<br><br><div><span class="gmail_quote">On 10/19/07, <b class="gmail_sendername">Johnny Ernst Nielsen</b> <<a href="mailto:j_e_n_pub@yahoo.dk">j_e_n_pub@yahoo.dk</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Fredag 19 oktober 2007 17:38 kvad Jeff Schallenberg:<br>> I have just installed a pmwiki site on my Ubuntu server.<br>><br>> It works and looks great - I have configured a logo and a skin, I<br>> can create and edit pages - but that is the problem. This site is
<br>> to be used for a private non-profit group - less than a dozen<br>> users. I would like to allow viewing, editing and uploading only by<br>> this group.<br>><br>> I have edited the config.php file to include the following lines:
<br>><br>> $DefaultPasswords['admin'] = crypt('secret');<br>> $EnableUpload = 1;<br>> $DefaultPasswords['upload'] = crypt('secret');<br>><br>> But, even after restarting the server, I can still edit pages
<br>> without entering any password. If I check the recent changes, I<br>> see:<br>><br>> -<br>> HomePage<<a href="http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.HomeP">http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.HomeP
</a><br>>age>. . . October 19, 2007, at 08:54 AM by ?:<br>> -<br>> NewPage<<a href="http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.NewPag">http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.NewPag
</a><br>>e>. . . October 19, 2007, at 08:42 AM by ?:<br>> -<br>> WikiSandbox<<a href="http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.Wi">http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.Wi</a><br>
>kiSandbox>. . . October 18, 2007, at 08:49 PM by ?:<br>><br>> So, pmwiki doesn't even know who is editing!<br>><br>> How can I protect my pmwiki site so that I have admin privileges,<br>> and group members have read, write and upload privileges.
<br>><br>> I have read the documentation on security and passwords, and I<br>> understood that setting passwords in config.php was sufficient to<br>> limit edit privileges to users who know those passwords.<br>
><br>> What am I missing?<br>><br>> Thanks for your help! And thanks for the great software!<br><br>We are all newbies in different fields. It's all right.<br><br>There are two ways.<br><br>One with passwords, but no usernames.
<br><br>One with both user names and passwords.<br><br>For the first method you need to add the proper passwords to the<br>proper actions.<br><br>Add to your config.php:<br>$DefaultPasswords['admin'] = crypt('adminpassword');
<br>$DefaultPasswords['read'] = crypt('readpassword');<br>$DefaultPasswords['edit'] = crypt('editpassword');<br>$DefaultPasswords['attr'] = crypt('attributespassword');<br>And so forth.
<br>You get the idea.<br>Se the details here:<br><<a href="http://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin">http://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin</a>><br><br>With this method you give the same password to all who should have the
<br>same permissions.</blockquote><div><br><br>NOTE that this is the default way of securing a PmWiki site, and your users will still be able to enter an "Author" name for each edit -- in fact, one simple addition to this scheme is to require an Author name for each edit. This scheme is almost always sufficient for the kind of use you are envisioning. For my small businesses and nonprofit clients, I almost always use this, and very, very seldom have any reason to even discuss a user-based authentication scheme with them.
<br><br>This is simple to operate and maintain unless you want to have an elaborate system of different permissions for many different areas of the wiki. Even then it's still usable.<br><br>Here's what I have in my standard
config.php file<br><br> $PmWikiAdmin = crypt('adminpasswordhere');<br> $PmWikiUser = crypt('userpasswordhere');<br><br> $DefaultPasswords['admin'] = $PmWikiAdmin;<br> $DefaultPasswords['attr'] = $PmWikiAdmin;
<br><br> $DefaultPasswords['edit'] = $PmWikiUser;<br>
# $DefaultPasswords['read'] = $PmWikiUser; //if you don't want your wiki to be publicly viewable<br>
<br> $HandleAuth['source'] = 'edit'; //require edit password in order to view wiki source for a page<br> $HandleAuth['diff'] = 'edit'; //require edit password in order to view page history
<br><br> ##example array of passwords<br> # $DefaultPasswords['whatever'] = array(crypt('alpha'), crypt('beta')); //how to do it if you need more than one<br><br> //Require author name -
<a href="http://www.pmwiki.org/wiki/Cookbook/RequireAuthor">http://www.pmwiki.org/wiki/Cookbook/RequireAuthor</a><br> $EnablePostAuthorRequired = 1;<br><br> //Author cookie<br> include_once("$FarmD/scripts/author.php");
<br> if($AuthId && !@$_COOKIE[$AuthorCookie]) {<br> $Author = $AuthId; setcookie($AuthorCookie,<br> $Author, $AuthorCookieExpires, $AuthorCookieDir); }<br><br><br>Happy wiki-ing!<br><br>Tegan<br></div></div>