-Status: Clean

<!-- /TPL: mail/user_validation_mail_subject.tpl -->
Content-Type:text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <kvsxny......@teawik.trebly.net>
To: bty-...........@trebly.net
X-Ovh-Tracer-Id: 16748605539809995854
X-Ovh-Remote: 213.251.189.205 ()
X-Ovh-Local: 213.186.33.20 (ns0.ovh.net)
X-Spam-Check: DONE|U 0.5/N

<!-- TPL: mail/user_validation_mail.tpl -->Bonjour BTY044,
Vous (ou quelqu'un d'autre) a inscrit cette adresse électronique à teawik.trebly.net
Si vous voulez pouvoir vous connecter sur ce site, vous devrez suivre le lien suivant pour la première connexion :
http://teawik.trebly.net/tiki-login_validate.php?user=B?????&pass=........................
Bonne visite sur le site!

<!-- /TPL: mail/user_validation_mail.tpl -->


''__the -b.eml file__''
X-Account-Key: account36
X-UIDL: 1262928532.31100.mail97.ha.ovh.net,S=1715
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <teawik@trebly.net>
Delivered-To: bty-a.......ly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Delivered-To: trebly.net-bty-...........@trebly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from unknown (HELO teawik.trebly.net) (bty@trebly.net@213.251.189.205)
by ns0.ovh.net with SMTP; 8 Jan 2010 05:28:50 -0000
MIME-Version: 1.0
From: Teawik@trebly.net
Return-Path: Teawik@trebly.net
Reply-To: Teawik@trebly.net
Subject: Votre inscription Tiki (teawik.trebly.net)

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <kvwxw7.......trebly.net>
To: bty-........@trebly.net
X-Ovh-Tracer-Id: 14020268591991991374
X-Ovh-Remote: 213.251.189.205 ()
X-Ovh-Local: 213.186.33.20 (ns0.ovh.net)
X-Spam-Check: DONE|U 0.5/N
X-Antivirus: avast! (VPS 100107-1, 07/01/2010), Inbound message
X-Antivirus-Status: Clean

Bonjour BTY05,
Vous (ou quelqu'un d'autre) a inscrit cette adresse électronique à teawik.trebly.net
Si vous voulez pouvoir vous connecter sur ce site, vous devrez suivre le lien suivant pour la première connexion :
http://teawik.trebly.net/tiki-login_validate.php?user=BTY05&pass=0de72c4e5ca890a3b931d7dfab38f992
Bonne visite sur le site!

''__the "b-v5.eml" (manually corrected on output)__''

X-Account-Key: account36
X-UIDL: 1262928532.31100.mail97.ha.ovh.net,S=1715
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <teawik@trebly.net>
Delivered-To: bty-a.......ly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Delivered-To: trebly.net-bty-...........@trebly.net
Received: from b0.ovh.net (HELO queue) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from localhost (HELO mail97.ha.ovh.net) (127.0.0.1)
by localhost with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from b0.ovh.net (HELO queueout) (213.186.33.50)
by b0.ovh.net with SMTP; 8 Jan 2010 05:28:51 -0000
Received: from unknown (HELO teawik.trebly.net) (bty@trebly.net@213.251.189.205)
by ns0.ovh.net with SMTP; 8 Jan 2010 05:28:50 -0000
MIME-Version: 1.0
From: Teawik@trebly.net
Return-Path: Teawik@trebly.net
Reply-To: Teawik@trebly.net
Subject: Votre inscription Tiki (teawik.trebly.net)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <kvwxw7.......trebly.net>
To: bty-........@trebly.net
X-Ovh-Tracer-Id: 14020268591991991374
X-Ovh-Remote: 213.251.189.205 ()
X-Ovh-Local: 213.186.33.20 (ns0.ovh.net)
X-Spam-Check: DONE|U 0.5/N
X-Antivirus: avast! (VPS 100107-1, 07/01/2010), Inbound message
X-Antivirus-Status: Clean

Bonjour BTY..,
Vous (ou quelqu'un d'autre) a inscrit cette adresse électronique à teawik.trebly.net
Si vous voulez pouvoir vous connecter sur ce site, vous devrez suivre le lien suivant pour la première connexion :
http://teawik.trebly.net/tiki-login_validate.php?user=BTY..&pass=..........................
Bonne visite sur le site!



END!

om: admin
To: admin
Cc:
Subject: Tiki User Registration Request
Date: Thu 07 of Sep, 2006 [13:32]

Hi,

gandalf < > has requested an account on www.domain.de

To validate that account, please follow the link:
http://www.domain.de/tiki-login_validate.phpuser=gandalf&pass=98d3eee5d2201c477b6066c28dac3bd2


best regards,
your Tikiwiki

The validation link should be something like this:

http://www.domain.de/tiki-login_validate.php?user=gandalf&pass=98d3eee5d2201c477b6066c28dac3bd2

When inserting the question mark manually validation is working.

Read on #wiki (freenode)

(10:47:42) TheSheep: marclaporte: don't want to be rude, but I have an implementation hint for tikiwiki -- make the registration url fit in 80 chars, it will be much easier to copy to the browser this way
(10:48:05) marclaporte: you mean the one you receive by email?
(10:48:17) marclaporte: (not rude at all, always like feedback, good or bad)
(10:48:45) TheSheep: marclaporte: yes
(10:49:19) TheSheep: marclaporte: the domain name is short, if only the php file name and the password were shorter, it would fit nicely
(10:49:38) TheSheep: just a small detail
(10:50:07) TheSheep: most people use graphical mail clients anyways probably


Below is an example:
Hi marclaporte2,
you or someone registered this email address at tikiwiki.org
If you want to be a registered user in this site you will have to use the following link to login for the first time:

http://tikiwiki.org/tiki-login_validate.php?user=marclaporte2&pass=de7fdd5c84dae05d133dc75948188b4c

Enjoy the site!

If you set the "login_is_user" flag, registration fails with the message "email_not_valid".

