Passwords

Table of contents

PmWikiwiki wiki wikisecurity

...

 3
  1. wiki read ()
  2. edit ()
  3. , attr ()
?action=attr

URL (), read , edit , attr ; PmWiki

  • ,
  • ( ),
clear
@nopass
@lock
  • To assign the site's site-wide passwords to the read, edit, or attr password for the page
@_site_edit, @_site_read, @_site_admin or @_site_upload

wiki

 wiki  -- special page
GroupAttributes

GroupAttributes URL

http://example.com/pmwiki/pmwiki.php?n=GroupName.GroupAttributes?action=attr 
 example.com GroupName 

 read, edit,  attr

; PmWiki

:

  • ( ),
clear
@nopass
@lock
  • ( 2.2.3) To assign the site's site-wide passwords to the read, edit, or attr password for the group
@_site_edit, @_site_read, @_site_admin or @_site_upload

.. 

 .

readreadedit

alpha
beta 
: alpha beta
: beta
alpha
beta

,

beta 
 PmWiki beta


  config.php.
 passwords

administrator

...

  2. attr
  3. upload upload
  4. admin 
 PasswordsAdmin.

?

 PmWiki wiki


 ""
@nopass 
 Main.GroupAttributes  Main. Main.WikiSandbox
clear 
 Main.WikiSandbox , Main. Main.WikiSandbox
@nopass 
 PmWiki

How can I password protect all the pages and groups on my site? Do I really have to set passwords page by page, or group by group?

Administrators can set passwords for the entire site by editing the config.php file; they don't have to set passwords for each page or group. For example, to set the entire site to be editable only by those who know an "edit" password, an administrator can add a line like the following to local/config.php:

$DefaultPasswords['edit'] = crypt('edit_password');

For more information about the password options that are available only to administrators, see PasswordsAdmin.

I get http error 500 "Internal Server Error" when I try to log in. What's wrong?

This can happen if the encrypted passwords are not created on the web server that hosts the PmWiki.
The crypt function changed during the PHP development, e.g. a password encrypted with PHP 5.2 can not be decrypted in PHP 5.1, but PHP 5.2 can decrypt passwords created by PHP 5.1.
This situation normally happens if you prepare everything on your local machine with the latest PHP version and you upload the passwords to a webserver which is running an older version.
The same error occurs when you add encrypted passwords to local/config.php.

Solution: Create the passwords on the system with the oldest PHP version and use them on all other systems.

How can I create private groups for users, so that each user can edit pages in their group, but no one else (other than the admin) can?

Administrators can use the AuthUser recipe and add the following few lines to their local/config.php file to set this up:

$group = FmtPageName('$Group', $pagename);
$DefaultPasswords['edit'] = 'id:'.$group;
include_once("$FarmD/scripts/authuser.php");

This automatically gives edit rights to a group to every user who has the same user name as the group name.

How come when I switch to another wiki within a farm, I keep my same authorization?

PmWiki uses PHP sessions to keep track of authentication/authorization information, and by default PHP sets things up such that all interactions with the same server are considered part of the same session.

An easy way to fix this is to make sure each wiki is using a different cookie name for its session identifier. Near the top of one of the wiki's local/config.php files, before calling authuser or any other recipes, add a line like:

session_name('XYZSESSID');

You can pick any alphanumeric name for XYZSESSID; for example, for the cs559-1 wiki you might choose

session_name('CS559SESSID');

This will keep the two wikis' sessions independent of each other.