Questions answered by this recipe:
--First Release 2019-11-08 --
Can I protect certain pages and groups with a user-login system where users create and update their own passwords, using email verification to register?
Can I, at the same time, limit the users to only a preset list of authorized users, a "whitelist"?
Can I keep the login credentials for the user-session but protect all sensitive data using Server-Side Session variables?
Can users be given different levels of access, which can be changed easily?
Can I maintain my list using an online MYSQL database so I maintain the User-List and Credentials with embedded DB functions with my Wiki using other recipes?
All sections are optional, you can remove those that do not apply to your recipe, and add new ones.
MyDBLogin is a tool to provide user-managed, individual passwords that allow access to specific pmwiki Groups or individual pages. The self-registration process uses email verification and is limited to a whitelist of permitted emails - preventing registration by anyone but a specified group of individuals.
Having tried to work with the existing authorization methods in PMWiki I could not get a flexible system where users can register and set their own passwords; while at the same time limiting the users to an existing list of available emails.
My solution is more of a work-around than a fully pmwiki-integrated solution, but once set up, it is clean, flexible and easy to maintain.
The real-world description is that I have a website for our Scout troop and we want to have a directory with addresses, emails and phone numbers available online, but we need it to be secured by individual credentials, and only available to current members of the Troop. Thus MyDBLogin was born.
I am well aware many of the parts of this are available in existing code, and I would love to have the time and knowledge to build the flat-file handling code to use the AuthUser methods; however, using code I already had for other projects this got me going, and it will be more familiar to many in terms of modifying and maintaining, given the over-abundance of SQL database use out there.
The Big Drawback (although for some it might be seen as an advantage) is that it does not integrate with the existing password/login tools, so you may be requested to log-in twice in one session once to PMWiki and another time to MyDBLogin
The Big Picture:
This Recipe uses several "Outside The Wiki" solutions
(Which is why I call this a work-around: it's not fully integrated with PMWiki yet.)
- The actual login pages are written in PHP but need to be housed in the same Domain, but NOT in the PMWiki directory.
- User lists are maintained by creating a MySQL Table with all the available emails - the Whitelist, and then another Table for Registered users and Authorization Levels.
- The email functions are handled by PHPMailer which needs to be installed on the Domain with the PMWiki, or you can rewrite the code for your preferred email handler.
- All essential configuration settings are in a single setup.php file, all other files use variables and constants set there.
Once configured, you can add PHP code to a Group or a Page (using /local/GroupName.php or /local/GroupName.PageName.php) which allows, blocks or redirects any user based on their Authorization code.
Sample code and instructions are included in the MyDBLogin.zip file, in the /local/Verified.php file.
You can also use this same idea to house other PHP code for DB maintenance accessible from within the Wiki. Once I have that up and running I will integrate it with this recipe.
Similarly, on my TODO list is to make the whitelist (limited list of users) optional, allowing anyone to self-register.
Or you could add your own code to limit availability as you see fit.
What you need:
MYSQL installed on your webserver.
PHPMailer installed on your webserver
A working PMWiki installation
the "includeSite" recipe installed in your pmwiki (the zip file has a modified version with better sizes.)
A folder on the same domain outside of the PMWiki installation.
ideally you have something like:
Then within the PMWiki you add a Group/Page for the MyDBLogin
I happen to call mine:
This page has only one user text entry:
(:includeSite https://www.mydomain.org/mydblogin :)
Download the MyDBLogin.zip file above and unzip to somewhere you can edit the necessary files.
- All files in the mydblogin directory need to be copied to your server in the mydblogin directory.
- the included files in the pmwiki directory are sample code, but if you copy them to your pmwiki installation the demo should work nicely.
- The only file needing any modification is the setup.php file, and your PMWiki pages you use to direct/redirect or restrict access.
Once you have all the prerequisites installed and working you will need to edit the setup.php file to add your specific environment variables.
- You will need to set up your MYSQL tables, the included MYSQL.txt file has code to create your tables.
* You will need to load the tbl_whitelist with the available emails. (I use the MYSQL-for-Excel add-on so
- I just maintain my user list in Excel, and upload/update from there) It is my intention to build a set
of maintenance pages to work from within PMWiki in the future but I'm not there yet.
- the MyDBLogin files loaded onto the server,
- PHPMailer installed and tested on the same server,
- includeSite installed and tested,
- the setup.php file edited to match your MYSQL server and PHPMailer account information.
- The MYDBLogin PMWiki page with the includeSite reference.
- A "NoAuth" page in your wiki, to tell users when their login fails
you are now ready to password protect whole Group sections, or single pages.
See the Verified.php file in the pmwiki/local folder, you can simply copy and rename this to match any Group.php or
Group.SinglePage.php and copy that file to your servers pmwiki/local directory. After that only users logged-in
with MyDBLogin will be able to access those pages.
See PMWiki's page on Group configurations for more details.
That's all you need to get started, now you can modify and customize as you please!
Primary configuration - for MYSQL, PHPMailer, and your local installation, are handled in the setup.php file, which is heavily commented.
Otherwise, you may choose to edit the css files, the wording on the pages and emails.
- The actual page restrictions are handled with the GroupName.php files and a sample file is included: MyDBLogin.zip -- pmwiki/local/Verified.php
See the ~HowTo.txt file in the MYDBLogin.zip file for more detailed instructions.
The following strings can be translated in an XLPage:
This Security tool allows you to lock whole Groups or Pages from access by anyone who is not Registered from your whitelist, and Logged in.
By adding a GroupName.php or GroupName.PageName.php file with the access rules to your pmwiki/local folder.
see the pmwiki page on Group Configuration to better understand this:
To do / some day / maybe
- Add Sample DB maintenance pages.
- Make the select user list optional.
If you have future plans or wishes for this recipe.
Change log / Release notes
Expect to see this page finished by 2019-20-31
If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".