My group has been using this wiki for a number of years and have been really happy with it. We didn't need anything very fancy and have over time created a lot of wiki pages and information. After getting hit by spam repeatedly that was added faster than I could take it off, we resorted to a group password for the members of our group who we knew would be adding to our wiki and that stopped the problem. Recently our host upgraded to php5 and the version of phpwiki we had wouldn't work on that so we were forced to upgrade and so many things that worked before no longer work. I'm the administrator, but don't have any programming background. Someone is helping, but he has limited time and is slowly trying to make things work. He is currently away. He set up the passwords as we had them set up in an earlier version, but doing it that way is not working this time as it is still possible to sign in.Also someone has been signing in using an IP address, not a WikiWord and obviously not with a password and adding spam via AddComment. I don't know how that is done since when I try a WikiWord is needed. Does anyone have any suggestions about what I might do or what the problem might be? Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You might consider removing or renaming the lib/plugin/AddComment.php file to disable it for a while.
To advice with auth I need to know the exact version you are using.
Setting config.ini:
ALLOW_ANON_EDIT=false
ALLOW_BOGO_LOGIN=false
would be the fastest.
Then only users with existing passwords can login, and you can remove the page with the ip.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks so much for your help. We are running 1.3.12. Before your response in desperation I tried removing that plugin since that was the only page that the vandal was adding and changing and haven't had any more spam since then. It's not something we need since our group has a list where we communicate. Also I tried changing to ALLOW_BOGO_LOGIN=false since when I looked at the config-dist file it said =true, but when I checked it afterwards I could still get in without a password even though I got a fatal error message. I can't find ALLOW_ANON_EDIT=false in the config-dist file . Would it be somewhere else?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I looked in config.ini: ALLOW_ANON_EDIT=false was false so I did not need to change it, but I changed ALLOW_BOGO_LOGIN=false to be false. I tested the wiki afterwards and now it appears no one can sign in but the administrator. Not even a WikiWord and our group password works. I don't know where the other administrator who helps me added the password when he said he added back the group password to our upgraded software. It worked before I made this change, but that may just have been that any password would work with a WikiWord. I didn't test that to see if it was possible. At least I can relax that our data is safe from vandalism for the moment and hope that the rest that isn't working can be sorted out eventually when the other administrator returns. I so appreciate your help. We really love our wiki and would hate to have to start over with a new one after all the work we have put into this one.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My group has been using this wiki for a number of years and have been really happy with it. We didn't need anything very fancy and have over time created a lot of wiki pages and information. After getting hit by spam repeatedly that was added faster than I could take it off, we resorted to a group password for the members of our group who we knew would be adding to our wiki and that stopped the problem. Recently our host upgraded to php5 and the version of phpwiki we had wouldn't work on that so we were forced to upgrade and so many things that worked before no longer work. I'm the administrator, but don't have any programming background. Someone is helping, but he has limited time and is slowly trying to make things work. He is currently away. He set up the passwords as we had them set up in an earlier version, but doing it that way is not working this time as it is still possible to sign in.Also someone has been signing in using an IP address, not a WikiWord and obviously not with a password and adding spam via AddComment. I don't know how that is done since when I try a WikiWord is needed. Does anyone have any suggestions about what I might do or what the problem might be? Thanks.
You might consider removing or renaming the lib/plugin/AddComment.php file to disable it for a while.
To advice with auth I need to know the exact version you are using.
Setting config.ini:
ALLOW_ANON_EDIT=false
ALLOW_BOGO_LOGIN=false
would be the fastest.
Then only users with existing passwords can login, and you can remove the page with the ip.
Thanks so much for your help. We are running 1.3.12. Before your response in desperation I tried removing that plugin since that was the only page that the vandal was adding and changing and haven't had any more spam since then. It's not something we need since our group has a list where we communicate. Also I tried changing to ALLOW_BOGO_LOGIN=false since when I looked at the config-dist file it said =true, but when I checked it afterwards I could still get in without a password even though I got a fatal error message. I can't find ALLOW_ANON_EDIT=false in the config-dist file . Would it be somewhere else?
You have to fix config/config.ini
config/config-dist.ini is just the template and is not used.
When I looked in config.ini: ALLOW_ANON_EDIT=false was false so I did not need to change it, but I changed ALLOW_BOGO_LOGIN=false to be false. I tested the wiki afterwards and now it appears no one can sign in but the administrator. Not even a WikiWord and our group password works. I don't know where the other administrator who helps me added the password when he said he added back the group password to our upgraded software. It worked before I made this change, but that may just have been that any password would work with a WikiWord. I didn't test that to see if it was possible. At least I can relax that our data is safe from vandalism for the moment and hope that the rest that isn't working can be sorted out eventually when the other administrator returns. I so appreciate your help. We really love our wiki and would hate to have to start over with a new one after all the work we have put into this one.