Summary:Set a global password which is openly displayed to reduce spam
Version: 2009-05-01B
Status: Alpha
Maintainer: Peter Bowers
Users: +3 (View / Edit)
Categories: Spam Security Passwords
Discussion: OpenPass-Talk

Questions answered by this recipe

This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer.

  • How can I set a global password to resist spambots but make sure humans are informed of the password?


Set a global "edit" password to prevent spambots but make sure human authors know the password.


The purpose of this recipe is to display a message in the AuthForm so that users can see the open password if that is the password which is active for this page. But if the page is protected by a page-level or group-level password (i.e., not the "public" or "open" site-level password) then we don't want the message to display.


  • Edit Site.AuthForm so that it will display the password. Add this text on that page in the location you want the message to appear (obviously change the wording as you wish):
(:if equal {$editpass} "site" :)%red%(If you don't know a password for this page, try entering "{$OpenPasswd}" 
(without the quotes).%%  This is an '''open''' password to prevent spamming by robots but still allow 
you [as a human who can read the page and follow instructions] to make changes.)(:ifend:)
  • Put this function definition somewhere in your config.php (or in another file which you include):
function MyPasswdVar($pagename, $level)
  global $PCache, $PasswdVarAuth, $FmtV;
  $page = $PCache[$pagename];
  if (!isset($page['=passwd'][$level])) {
    $page = RetrieveAuthPage($pagename, 'ALWAYS', false, READPAGE_CURRENT);
    if ($page) PCache($pagename, $page);
  $pwsource = $page['=pwsource'][$level];
  if (strncmp($pwsource, 'cascade:', 8) == 0)
    return( substr($pwsource, 8));
  return ($pwsource);
  • Installation Option #1: Open password for site-wide editing
    • Place these lines to actually create the PV's that are needed and set the default edit password:
    • Note that you will probably want to change the my_open_pass to your public password on the line with "CHANGE THIS"
# Implement an OPEN PASSWORD on all groups to help prevent spam
if ($action == 'edit') {
   $openpasswd = 'my_open_pass'; // CHANGE THIS to the open password you are going to use
   $FmtPV['$OpenPasswd'] = "'$openpasswd'"; // for use in Site.AuthForm
   $DefaultPasswords['edit'] = crypt($openpasswd);
   $FmtPV['$editpass'] = 'MyPasswdVar($pagename,"edit")';

There have been some requests to see whether this could be configured in an alternative fashion so that the open password was only displayed (and valid) for certain "open groups" (primarily for commenting purposes). I don't see any problems with the solution below, but it needs someone to do some careful testing... (The function MyPasswdVar() should still be copied from above -- the following lines would replace those inserted in order to create the relevant PVs and set the default password.)

  • Installation Option #2: Open password only for certain select groups, authuser on others
    • Place these lines in config.php if you want authuser normally (requiring someone to be logged in to edit), but just password authorization when editing with an open password on specified groups:
    • Note that you will probably want to make changes in 2-3 lines indicated by "CHANGE THIS" in comments
# Implement an OPEN PASSWORD with simple-password authorization on certain groups, authuser with id:* for all other groups
$pagename = ResolvePageName($pagename);
$group = PageVar($pagename, '$Group');
# CHANGE THIS in the line below so that 'GroupA' and 'GroupB' become the group(s) that you want to have the open password
if ($action == 'edit' && in_array($group, array('GroupA', 'GroupB'))) {
   $openpasswd = 'my_open_pass'; // CHANGE THIS to the open password you are going to use
   $FmtPV['$OpenPasswd'] = "'$openpasswd'"; // for use in Site.AuthForm
   $DefaultPasswords['edit'] = array(crypt($openpasswd), 'id:*');
   $FmtPV['$editpass'] = 'MyPasswdVar($pagename,"edit")';
} else {
   $DefaultPasswords['edit'] = 'id:*'; // CHANGE THIS if you are wanting some other type of authorization for site-wide editing
   $EnableAuthUser = 1;

Release Notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

  • 2009-05-01B: Allowed id:* in addition to the open password to allow edits in the open groups.
  • 2009-05-01: Added an alternate configuration option to use the open password only for certain groups. Created a PV for {$OpenPasswd} so that Site.AuthForm will stay in sync with the password set in config.php.
  • 2008-08-24: Initial version

See Also


Function based off of PasswdVar from pmwiki.php, thus credit to PM.


See discussion at OpenPass-Talk

User notes +3: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.