The confirmation message for new users has an incorrect order of headers. With cpanel hosting, this is not being recognised as a valid e-mail:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

xxxxxxx@bellsouth.net
Mail sent by user nobody being discarded due to sender restrictions in WHM->Tweak Settings

Here's the header as it's being generated in the current version:

Return-path: <xxxxxxx@vic-fontaine.com>
Received: from nobody by server.yourservermanagement.com with local (Exim 4.68)
(envelope-from <xxxxxxx@vic-fontaine.com>)
id 1JzEQ5-0006m7-Dq
for xxxxxxx@bellsouth.net; Thu, 22 May 2008 12:17:37 -0500
To: xxxxxxx@bellsouth.net
Subject: Your Tiki information registration (www.vic-fontaine.com)
MIME-Version: 1.0
From: xxxxxxx@vic-fontaine.com
Reply-To: <xxxxxxx@vic-fontaine.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <k1a5dd.xpbvyl@www.vic-fontaine.com>
Date: Thu, 22 May 2008 12:17:37 -0500

Password security requirements (length, letters, numbers, etc.) can be specified in Login-Settings, but they are neither displayed on the registration page, nor considered by the password sugestion box. This is more than an annoyance, since it repells users from registration when they have to re-enter and re-choose a password several times and the sugested passwords don't work either.

I want to allow registration without E-Mail.
Even though I have disabled all E-Mail checking it reports a validation failure.
The function validate_email called in tiki-register.php does as first task a format check on the E-Mail and returns false if the format is wrong. Emptpy emails result in false too.
Is this a valid decision at this point?

Introduced in 1.9.9 and fix in 1.9.10.1

See sylvieg or kerrnel22 for details

The "Remember me" feature of login on tw.o sites doesn't really work as it should. On tw.o, dev.tw.o and themes.tw.o it's set via Admin > Login to values "tikiwiki, .tikiwiki.org, /, 1 week" and it lasts only some hour or so and expires then. It's annoying to relogin many times a day.

So, in case someone hasn’t reported it yet; the “I forgot my password” functionality doesn’t work in 1.9.0.

It sends the email fine; but the password included in the email does not work.

Before I start going through the code can anyone explain how the passwords work?

So far I get:

- that the “hash” field is md5(“username” + “password”)
- when I do the “forgot pw” thing it sets the “provpass” field with the pw sent in the email
- md5 of user+provpass though does NOT equal “hash”

I suspect code would be something like:

- if user logs in and there is a provpass set then validate against that password
- and then foprce user to change pass
- then use their new entered pass to make hash and delete provpass

Does this seem about right???

I had two usergroups, then added a third, then went in to remove a user from a group from the Admin Users page. If I go into Admin Groups and click on a group and then go down to Show Users in Group, it shows the correct list with the appropriate users missing from the group that I had removed.

If I go into Admin Users, the list of users shows up and if I look at the line entry for the users I removed from ABC group, the group shows up in italics (''ABC'').

Unless there is a cleanup function I'm unaware of, I think this may be a bug. I'm running 1.9.7 according to the README.

This has also been reproduced on the http://demo.opensourcecms.com site.

I created a user. Then I'm trying to remove the "Registered" group from the groups associated to that particular user. When I click on the little x next to the group it disappears from the user's groups. Then I created a group named "blocked". This group only inherits from the anonymous group. It is created basically to prevent a user from having more permissions than an anonymous user, without removing the account (in order to reactivate the permissions at a later time). What I actually want to do is to deactivate some accounts and reactivate them later. So limiting the permissions to that of an anonymous user seemed an appropriate course of action. After removing the "Registered" group from the user's list, I assign him the blocked group only. This blocked group include the anonymous group and that's it. But, when I go to see the blocked group's permission(it has none of its own), I see some permissions inherited from the anonymous group (which is what I asked for) but I also see the tiki_p_edit permission inherited from the "Registered" group (which is NOT what I asked for). So it seems to me that when you have a user, it belongs necessarily to the registered group. And when you remove that group from the user's group list, it doesn't seem to have any real effect aside from not showing that group in the list. It would be interesting to remove that registered group from some users to deactivate their account temporarily. In any case this seems a bug, either removing Registered should have the expected effect, or it should not be possible to remove that group at all. I would opt for the first alternative.

Related:
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1124

It is possible to list all users in a given group. However, to remove them from the groups, we need to go to another page.

We should be able to remove users from groups on this page:
tiki-admingroups.php?group=Registered&show=1

To be discussed the exact list, but not all characters should be permitted when creating a username. Maybe restrict to the same rules as the prefix in emails.
http://www.remote.org/jochen/mail/info/chars.html


__Example of problems.__

1- Do I want a user Stéphane and another stephane? This can create confusion in who is who in forums, etc
2- Apostrophe:
http://tikiwiki.org/tiki-user_information.php?userId=11351
This doesn't work everywhere.


Related:
[http://dev.tikiwiki.org/tiki-view_tracker_item.php?trackerId=5&itemId=195|Username case sensitiveness]
[http://dev.tikiwiki.org/tiki-view_tracker_item.php?trackerId=5&itemId=265|Username can't have space in it for messageing system Bug]

Notes:

__Self-register vs admin vs import__
At one point (not sure if it's still true) it was possible to create a username with a space as admin (tiki-adminusers.php) but not when self-registering (tiki-register.php)

To be discussed if the restrictions should be the same. Some could argue that they should be less restrictive for admins. Please also see next point.


__Integrating with external authentication system.__
In Tiki, it is not possible to create a username with a space. However, when authenticating against an external system like LDAP, the other system may permits space. How do we handle this?


__International use__
What about characters in languages like Hebrew, Mandarin, and Arabic?


__Usernames in a URL__
Sometimes, the username is used in a URL (in an email for example). So the simpler it is the less risk there is.
UserID vs username
I think the trend is to use the userID more & more (in 1.10) vs username. Maybe this makes it simpler, more robust.


__ Respecting the environment__
We have to figure how to handle existing Tiki installation with these now invalid usernames. Maybe we just tell the admins to correct manually. Or maybe we just solve "from now on"

I visit a page and it says I must login. Since I have no account, I register.

At the end of the registration process, I should be sent back to the page I was trying to access.

