Summary: Just a quick guide for people to set up AuthUser to lock down their site.
Version: 1.0
Prerequisites: pmwiki
Status:beta
Questions answered by this recipe
This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer.
Description
A quick way to lock down your wiki but still allow authenticated users to edit your website, similar to a CMS system
Notes
Quick start for AuthUser authentication in PmWiki
This is a quick guide to using the AuthUser system in PmWiki. We will create a group of admins for the website, starting with only one admin (yourname).
For more documentation: See http://pmwiki.org/wiki/PmWiki/AuthUser
- Temporarily protect the admin functions of your wiki by adding an admin password to PmWiki. This won't be permanent, but will give you admin privileges while you set up your first AuthUser account. Add the following to config.php:
$DefaultPasswords['admin'] = crypt('itsmytemporarysecret');
- Restrict reading the Site/AuthUser page to the @admins group. Go to http://yourwiki.com/pmwiki.php?n=Site/AuthUser&action=attr
then put "@admins" in the "read" field''.
It will ask for a password. Use the one from the previous step.
- Add yourself as a member of @admin. Add this line to Site/Authuser:
@admins: yourname
- Make yourself a name and password in AuthUser. Add this line to Site/Authuser:
yourname: (:
encrypt YourPassword:)
does the order of assigning ID/pwd and group membership matter?
This will save an encrypted version of the password on the page, but no one can read it because you blocked the reading of the page already.
You now have an account with @admin privileges, not that @admin can do very much at the moment.
- Turn on the AuthUser system. Add this to config.php:
include_once("$FarmD/scripts/authuser.php");
- Change the admin password for the system to allow @admins group members to administer the site. Change the line in config.php where you assigned the temporary password to this:
$DefaultPasswords['admin'] = '@admins';
- Limit editing to people with an id/username [1]: Add the following to config.php:
$DefaultPasswords['edit'] = 'id:*';
That is enough to lock the system down and get you started with AuthUser.
- Assign usernames and passwords by signing in with YourName and YourPassword and adding the following line to Site/AuthUser:
username: (:encrypt UserPassword:)
- Assign new admin users to the @admins group by signing in as any current admin and add their name to the list:
@admins: yourname,username
Once this is done, you may add normal users by adding their username/password to the page, but do NOT add them to the @admins group. You may create other user groups and group users under them at any time. You may choose another name for admins such as @moderators to administrate the system by following the same directions and changing the group name with admin permissions in config.php.
Release Notes
If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".
Comments
Adding $DefaultPasswords['edit'] = 'id:*';
to config.php (step 7) enables any logged in user to edit any page unless group attributes or page attributes set something different.
A good solution is to use
$DefaultPasswords['edit'] = '@editors';
and to define the @editors user group in the Site.AuthUser page e.g.
@editors: Alice,John
See Also
Several recipes describing CMS (Content Management Systems) describe how to show edit / upload links and search results to those who are allowed to use them, but not the rest.
Contributors
~~Sandy
