Dear all!!

I installed dbman with identical versions of *.cfg and *.pl files on a first machine and every thing worked fine. When I call the script with:
www.host1.com/cgi-bin/frauenoffensive/db.cgi?db=middle
I receive the logon screen and I am able to login as a user called michaels and a session is established and I am forwarded to the main screen.

But when I do the same an the second machine like
www.host2.com/cgi-bin/frauenoffensive/db.cgi?db=middle
I am forwarded directly into the main screen without having the possibility to login.
On the other hand by calling the script as a default user like
http://www.host2.com/cgi-bin/frauenoffensive/db.cgi?db=middle&uid=default
I do not have problems and I can perform all the activities granted for the default user.

What could be the problem?

Sincerely Michael

PS: here is what I did in the middle.cfg file

# Authorization Options
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0;

# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 21600; # 6 hours (in seconds)

# Enable (1) or disable (0) logging.
$auth_logging = 1;

# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;

# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 0;

# Permissions a new signup should get.
@auth_signup_permissions = (1,1,1,1,0);

# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;

# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 0;

# Auth user field. This is the field position in the database used for storing
# the userid who owns the record. Set to -1 if not used.
$auth_user_field = 22;

# URL to send user if they chose log off. Leave blank and the script will return to
# the logon prompt (although this only makes sense if you are using authentication).

It probably has to do with the server software at "host2."

Here's how to get around it.

In auth.pl, sub auth_check_password, delete (or comment out)

my ($server_auth) = $ENV{'REMOTE_USER'} || $ENV{'AUTH_USER'};

In the same file, sub auth_check_permissions, comment out the following lines:



Unless you are using .htaccess to protect your directories, this won't cause any problems at all and should fix your problem.

JPD
http://www.jpdeni.com/dbman/

Dear JPDeni ... good morning!

I expected such an answer. There is only a big question left!

Doing this modification will result in a dbman version that does not use authentication any more or will I be still able to use usernames and passwords in order to access the record in the database like in the original version?

Sincerly Michael

This modification will only affect server authentication. As I said, "Unless you are using .htaccess to protect your directories, this won't cause any problems at all and should fix your problem." So you will be
still able to use usernames and passwords in order to access the record in the database like in the original version.


JPD
http://www.jpdeni.com/dbman/

Dear JPDeni!

I just tried what you proposed. Now I see the logon screen and when I log on as admin or as normal user I see the full range of possibilities granted to the admin or to the normal user level in the main menue screen. But as soon as I want to perform one of the possible actions shown in the footer I receive the error screen telling me that I do not have permission to do the requested action For example if I press "admin" I receive:
( Error: Unauthorized Action
The database program received a command that you are not authorized for. ) And the footer shows only "home and logoff". It seems that the program forgot the user who logged in.

Do you suggest to do deeper going modifications?

Something else concerning the variable $ENV{REMOTE_USER} and $ENV{AUTH_USER}. Are these variables received from the server or from the operation system.?

Sincerely Michael

$ENV{REMOTE_USER} and $ENV{AUTH_USER} are sent from the server.

When you click the "List All" link, what comes up in the Location window in your browser?


JPD
http://www.jpdeni.com/dbman/

Hallo...

After cklick on "list all" I see the following:

Error: Unauthorized Action

The database program received a command that you are not authorized for.

| Home | Log Off |

and the source that is generated from dbman shows:

<html>
<head>
<title>Artikel - Vorschau - Datenbank: Error! Unauthorized Action.</title>
</head>

<body bgcolor="#DDDDDD">
<center>
<table border=1 bgcolor="#FFFFFF" cellpadding=5 cellspacing=3 width=500 align=center valign=top>
<tr><td colspan=2 bgcolor="navy">
<FONT FACE="MS Sans Serif, arial,helvetica" size=1 COLOR="#FFFFFF">
<b>Artikel - Vorschau - Datenbank: Error! Unauthorized Action.</b>
</td></tr>
<tr><td>
<p><center><font face="verdana,arial,helvetica" size="4"><b>
Error: <font color=red>Unauthorized Action</font>
</b></font></center>

<font face="verdana,arial,helvetica" size="2">
The database program received a command that you are not authorized for.
</font>
</p>
<P align=center>| <A HREF="http://www.frauenoffensive.at/cgi-bin/frauenoffensive/db.cgi?db=middle&uid=michaels.9654922449674" class="teastext">Home</A> | <A HREF="http://www.frauenoffensive.at/cgi-bin/frauenoffensive/db.cgi?db=middle&uid=michaels.9654922449674&logoff=1" class="teastext">Log Off</A> |</p>
</td></tr>
</table>
</center>
</body>
</html>


The user is still in but it seems that after the main screen no more rights are granted.

Sincerely Michael

What I need is before that, sorta.

In your browser window, there should be a place where the current URL prints out -- the same place where you can type a URL. What I need to know is what that URL is.

It should look something like
http://www.server.com/cgi-bin/dbman/db.cgi?db=default&uid=username.7865433568&ID=*&view_records=1

What I really need to see is everything after the question mark.


JPD
http://www.jpdeni.com/dbman/

Yes, now I understand.

The location window shows:

http://www.frauenoffensive.at/cgi-bin/frauenoffensive/db.cgi?db=middle&uid=michaels.96558411239834&view_records=1&ID=*

Michaels

Dear JPDeni

Now it is working fine!!!

The mistake in the auth.pl file was that I commented out the line:

($userid =~ /^([A-Za-z0-9]+)\.\d+$/) ? ($username = $1) : return (0,0,0,0,0);

Thank you very much for your help...

Michaels