Review all mods and decide what should be added to BRANCH-1-10
http://mods.tikiwiki.org/

Please see: ((To mods or not to mods))

criteria:
*license
*size
*security
*potential popularity of feature
*non-reliance on 3rd party code


Plugins that will now be in core (and removed from mods):

*include ok in 2.0, should be removed from mods
*[http://mods.tikiwiki.org/details.php?type=wikiplugins&mod=perm|perm]
*group (ok) should be removed from mods: wikiplugin_group.php
*[http://mods.tikiwiki.org/details.php?type=wikiplugins&mod=files|wikiplugin_files.php]
*wikiplugin_listpages.php ok?, just remove from mods?
*[http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1550|wikiplugin_mouseover.php needs to be fixed, then moved]
*wikiplugin_trackeritemfield.php __done in 2.0__

Reason:
*Great plugins
*Mods installer doesn't work for everyone and there is no documentation for manual install

Copied some suggestion I just throwed on irc..., after fighting each time on some of my production sites to manually send messages to many users which are kind of lost some times at the beggining of their participation in a tiki-site-powered community.

{QUOTE()}
(11:37:39) xavi: I was just wondering about a new and easy improvement of the registration process of new users to a community sit eusing tiki
(11:38:07) xavi: just through allowing an admin to add acustomized welcome message to new users successfully registered to the site...
(11:38:29) xavi: ... with the text and links he might need to tell to new users....
(11:38:52) xavi: ...in a similar way to what mailman does for the welcome message to new users...
(11:39:48) xavi: ...I imagine a simple text area, like site identity does, where the admin can write any simple text (with or without wiki markup? like the newsletter feature does/allows)...
(11:40:45) xavi: ...so that the admin can set that message easily (without manualy searching for the appropiate template to hack through ftp)...
(11:42:48) xavi: ..and the the new user, can review the infos and tips that he/she needs to know on that site: "now you can: # watch that forum where that important thing is discussed.... #join that newsletter/blog/articlefeature to be up to date about news from that community, #review and/or subscribe to that tracker..., ...
(11:45:22) xavi: oh well, I can't code php+mysql myself (yet, at least ;-) ), but I guess that this shouldn't be that difficult nor time consuming to an experienced coder, provided that that person agrees on that this feature is "low hanging fruit" to improve the experience of newcomers to a community, through improving the communication while the first steps of that person in the community site...
{QUOTE}

This could also be important for ((Workspaces)), and ((Organic Groups)). So that, not just to register (join the registered group), but as a customized message per group, so that, when joining a new group (at registration time, or later on through the subscribe groups plugin), you get the specific message with hints, links and remindings of things adapted for that group.

The ((doc:Inter-User Messages)) system is quite nice.

However, it means:
1- That users have duplicate mailboxes
2- And the recipient can't just click reply

On dev.tikiwiki.org, this is not so nice because people already have an internal tiki mailbox on tikiwiki.org

So, let's think about an additional/modified feature called "direct message" or "direct mail".

This would simulate a regular email. (let's plan ahead that this should be able to send other types of messages (jabber, sms, etc.)

The headers could be:
"from" is Full Name ({$Username}) {senderemail}
"to" is Full Name ({$Username}) {recipientemail}
"bcc" to {senderemail} (So we have a trace of what we sent)

In case some spammers get a hold of it, let's have something like this at the bottom:
This message was sent via {$name of site}


Not sure if this should be done with the ((doc:webmail)) feature, or maybe as an option of ((doc:Inter-User Messages))

See how MediaWiki does it for a good example:
http://en.wikipedia.org/wiki/Special:EmailUser/Marclaporte

We already have in version 3.0 on tiki-admin.php?page=login

On permission denied, display login box for anonymous:
On permission denied, send to this url:

Similarly, it would be nice to send people to a specific URL or wiki page upon logout.

Ex.:
"Thank you for visiting"


Some ideas for the future. We should have a section in the admin panel "login/logout/navigation" with things like:

redirect on login (which is group home pages)
redirect on user account validated. Ex.: Wiki page "Thank you for registering"
redirect on logout. Ex.: Wiki page "thank you for your visit"
Close site (except for those with permission). Ex.: Wiki page "The site is closed for maintenance"
Close site when server load is above the threshold (except for those with permission). Ex.: Wiki page "The site is under pressure."
On permission denied, display login module (for Anonymous). (as it does now)
etc.

Also on tiki-admin.php?page=features
Redirect On Error
Custom Home

Seen on IRC:
{img src=images/code.png}%%% {CODE(wrap=>1)}
(10:33:47 AM) ***dthacker also wonders if there is a login-timestamp wiki syntax such as mediawiki's ~~~~ that would auto sign with user id and date/time.
{CODE}


Wiki pages are great to produce Neutral Point of View (NPOV) content. If we need to know who added what, we check the edit history.

For debates, discussions, opinions, etc, people will often use Tiki blogs, Tiki forums or comments at the bottom of wiki pages. These are more natural formats and it's clear who thinks what and who said what. Comments & forum threading make it clear who is responding to who/what.

However, in some cases, it is useful to have this type of interaction in wiki pages. The [http://doc.tikiwiki.org/Editorial+Board|TikiWiki documentation Editorial board] has monthly meetings to discuss and make decisions. Members can edit, comment and vote on motions.

The way people add their comments is not standard and if we are not careful, it can get messy. This often happens in wikis.

Some wikis use a special syntax for "signature". This would be a way to associate the name of the user and maybe the date to a specific comment. It would be nice to clearly and visually associate the user to the comment. Maybe the comment & signature are in a same box?

It would be nice also for people to be able to express support to an idea in the wiki page, with a thumbs up (+1) or a thumbs down (-1). Right now, the wiki ratings feature let's us vote only once per wiki page.

These syntaxes should be quicktags to it's easy to add. Maybe some of the less important meta data (ex.: date of comment) would be only visible on mouse-over. (and thus not in printed mode). The mouse over could also contain a link to the user's personal wiki page and some data about the user (his avatar, score, etc).


Ex.:
*click my PluginComment tool (in toolbar)
*Pre-fill text that will be mouse-overed with previously selected text
**add date & signature (with link to userpage)


Everyone: please share your ideas on this and how you have seen it implemented elsewhere.

Thanks!


Related:
{wish id=2102}

The ID generated by get_user_cache_id is used to create a new directory in templates_c/ . This ID is generated by concatenating all the groups a user is in.
When a user is in many groups the ID exceeds the maximum filename length of my system (FreeBSD 4.11).

Even though global perms allow viewing wiki pages (to Anonymous, for example), assigning an edit perm to another group for a specific wiki page overrides the view perm and Anonymous can't see it anymore unless a specific tiki_p_view perm is assigned to the page for Anonymous.

this is a feature - it is how it works . As soon as you hjave a special perms, you need to redefine all the perm for the page

When using "Reguire Secure (HTTPS) login" you may see this error:

An error occurred during a connection to <domain>.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

Every time a new object gets created (wiki page, blog entry etc) the item recieves only global permissions.

