%audience% authors
PmWiki has built-in support for password-protecting various areas of the wiki site. Authors generally want to be able to apply passwords to individual pages or to wiki groups. Wiki Administrators can apply passwords to individual pages, to wiki groups, or to the entire site. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki security.
An author will generally set 3 types of passwords:
read
passwords
edit
passwords
attr
passwords
To set a password on an individual wiki page, add ?action=attr
to the page's URL (address) to access its attributes. Using the form on the attributes page, you can set or clear the read
, edit
, or attr
passwords on the page. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically when it stores them.
read
, edit
, or attr
password for the page, enter "@_site_edit".
To set a password on a wiki group is slightly more difficult -- you just set the passwords on a special page in each group called "`GroupAttributes". First, you can get to the attributes page for `GroupAttributes by entering a URL (address) like http://www.example.com/pmwiki.php?n=GroupName.GroupAttributes?action=attr
. Then, using the form on the attributes page, you can set or clear the read
, edit
, or attr
passwords for the entire group. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically.
Multiple passwords for a page, group or site are allowed. Simply enter multiple passwords separated by a space. This allows you to have a read password, a write password, and have the write password allow read/write access. In other words, if the read password is "alpha" and the edit password is beta, then enter
->
Set new read password: alpha beta Set new edit password: beta
This says that either "alpha" or "beta" can be used to read pages, but only "beta" may edit. Since PmWiki checks the passwords you've entered since the browser has been opened, entering a read password that is also a write password allows both reading and writing.
%audience% administrator
You can set passwords on pages and groups exactly as described above for authors. You can also:
attr
passwords to control who is able to set passwords on pages
upload
passwords to control access to the file upload capabilities (if uploads are enabled)
admin
password to override the passwords set for any individual page or group
In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the admin
password overrides all passwords. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki.
Sometimes we want to "unprotect" pages in a group or site that is otherwise protected. In these cases, the special password "@nopass" is used to indicate that access should be allowed to a page without requiring a password.
For example, suppose `Main.GroupAttributes has an edit password set, thus restricting the editing of all pages in Main. Now we want `Main.WikiSandbox to be editable without a password. Using "clear" for the edit password for `Main.WikiSandbox doesn't unprotect the page, because the password is being set by the group. Instead, we set the edit password for `Main.WikiSandbox to the special value "@nopass", which tells PmWiki to ignore any site-wide or group-level passwords for that page.
%trail%<<|Documentation Index|>>
Q: How can I password protect all the pages and groups on my site? Do I really have to set passwords page by page, or group by group?
A: Administrators can set passwords for the entire site by editing the config.php file; they don't have to set passwords for each page or group. For example, to set the entire site to be editable only by those who know an "edit" password, an administrator can add a line like the following to local/config.php:
$DefaultPasswords['edit'] = crypt('edit_password');
For more information about the password options that are available only to administrators, see PasswordsAdmin.
Q: How can I create private groups for users, so that each user can edit pages in their group, but no one else (other than the admin) can?
A: Administrators can use the AuthUser recipe and add the following few lines to their local/config.php file to set this up:
$group = FmtPageName('$Group', $pagename);
$DefaultPasswords['edit'] = 'id:'.$group;
include_once("$FarmD/scripts/authuser.php");
This automatically gives edit rights to a group to every user who has the same user name as the group name.