[pmwiki-users] How do I only let authorized users edit pages?

[Patrick R. Michaud]

On Sun, Jul 24, 2005 at 03:52:49PM -0700, John M. Gabriele wrote:
> Ok, I tried it, and I made a small update to 
> http://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin
> but my page still lets me make a change without having to
> type in a password. Why isn't it asking me for a password?
> Do I need to restart something?

Note that once you've entered in the password into your browser,
you may not be asked for that same password again.

> > scripts/authuser.php is pmwiki's build in script for user
> > authentification, providing a login form with name and password
> > fields.
> 
> It sounds like there's a lot more to it than that. (?)
> 
> It almost makes it sound like pmwiki has that notion of users
> with passwords... but I'm not seeing anything like that in pmwiki
> except for that cookbook AuthUser thing.

User-based authorization is being slowly added into PmWiki.  I held off
for a very long time because for most of my purposes, maintaining
a set of usernames and passwords is much more of a hindrance than
a help.  It's *far* easier for me to tell my small groups of editors 
"the edit password is 'xyz'" than it is for me to require each one of
them to register, be added to a list of authorized editors, and 
have to worry about what to do when one of them forgets their individual
password.  

PmWiki's authuser.php script takes the approach that there are many
forms of authentication; some admins already have authentication systems
in place (e.g., via existing .htaccess, MySQL databases, LDAP, 
Active Directory, RADIUS, other), so rather than require all sites
to maintain "yet another user account/password" system just for PmWiki, 
PmWiki gives the flexibility to make use of existing ones.  But because 
of that, we haven't developed a full-fledged username/password system
for people who don't already have one, which is what you're finding to
be "missing" at the moment.  :-)

Right now, I find the easy way to handle usernames and passwords in 
PmWiki is to put them directly in config.php and use the authuser script.
So, in local/config.php you can do:

    $AuthUser['alice'] = crypt('alicepassword');
    $AuthUser['bob'] = crypt('bobpassword');
    $AuthUser['carol'] = crypt('carolpassword');
    include_once('scripts/authuser.php');

    $DefaultPasswords['edit'] = 'id:*';

and then only Alice, Bob, and Carol will be able to edit pages on the
site (unless a group or page overrides the site password).  

Eventually, someone (maybe me, maybe not me) will likely write a cookbook
recipe that builds on authuser.php and allows new site visitors to 
register for an account, set a password, change a password, 
recover lost passwords, etc.  Then we'll take a look at it and
see about incorporating it into the main distribution.  But we just 
don't have that yet.

Pm