It would help a lot if the admin could define 'standard permissions' for each group for specific features.
(needs to be integrated with improvements to "permissions by category" introduced in 1.9 - which provides a coherent approach for "object" based permissions to compliment user based perms.)

To keep wiki pages inside the group, the admin would assign the read right only to that group, and a member of that group posting a new item would not have to worry about security as much.

Am not sure what to do when user is member of multiple groups... maybe she can select in a drop-down which is the one that wins, or maybe the admin determins that when creating the user?

Reccomendation: Inherit permissions. (particularly for wiki)
The default behavior for a new object should be to inherit permissions from the page it was created from (global if none). Particularly in a wiki, this would facilitate the use of "private areas" - key feature for tikiwiki as groupware so committees. groups, etc. can operate in privacy, if so desired. Whoever create the page should be able to disable this inheriting, but it should be on by default. Admins can then create private wiki spaces by customizing perms on one page (the group home page).

Hello Friends,

I am not a technical person. After I installed latest version of TikiWiki using Fantastico I went to Admin Area and when I finished some modifications in Login Configuration Page I was suddenly kicked out (logged out) but even after several tries I was not able to login again.

Because of this problem I removed my site: http://hub.cc completely. I downloaded the latest version from site: www.tikiwiki.org and re-installed it using my FTP clients. But unfortunately once again faced the same problem.

I therefore request you to please check my site and guide to me how can I Debug this issue!

Many thanks and best regards

Kamaal Makrani

-----

We can now use the login box but it's not very obvious. There should be an icon / button somewere in tiki-adminusers.php

Just after creating a user or adding to a group would be a good time to Switch User and see what (s)he sees.

The "Tiki User Registration Request" email that is sent to admins when a new user registers may not contain enough info for the admin to make a decision as to whether or not to approve the registration. The only link in that email automatically validates the user without any second chance (if the admin thought that after following that link he would be given a chance to review the new user info before validating the unknown user, he will be mistaken).

templates/mail/moderate_validation_mail.tpl should be improved to include any user tracker info that the new user has submitted, or provide a link to view any such user info.

I've installed a new Tikiwiki at http://www.vic-fontaine.com/forum and started configuring it.

Now I have the following: No-one can log in any longer.

Steps to reproduce (at my installation):

* Create new user
* Confirm e-mail
* Log out new user
---> Login not possible

Admin can't log in either. I've managed to reset admin password to "admin". Still can't log in.

I've posted a questin in the forum, but now I believe this really is a bug. If you need more information about my installation, I can give it to you (database entries etc.)
Please feel free to log into my installation as admin if you manage to.

Bugs & Wish list

Bugs & Wish list

Using the same IIS web site:
*You can install 6.0 and successfully login as admin.
*Install 6.1 and 6.2 but neither of them are able to login as admin.

Additional details, as per forum post (http://tiki.org/tiki-view_forum_thread.php?comments_parentId=40416&topics_sort_mode=lastPost_desc&forumId=6):
Trying to use TW on our IIS web site. Have followed all references I could find but have not been able to get 6.1 going.

As a test, I have managed to get 6.0 going, so not sure why 6.1 and 6.2 has issues. Any guidance on how to debug this is appreciated.

Thanks.

Details are:
- Win2003 SP2 and IIS6
- MySQL 5.1 (tried both local and remote server)
- PHP 5.2.17
- Firefox 3.6
- No tildes in the URL
- Tried placing TW in the root of the web site and as a virtual directory
- Have granted the EVERYONE user READ,WRITE & MODIFY access to the web root and all sub folders.
- No PHP errors recorded in the PHP error log

Symptoms:
- Install proceeds successfully.
- DB install states that is is successful (both local and remote DB scenarios)
- Prompted with admin change password screen and successfully change the password.
- Prompted with the Home page, then login as admin and new password, only to be presented with the Home page again, which states:
"Congratulations
This is the default homepage for your Tiki. If you are seeing this page, your installation was successful.

You can change this page after logging in. Please review the wiki syntax(external link) for editing details."

- Try clearing cookies, then logging in and are presented with "You have to enable cookies to be able to login to this site".

Bugs & Wish list

Hello

if i have tiki_p_search-permission so i have all "tiki"-perms too :-(
How can i configure a group (or all users / anonymous) that they can use "search" (most important function of a wiki, i think) whithout make them admin?

There are some settings to
#force a user to validate an email addresses by clikcing a link
#for admins to need to click a link in an email to approve a new account.

But what if emails aren't getting through or to go faster?

An admin should be able to validate an account manually








__Duplicate__
{wish id=1710}

Some users may never receive the validation email (ex.: spam filter) and the tiki admin nevers knows their status.

Tiki admin should be able to manually validate an account.

Hi,

First a warning: I am new here... and new to linux...

I installed tikiwiki and while configuring the categories and user rights I got the Message

Template Error: setRoot: . is not a directory.

It happend calling the page

tiki-browse_categories.php

and it happens with all users I configured, even the adminuser.

Any ideas?

Thanks a lot,

Christoph

for exemple:
http://dev.tikiwiki.org/tiki-categpermissions.php?categId=2

Bugs & Wish list

The link sent to the user for validataion is now missing a questionmark. Here is the linkI received from my 1.9.5 install of TikiWiki while testing features:

http://www.yoursite.com/tikiwiki/tiki-login_validate.phpuser=pony&pass=c424293426130e319fce4f6d9f91c5ad

More to the point. This is the problem:

*tiki-login_validate.phpuser=pony...

Where .php ends it should instead write:

*tiki-login_validate.php?user=pony...

I setup tiki 5.x on CentOS. Installation and initial setup went well. But once I logoff and tried to log back in as admin, or any other users. It always directed me to error 404 says tiki-login.php webpage was not found. I browsed and saw the file was there. Tried to reisntall twice and had same problem. Please help. Thank you.

Could also be a link or a license/confidentiality agreement

When using InterTiki, registration should be sent to master site

There should be a note, only visible to tiki_p_admin that the anti-bot code is not currently here because the GD lib is not there.

