[pmwiki-users] Hiding pages and groups for not loged in visitors

Crisses crisses at kinhost.org
Tue Oct 24 10:40:25 CDT 2006


On Oct 24, 2006, at 10:15 AM, Bart wrote:

>
> Hi,
>
>
> I am using Pmwiki as a kind off CMS and I like to do some hiding  
> for not
> logged in visitors. I use authuser.php to control how can edit the  
> site.
>
> Things I like to accomplish preferable by customizing the local  
> config.php

The only password protection that should be done from config.php is  
site-wide customizations -- such as "no one can edit any page unless  
they're logged in" -- then you would use config.php.

There's good reason for this -- since people can use directives like  
(:include PageName:) in another page, the only way to have proper  
security on the site is to consistently customize groups and pages  
within the wiki itself -- then it saves the authentications needed  
with the actual page data.

> When _not logged in_  (not being logged in with auth=edit is  
> acceptable test)

To password a whole group use:

GroupName/GroupAttributes?action=attr
Replace GroupName with the name of the group in question.

to password a single page:

GroupName/PageName?action=attr

to require users to be logged in use "id=*" which means "anyone  
logged in"

> I want to perform the next:
>
> Hide a given list of groups and pages from displaying (e.g. pmwiki) on
> typing the url (or defining the groups and pages that do show up)
>
> Hide a given list of groups and pages from showing up in the search  
> result
> (or defining the groups and pages that do show up)

These are a bit more advanced, but properly read-protected pages  
should not show up in pagelists and search results.

> Only show groups pages from a give list in on the: "all recent  
> changes"

That's a question I can't personally answer.

> When a page has a read password set I want to control if a login  
> page is
> presented (normal behavior) or that the page not found page is  
> presented.

If you wanted this for a whole group, I would add:

GroupName/GroupHeader:

(:if !authid:)
(:include LoginFormPage:)
(:ifend:)
(:if authid:)


Then to GroupName/GroupFooter:
(:ifend:)

Now the body of the page is enclosed in an "if you're logged in" -- I  
think this would work, but you should test it.

If you have 100% control over a page you can add something like this  
to the page itself.  I've used this for a few features lately.  I  
have a login page that switches to a "change your membership" page if  
you're logged in.

> E.g by defining a list of pages that do or do not give the login page.
> Or if this is a real problem I like to be able turn of the whole login
> capability for read only pages. In this way they are only  
> accessible for
> user that have logged in in the first place.

I'm not sure what you mean here....  If I'm not barking up the wrong  
tree, and you can explain this better, I'll try to answer it.

> I have looked into CMSMode as this performs some of what I like to  
> do, it
> has a whole another approach of accomplishing these things.
>
> Any help on this is welcome.

Hope this is helpful....

Crisses




More information about the pmwiki-users mailing list