• View
• Edit
• History
• Attach
• Print

00010

Description: Many sites would like to have authentication by user instead of by shared passwords (as PmWiki does now by default).

Cookbook/UserAuth does this. BenWilson

And quite nicely too. I would like to see the 'official' specification extended in two ways:

1. support for user groups, so that permissions can be granted to a group as well as a user (it should be possible to make users members of multiple groups)
2. support for exclusion-permissions, i.e. if a user has read_all or edit_PageNameGroup, it should be possible to set permissions like noread_group-PageGroup or noedit_page-PageName (using notation similar to Cookbook/UserAuth) - only admin would beat noread or noedit. Presumably for competing permissions at the same level the 'permissive' one should win. shi

Urmil: I wrote a wrapper code that handles authorization and disables edit/post/... actions if the user is not authorized. The script is simple (and to be ported for PmWiki2), but doesn't support page / group wise restrictions. Please keep this in mind if you write authorization script.

Also, it will be good if there is an option to use username / password from Apache style .htpasswd file.

See also 00109 password protect uploads --Henning December 01, 2004, at 07:45 AM

I use HTTP-Authentication for user management on some PmWiki wikis that run on Apache servers. I wrote a Quick Step Guide with instructions on how to setup authentication using .htaccess / .htpasswd. It's easy once you get the hang of it.

Author tracking is enforced by the following line in the (PmWiki ver. 1) local configuration file.

if (@$_SERVER['REMOTE_USER']) $Author=$_SERVER['REMOTE_USER'];

HaganFox