Otherwise, user gets an ugly error, clicks "back" and needs to re-enter everything, including [http://en.wikipedia.org/wiki/Captcha|captcha]

I have configured "tiki and pear::auth" in the login section of tikiwiki on a server which did not have the pear php libraries installed.
Next time I try to login with a user (not admin), I see a blank page.

This happens because on line 756 of file lib/userslib.php
$a = new Auth("LDAP", $options, "", false, $user, $pass);
just dies without any error message.

Using 1.10 cvs from mid june 2007 (but I bet that this issue might exist also in 1.9.x)

I wonder whether this is going to be considered as a bug or a RFE by coders... (but I consider it a usability bug).

We need a way to ensure that users accept some conditions at registration time to our tiki site. (to conform our laws of privacy of users information kept by the organization, etc.)
We have just set a new tracker item field of type "checkbox", and set it as <span style="color:black;background-color:#ffff66;">mandatory</span>.
But I (as admin) have been able to edit items without checking that checkbox, without any warning that this field is missing, etc. And I could save the edition without that checkbox. But I did get those messages (as expected) when attempting to leave empty any of the other <span style="color:black;background-color:#ffff66;">mandatory</span> fields...

If not using this checkbox approach, there should be a way to configure such a tracker with a required checkbox or similar to be checked.
---
Update using 1.10svn from end of May'08: this bug is still around...

I just did a test of the Registration tracker at:
http://tikiwiki.org/tiki-register.php

One of the checkboxes was mandatory. Since it's to accept something, it's not clear that I am not required to check it.

A drop-down would have been better in this case.

So when I see that someone reported a bug, I can quickly see their profile. (ex.: to send a private message)

When trying to reset a password for a user you can't click the confirm button on the confirm page. Click the confirm to submit the form gives the javascript error "uncaught TypeError: Property 'submit' of object #<an HTMLFormElement> is not a function" in chrome. This is caused by one of the inputs in the form being named submit. So the function the confirm button calls "javascript:document.forms['confirm'].submit();" is calling the submit input element instead of the submit method of the form. To fix this change the name of the submit button in tiki-adminusers.tpl from "submit" to something else.

Yahoo! now provides OpenID support for all Yahoo! IDs. However, I am unable to login to any Tiki by using my Yahoo! OpenID.

See http://tikiwiki.org/tiki-view_forum_thread.php?forumId=4&comments_parentId=28775

{img src=images/code.png}%%% {CODE(wrap=1)}
(6:51:03 PM) The topic for #sumo is: irc channel for development of http://support.mozilla.com/ || see also mozilla.support.planning (newsgroup) || Next meeting: 2pm PST Dec. 4; http://wiki.mozilla.org/Support/Weekly_Meetings || If you'd like to help test the live chat software PM Lucy
(7:19:06 AM) MarcoZ: Hi there!
(7:19:29 AM) Tomcat: hi MarcoZ :)
(7:19:53 AM) MarcoZ: Hi Tomcat!
(7:20:23 AM) MarcoZ: Can anybody tell the new kid on the blog how to create an article on Sumo? I would like to get an article into the knowledgebase about what's new in the area of a11y in Firefox 3.
(7:20:36 AM) MarcoZ: But I can't find a way (at least none that is obvious to me) how to start an article.
(7:20:55 AM) Tomcat: Lucy: ^
(7:21:20 AM) Tomcat: in case you are awake :)
(7:57:08 AM) marclaporte: MarcoZH: I don't know what the editorial rules are, but just edit a page and change the name in the URL
(8:07:42 AM) MarcoZ: marclaporte, thanks, will give this a try. If I simply do something like support.mozilla.com/kb/MyNewTitle , I get a 404, and an option to create a new page, but with the hint in parentheses that "this page will be orphaned", but without any further explanation to what this implies.
(8:08:18 AM) MarcoZ: djst, hi! This is Marco, the a11y guy :-)
(8:09:44 AM) djst: MarcoZ: hey thre!
(8:10:00 AM) djst: MarcoZ: great to see you around
(8:11:02 AM) djst: MarcoZ: i missed your previous conversation with marclaporte, in case there's anything you're wondering about
(8:11:13 AM) djst: MarcoZ: is the sumo site usable at all as it is?
(8:12:22 AM) MarcoZ: djst, yes it is usable and has good markup. That's not a problem. I just can't figure out how to start a new article. I shot you an e-mail about it earlier, but if you know the answer from the top of your head, we can discuss it here.
(8:13:00 AM) djst: ah yeah, let me see if there's a fix for that. there was a quick edit form in the contributor home page before but i think it was removed
(8:13:02 AM) djst: let me check
(8:14:08 AM) djst: MarcoZ: http://support.mozilla.com/kb/Creating+articles
(8:14:27 AM) djst: that page is linked to from the contributor home page (which should be the page you see when you log in, but currently it's not)
(8:14:43 AM) djst: MarcoZ: this is not optimal, we should make this easier to see
(8:19:38 AM) MarcoZ: djst, thanks this is the starting point I needed.
(8:20:05 AM) djst: MarcoZ: ok. i'm here most of my work days so just ping me if you need any other info.
(8:21:24 AM) marclaporte: :-)
(8:22:04 AM) marclaporte: MarcoZ: are you using JAWS or something similar?
(8:31:45 AM) MarcoZ: marclaporte, yes, on Windows I'm using JAWS, on Linux I'm using Orca.
(8:33:40 AM) marclaporte: MarcoZ: I have a few questions about a11y and wikis if you don't mind
(8:34:53 AM) marclaporte: 1st off: an intro so you get an idea where I am coming from. My name is Marc Laporte and I am a project admin for TikiWiki CMS/Groupware
(8:35:25 AM) marclaporte: I took a course on a11y, but I never really had much real world experience
(8:36:12 AM) marclaporte: I would like TikiWiki to become more & more accessible, hopefully, eventually, fully accessible out of the box
(8:36:49 AM) marclaporte: I have a theory that wiki syntax maybe a positive thing for a11y, but I don't know really
(8:37:30 AM) marclaporte: (compared to standard html CMSs or the ones that use WYSIWYG/rich text editors)
(8:38:32 AM) marclaporte: We currently have no one helping/promoting/testing/etc a11y and I hope this could change.
(8:38:49 AM) marclaporte: so....
(8:39:08 AM) MarcoZ: marclaporte, thanks for your introduction! I started as the accessibility QA at Mozilla last week.
(8:39:28 AM) marclaporte: sweet
(8:41:07 AM) marclaporte: So what is global a11y status in FF as of now?
(8:41:24 AM) MarcoZ: marclaporte, so far what I've seen looks pretty good with JAWS on Sumo. The only real problem I ran into was actually signing up. The captcha system is not accessible at all. There is an accessible chaptcha system called ReCaptcha (http://www.recaptcha.net) that is accessible. That's the one improvement I definitely know Tiki could use. Unless of course, the captcha isn't standard, .
(8:42:01 AM) marclaporte: MarcoZ: I appreciate the feedback
(8:42:04 AM) MarcoZ: well, global a11y status in FF 3 will be a lot better than in 2, primarily because FF3 is also going to be accessible on Linux, not just Windows.
(8:42:18 AM) marclaporte: I see
(8:42:38 AM) marclaporte: Is wiki syntax better or worse for a11y?
(8:42:47 AM) marclaporte: (in general, not specifically TikiWiki)
(8:43:01 AM) MarcoZ: I made the switch from IE quite a long time ago, and there's only one site that I can't use with Firefox. And that's not because of a11y reasons, but because the music store I use here in Germany only works with IE, so every sighted person will also have this problem. :-)
(8:43:28 AM) MarcoZ: I mostly worked on MediaWiki so far, and the Wiki syntax was easy to grasp for me.
(8:43:59 AM) MarcoZ: It is appreciated to have these helper buttons/links available to insert the Wiki tags, so one doesn't have to memorize them all, but editing stuff, and having a feeling I know what I'm doing, is good with Wiki syntax.
(8:46:29 AM) marclaporte: MarcoZ: are you able to use the quicktags? or you type the syntax?
(8:51:33 AM) marclaporte: MarcoZ: I am going to log a feature enhancement request on dev.tikiwiki.org wishlist. May I copy/paste our current discussion in the tracker?
(8:51:33 AM) MarcoZ: The quicktags appear as links for JAWS, so i can simply select one and activate it to insert the quicktags. Works quite nocely actually. :-)
(8:52:26 AM) MarcoZ: marclaporte, sure!
(8:52:59 AM) marclaporte: MarcoZ: so you insert and after you find the text with wiki syntax and you go and change it?
(8:58:04 AM) MarcoZ: marclaporte, yes. For example, the heading level 1 notation is an exclamation mark followed by text, heading level 2 is two exclamation marks. I simply change the text after it.
(8:59:49 AM) marclaporte: Excellent.
(9:00:12 AM) marclaporte: ReCaptcha is very interesting!
{CODE}

