Recent Changes - Search:
Cookbook /

RequireAuthor

Summary: Require author names when saving pages
Version:
Prerequisites: pmwiki-2.1.0
Status: Documentation
Maintainer: Petko
Categories: Administration, Security, PHP72
Discussion: RequireAuthor-Talk
Users: +4 (View / Edit)

Questions answered by this recipe

  • How can I require authors to provide a name when they edit pages?
  • Can I force PmWiki to use an authenticated login name as the author name?

Answer

Add the line 

    $EnablePostAuthorRequired = 1;

to your local customization file. If no Author name is provided when an edit form is submitted, this will cause the edit form to be redisplayed with a message that "An author name is required". The text of the message can be changed via the $AuthorRequiredFmt variable.

Automatically Setting the Author Name

For sites with authenticated users (e.g., via AuthUser), PmWiki will fill in the Author field with the login name. However, authors will still have the ability to set a different Author name in the edit form.

It's possible to force the author name to match the login name, such that anything an author places in the Author field of the edit form is ignored. (The Author field can be removed from the edit form by editing the Site.EditForm page.)

For sites using PmWiki's authuser.php script, use the following: 

    # Force author name to match login name
    include_once("scripts/authuser.php");
    if (@$AuthId) $Author = $AuthId;

Note: setting "$Author = $AuthId;" must occur after "include_once("scripts/authuser.php");" and not before it.

For sites using HTTP authentication: 

    # Enforce author tracking based on HTTP authentication
    if (@$_SERVER['REMOTE_USER'])  $Author = $_SERVER['REMOTE_USER'];

Or, the more severe: 

    ## Enforce Author tracking based on the HTTP-Auth
    ## authenticated user.  Exit if no user is authenticated.
    if (@$_SERVER['REMOTE_USER']) {
      $Author=$_SERVER['REMOTE_USER'];
    } else { exit('Security Violation'); }

Notes

Authenticated Name Versus Author Name

It's helpful to recognize that the Author name and the authenticated user name are separate in PmWiki. From an email message by Pm: 

  $AuthId = verified author identity  (stored in $_SESSION['authid'])
  $Author = author's name             (stored in $_COOKIE['author'])

-Hagan

See Also

Cookbook /
AuthUser  PmWiki built-in user authentication system using user names and passwords (Stable)
NotSavedWarning  Warn authors when they move away from a page without saving it; optionally request an edit summary or an author name (beta)
RequireSummary  Require a summary to be entered
StoredAuthName  How to set a stored author name to an authenticated user (Stable)
PmWiki /
AuthUser  Authorization system that uses usernames and passwords
PasswordsAdmin  More password options for the administrator

Contributors

Comments

See discussion at RequireAuthor-Talk