Summary: Add login and logout actions and pages Status: Superseded Version: 1 Prerequisites: pmwiki-2.0 Maintainer: Categories: Superceded Votes: 5


How can I provide a Login page for valid users with passwords and a Logout page for removing used passwords and author names from the session, to help especially someone to log out when using the wiki from a public computer?


As of 2.1.beta9 ?action=login and ?action=logout are a part of the core distribution.

Add a ?action=logout and/or ?action=login and various mechanisms to display login and logout links and pages.



See below for code fragments you can place in the skin.php or your config.php. More simply, here's a login recipe (based on Klonk's loginlogout.php, below).
Download login.php?, and place it in your cookbook directory.

Then just add the following line to your config.php:


This adds ?action=login; after using it, you are redirected to the page you were on before calling the action.


Admins may implement a short session (one that expires in 5min, for example) But that's frustrating when editing long pages and having to re-enter the read password.

OR we could add a bit of code to kill the current session and related cookies.

The following code adds ?action=logout, add this to local/config.php (or a skin.php):

##adds action=logout
global $HandleActions;
SDV($HandleActions['logout'], 'HandleLogout');
function HandleLogout($pagename) {
        if (isset($_COOKIE[session_name()])) {
                setcookie(session_name(), '', time() - 42000, '/');
        if (isset($_COOKIE['author'])) {
                setcookie('author', '', time() - 42000, '/');

Main.Logout is a page giving some positive feedback that the action was successful, like

%center%%red%[+You have successfully logged out and started a new session.+]

Of course, you can redirect to Main.HomePage or any other page that's not read-protected.

To redirect to the page you were before the logout just use:


To provide the interface, for instance place in the skin template as part of the page action links

<a href='$PageUrl?action=logout'>$[Logout]</a>

or place on a page to be included in the page template (preferably at the top), markup like:

Author: - %green%'''''{$Author}'''''%% - [[{$Name}?action=logout | Logout]]

or the following, which includes a login/logout switch, i.e only one set of links will be shown:

*%green%(:if ! auth edit:)''Welcome Guest''%%
*%green%(:if auth edit:)''Welcome {$Author}''%%
*[[{$Name}?action=edit | Edit]]
*%item diff%[[{$Name}?action=diff | History]](:if:)

ToDo: add code fit to be placed in the skin template itself.

Hint: check the calls available in LayoutAdvanced.

Other Hint (for skin.php):

$page = RetrieveAuthPage($pagename, 'read', false, READPAGE_CURRENT);
if ($page['=auth']['edit']) {
  # visitor has edit permission
} else {
  # visitor doesn't have edit permission


Method 1

If you want also to use a ?action=login, add this to local/config.php (or a skin.php):

##adds action=login
SDV($HandleActions['login'], 'HandleLogin');
    $DefaultPasswords['LoginAction'] = ' ';
function HandleLogin($pagename) {

Here LoginAction is used as a virtual password, that is used nowhere else, but as it is set globally it requires the password prompt. Providing the interface is done the same way as above with logout. After the login you stay at the page you were before. If you want to show a different page e.g. Main.Login then just change the redirect accordingly.

As an alternative AuthUser provides a way to prompt for a user name and password. If AuthUser is installed a simple Login page can be created, lets call it `Main.Login, with a simple message, like

     !!Welcome {$Author}

plus perhaps content which may be conditionally displayed, depending on who is accessing the page. Now set the page attribute read:somepassword. With AuthUser you can set several passwords like id:guest,bob,nancy. Finally provide a link to this read-protected page, in the SideBar or the page top menu, as outlined above. A user can click Login, which opens the username and password prompt, and after succesful login a welcome message.

Note that this needs AuthUser installed, and login not through the Login page is also possible. If AuthUser is not used a password will still be prompted.

Method 2

Here's another approach, which I believe has the following advantages:

  • It's relatively simple.
  • It allows you to log in regardless of the page's attributes.
  • It doesn't force you to log out if you use a wrong password.
  • It allows you to choose the level of authorization: edit, upload, or admin.
## Login actions
global $HandleActions;
// Edit
SDV($HandleActions['login'], 'HandleLogin');
function HandleLogin($pagename) {
  RetrieveAuthPage($pagename, 'edit');
// Upload
SDV($HandleActions['loginupload'], 'HandleLoginUpload');
function HandleLoginUpload($pagename) {
  RetrieveAuthPage($pagename, 'upload');
// Admin
SDV($HandleActions['loginadmin'], 'HandleLoginAdmin');
function HandleLoginAdmin($pagename) {
  RetrieveAuthPage($pagename, 'admin');



If you don't want to place the above code fragments in the skin.php or your config.php just download Attach:loginlogout.php and place it in your cookbook directory.

Then just add the following line to your config.php:


In this version you are redirected to the actual page you were before calling the action login or logout.

Notes and Comments

The script doesn't work with PmWiki 2.1.beta3. What has changed?

Can one define markup for an action=login, similar to the action=logout, so login can happen while staying on the current page?

  • It's done, see above --Klonk

PmWiki 2.0.5 onwards adds an action=logout (so you won't need to define it). If you want the visitor to be redirected to another page upon logging out, use the $LogoutRedirectFmt variable, as in:

  $LogoutRedirectFmt = 'Main.Logout';

pmwiki 2.1.betaXX:
I am using userauth with authentication enabled based on username. There is no problem to login with action=login by method 2 - but if I login with a username and password wich is not defined as admin, edit, e.g. then the script won't redirect me back. It will just show the login form inspite of the fact, that the user is loged in. Anyway to fix it?

I've encountered a similiar problem using method 1 with authuser, only admin users got directed correctly, other users will fall into an infinite loop of login prompt.

See Also