This is a useful feature for an Intranet. However it's not so good if the emails are not to be disclosed. I think some code has been done in 1.10 for this. However, the feature probably needs more work.

Problem: users forget their username

But they should remember their email.

Maybe this feature request is not trivial because password is encrypted with username.

But maybe it could be:

user enters email.
Tiki checks what is the username for that email

login is attempted with the username and password



Ideally, system would accept either email or login in interface (case insensitive)

So we know which admin created a login...


We currently have a log entry when a user is assigned to a group, but not when he is unassigned.

Also, we have:
unassigned perm tiki_p_broadcast from group admin

but not:
assigned perm tiki_p_broadcast from group admin



Maybe adding failed login attempts would be good too...

When the feature "use email as username" is turned on, the user creation in the backend fails if "send email to user for validiation" is turned on.

To reproduce this, enable "use email as username" and try to create a new user in the admin-users menu. If "Send an email to the user in order to allow him to validate his account" is checked, the creation fails with a message "email validiation requested but email address not set".

The reason for this is that the html form does not contain an email field (since the email is used as username).

If the user information is set to be Private, the user information is shown in tooltip to Anonymous users. Anonymous users also get a link to the user information, but it tells the user that he/she is not logged in. If the user information is set to public, no tooltip is shown and link is active.

Environment: TikiWiki 3.1, danish translation

admin home/community/user preference screen is on

* Created a user tracker with a user preference field, "realName", which is asked from the user at registration time. One can fill in at registration an edit box for the field, but the field is not updated. Neither is the realName user preference set (if looking at the user preference screen).

* If the realName user preference is set on the user preference screen, it does show up in the tracker.

* The view_tracker_item / edit tab does not show an edit box. (another bug perhaps)

unknown
* if it worked for email user pref.

known
* a standalone tracker plugin does work either, while the item's last modification date changes (used for an existing tracker item, offering a single input field to change the real name)
* wikiplugin_tracker.php does not contain any 'p', which would refer to the user preference type

Workflow.tikiwiki.org is running 1.9.8.3. I was playing around with InterTiki settings and enabled pulling of UserPrefs from the master site. I know on the mater site, my particular user ID has privacy turned on such that my information is not visible to users.

When I go to wf.tw.o as an anonymous user, I can hover my cursor over a user (such as myself) and it will show a box with my information...email address, location, etc. When I try and do the same on the tw.o master site, I get "user information is private" or something.

I'm wondering if there is a bug or oversight with InterTiki where it is not pulling all of the user preferences, and if that is the case, if someone can fix it so that privacy settings are honoured?

Thanks!

Not sure if this is prevalent in 1.10.0 or not, but...

User twentytwo had problems in IRC with user registration set to ON with validation set ON. When the regisration form was submitted by the new user, the script would bomb with an SQL error because the first three fields were nulls and couldn't be.

I could only reproduce this bug when User Registration was turned on, with validation also turned on, but with General->Sender email UNSET. So during setup, the sender email was not set. As I also do not have this set at home since I don't want to send any emails, I was able to reproduce the problem. With sender email SET, there is no DB error.

Not sure if this is prevalent in 1.10.0 or not, but...

User twentytwo had problems in IRC with user registration set to ON with validation set ON. When the regisration form was submitted by the new user, the script would bomb with an SQL error because the first three fields were nulls and couldn't be.

I could only reproduce this bug when User Registration was turned on, with validation also turned on, but with General->Sender email UNSET. So during setup, the sender email was not set. As I also do not have this set at home since I don't want to send any emails, I was able to reproduce the problem. With sender email SET, there is no DB error.

in templates/mail/moderate_validation_mail.tpl this line is converted badly by smarty:
{$mail_machine}?user={$mail_user|escape:'url'}&pass={$mail_apass}}?user={$mail_user|escape:'url'}&pass={$mail_apass}Hi

to

http://www.olgpuchong.org/community/tiki-login_validate.ph?user=paulquek&pass=ef786a8eac742d7502b87668f5132cf7

were
tiki-login_validate.php has a missing "p"

this result in bad link for user registration validation

Users can have several status:
*new account (needs to be validated)
*normal account.

Maybe we will want more in the future (ex.: suspended)

It would be good for the admin to be able to see the status in tiki-adminusers.php, filter by type and change/override the status. Ex.: a user never received the validation email because of spam filter.

Users Information Tracker Fields Asked at Registration Time
(fieldIds separated with :)
corresponds with the Tracker plugin's fields

No autoassign is possible by the time of registration, while the plugin would offer that TW5<=.

I would like to send a message to my users, with a unique URL, so they can update their user tracker without needing to login.

Please see:
((doc:User Preference Field))
((doc:User Trackers))


Missing:
Avatar, Full name, URL, avatar, etc.


Also, each relevant field here should optional tiki-user_preferences.php

Userlist accessed from Community menu displays on page 1 the first 10 of my 18 users, on page 2 I see 8 users but they are names from the first list and in different order!!! This wiki is a fresh install of 1.9 using a DB sucessfully(?) upgraded from 1.8.5

When user has spaces in their name they can`t use messaging system
try "test user" as username

In earlier versions of Tiki, usernames for login were case insensitive.
marclaporte = MarcLaporte

Now, they are case sensitive:
marclaporte <> MarcLaporte

This is a usability problem, especially with non-technical users.

When trying to login with their username (with a different case) they get "Invalid username or password".

So they try to use tiki-remind_password.php (again with the wrong case) The error message is: "Unable to send mail. User has not configured email: MarcLaporte"

So they end up trying to create another user. When they try to create a new user with a different case, they get an error "User already exists". If usernames are really case sensitive, I should be able to create 2 distinct users, MarcLaporte and marclaporte. This would obviously lead to confusion.

My request / suggestion:

Restore case insensitiveness in usernames for logins (or at least restore the option with much better error messages when in case sensitive mode)

Thanks!

M ;-)

I have two users at tw.o: xavi and xavidp. Both with lower case.

I can log in on doc.tw.o using either Xavi or xavi. When I log in with user Xavi, when I click on watching adding a page, or watching another page, I get this type of error:
{CODE(wrap=>1)}
An error occured in a database query!

Context:
File tiki-editpage.php
Url tiki-editpage.php
Query:
insert into `tiki_user_watches`(`user`,`event`,`object`,`email`,`type`,`title`,`url`) values(?,?,?,?,?,?,?)
Values:
0 Xavi
1 wiki_page_changed
2 Tikiwiki 1.10 ca
3 NULL
4 wiki page
5 Tikiwiki 1.10 ca
6 tiki-index.php?page=Tikiwiki 1.10 ca
Message:
Column 'email' cannot be null
Built query was probably:
insert into `tiki_user_watches`(`user`,`event`,`object`,`email`,`type`,`title`,`url`) values('Xavi','wiki_page_changed','Tikiwiki 1.10 ca',NULL,'wiki page','Tikiwiki 1.10 ca','tiki-index.php?page=Tikiwiki 1.10 ca')
{CODE}

Click on "Delete my account" as user has no effect. The user has the permission "tiki_p_delete_account". A look into "tiki-user_preferences.php" shows, that the button "deleteaccount" is not handled.

TikiWiki 4.2

Tested with R26214. Delete-Button didn't work yet. Perhaps forget the upload?

Users do not receive registration confirmation emails.

whereas admin does receive the registration asks by email and also receive its watch notification.
(which seems to exclude configuration php.ini config...)

Using 1.9 cvs from a week ago (more or less)

I made a site (in a multitiki install as subdirectories, in case it matters) with "Request passcode to register:" off, and "Prevent automatic/robot registration" as on. New registrations work fine.

( http://moviments.net/valldelcorb )

Then I shifted to "Request passcode to register:" on (and a simple string of 8 letters, no special chars., in "request passcode to register", with checkbox on), and Prevent automatic/robot registration as off. New registrations fail.
I tried myself with several new users, or emails (and e-mail domains), and I don't get any confirmation email.

I created another site on the same multitiki installation on the same server, with a duplication of the same database to start with, and set back login params. as "Request passcode to register:" off, and "Prevent automatic/robot registration" as on. New registrations with same user details (username, password, email) and they work fine. I get the confirmation email in less than 5 min.

( http://moviments.net/drecerca )

It looks like a bug is hidden somewhere there...
--------
Update: April 17th

It's kind of weird.... On a third site in the same multitiki install (on the same server, of course), tiki registration works ok having "Request passcode to register:" on (and a simple string of 13 letters), and Prevent automatic/robot registration as off.

http://moviments.net/diaspora

Weird... I wonder if this is not some configuration problem... in that tiki, even if I did (that I remember of) nothing different from the other tikis.... :-/ ¿?
-----------
Update August 11th 2007
Updated 1.9 cvs code from today in
[http://margalef.ourproject.org]
which have both request passcode to register as on, and prevent automatic registration of robots as on.
I got the confirmation email to my inbox, I clicked on the full link to validate the new registration request (it was from a google account, recognizing properly the full url link), but I got the answer from the tiki site:
"User or password not valid" (or something similar, since I have translated it from another language)
Still something not fully fixed around there...
-----------------
^
-=Update August 12, 2007=-
I close the bug, since I cannot reproduce it myself in many sites. And I marked as not enough information, since it seems that on one of the sites, the problem is still there.^

I updated the 1.9 cvs code and cleaned tiki caches. There is still some problem on the http://moviments.net/valldelcorb installation, which is using a modified twist theme (in case it matters, even if not using any special template for registration of mail sending). If request passcode to register is on, no messages are received to mailboxes (tried on 2 different ones).

But on other installations of the same multitiki (for instance, http://moviments.net/drecerca , based upon a modified planetfall theme), mails are sent ok, and once validated the link, the account is successfully created, etc.

Last, but not least, I've realized on the http://margalef.ourproject.org tiki install (not multitiki at all, and on another server; using also a modified planetfall theme), last time (the trial from yesterday, August 11th), I received a second email message 3 minutes later, to the same mail box, and regarding the same single user account request made from me, with a different url to validate the account (something weird, isn't it?). This second url worked fine to validate the account, but not the first.

In any case, with updatd cvs code from today, I got normal behavior for new registrations on http://margalef.ourproject.org , using "request passcode to register" as on.

Whatever it was, it seems mostly fixed. And since it seems that I'm only the one with this weird behavior, I close the bug report.
If anybody else find similar problems, just reopen.

Thanks for checking the code for this issue, for those of you who invested time to check that the code was ok.

Tiki newsletter works well for small volumes.

But for large volumes, as with any web app, sending emails from a server can be a challenge. Risk of being flagged as spammer, high server load/difficult to throttle, limits from your web hosts (ex.: max x emails per hour), etc

A helpful alternative would be something like this:
https://addons.mozilla.org/en-US/thunderbird/addon/4883

So my Thunderbird client or desktop newsletter application (ex.: [http://gammadyne.com/mmail.htm|Gammadybe Mailer]) should be able to access the TikiWiki database to generate recipient list.



---

Another approach is to make the Tiki contacts (address book) accessible via the LDAP protocol and thus, email clients can access.

Related:
http://www.egroupware.org/egroupware/index.php?menuaction=wiki.uiwiki.view&page=AddresbookAccountsConcept

Tikiwiki is using preg_replace with /e modifier. On some systems this feature is disabled. You can neither access the installscript nor will there be any emails sent. The email-script simple dies with no further information.

This feature gives very weird results. I gave it two valid emails and one failed. I think mose fixed it for 1.10 The fix should be backported is deemed stable.

We only need to check if email provided is in right format without actually trying to test if domain exists.

Please make sure it handles not only .com and .net but also domains like .com.uy, .co.uk and .info , etc

1- User registers

2- System sends email (to validate user controls that email)

3- User clicks and is sent to tiki-login_validate.php?user=abc&pass=xyz


The admin should be able to override to send a wiki welcome page for new users or to user tracker form.

Hello, I'm using tikiwiki 1.9.7 and we have several virtual wikis installed at present. The problem is that the groups we get in the admin section are the groups from the virtual wiki that last made a modification to its groups. So sometimes, on the virtual wiki on which I'm admin, I see the groups of another virtual wiki, and not my own groups. The same happens for the categories. (This might also affect other domains that I haven't identified).

What seems to be happening, is that once there is a modification to groups in one of the virtual wikis, the cache is updated with that content and it seems that all virtual wikis must share the same cache... The exact cause would have to be investigated properlly as this is only an assumption deduced from the symptoms. What I do know, is that in the wiki admin section, I made sure that the cache was set to 0 (no cache), and that the individual cache checkbox was unchecked (no sure what this is supposed to do). So if this is a cache problem, it apparently occurs with a cache that you have no choice of using. Also, it can't be a browser's cache because I never go to the other virutal wikis, so there is no reason these other groups should appear in my browser suddenly.

When I do go in the groups section, the right groups are listed on the page in the section 'list of existing groups' , but in the include box of the 'add new group' section, the groups are wrong.

Well that's about it, I hope this is enough information to solve this bug. Let me know if you need specific information I haven't included in this report.

Kreugen

Tiki Version 1.9.7.
Not disclosing the vulnerability here, please contact me asap. URGENT !!!

onno.paap@gmail.com

With Web Auth there are some issues with conflicting features and the User Administration Process.

1) FEATURE REQUEST: Should be able to point to the relevant file that contains the .htpasswd information. It would be outstanding if TikiWiki could parse/edit this file so it can also act as a front end for user password control and distribution. TWiki does this.

2) BUG/CONFLICT When adding users to TikIWiki, the username naturally has to match the username already set for the .htpasswd file. However, one is not allowed to set a 0-length password for that user. This appears to force the admin to enter _something_ but it also appears that this something has no effect<?>
The user who logs in to the htpasswd protected realm will naturally be logged into the TikiWiki account with the same name (as described) but the different password is irrelevant.

In 1.9.0 (and probably 1.8.x), it is possible to delete a calendarId (ex.:1)

When this happens, all calitemId are set to calendarId=0

Items are still in the database but inaccessible.

I could be nice to have a kind-of "History Flow" application, or feature, integrated in the Wiki.
Such as the "History Flow" ([http://researchweb.watson.ibm.com/history/]) developed by people from MIT and owned by IBM (afaik)

I'm not skilled on CVS, but I wonder if this is already developed for CVs applications. (gCVS, for instance, for GN/Linux Gnome)

And from thepoint of view of Tiki, I know there is the option "export all" tiki versions of a page, at wiki page edit time. Could this be used to see more easily all the changes that a user has made to a document, etc.?

(I'm thinking in the educational scenarios where as teachers we have to review a user contribution to a collective document, and grade it, etc.).

Please see ((WikiBlame)) and ((WikiTrust))

example: TikiWiki used to coordinate volunteer organisation (eg Scouts) with branch hierarchy.
Individual or a Manager at any level above should be able to maintain their contact record.
There needs to be some functionality to transfer individuals between managers, eg when the manager leaves/moves.

I switched from LDAP Pear:auth to "Tiki-Only" where Users can Register BUT need a confirmation from the admin.
The admin got a Message like this
[...]
To Confirm.... klick:
tiki-login_validate.phpuser=user1&pass=c3746eb1baa6d209128b392680a5329c
[...]
The question mark for PHP-Code is missing so and the Link is invalid. I've to copy the Link and paste the question mark manually

When I click a user, I am offered to send him a message. But then I get:

User XYZ can not receive messages
ERROR: No valid users to send the message

1: WYSIWYCA: I should not be offered to send a message if the user has disabled that. (frustrating to write such a message for nothing)

2: tiki-user_preferences.php: "Allow messages from other users" default should be yes

3: tiki-user_preferences.php: "Send me an email for messages with priority equal or greater than:" default should be "3"

tiki-admin.php?page=login
3- Users accept internal messages by default: default should be yes -> $allowmsg_by_default

4- Users can opt-out internal messages: default should be yes -> $allowmsg_is_optional


All these should be the default settings (most logical) if a Tiki site admin choose to activate inter user messages.

Related:
Easier Inter-user message management for Tiki admins:
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=959

Also related:
Should sender email be disclosed when receiver gets notification via email? goals: balance privacy & facilitate communication/collaboration

Contributors