Thread: Re: [Phpwiki-talk] help!!

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Thu, Sep 22, 2005 at 04:06:31PM -0500, Burgoyne, Rebecca wrote:
> On Thu, Sep 22, 2005 at 03:55:24PM -0500, Ben Hartshorne wrote:=20
> > On Thu, Sep 22, 2005 at 03:45:27PM -0500, Burgoyne, Rebecca wrote:
> > > My wiki is getting spammed! How can I stop spam links from showing
> > > up on my wiki?
> >
> > You could require logins with passwords to edit, if that is feasible
> > in your environment.
> >
> Oh, yeah. I guess I could do that. How do I do that?

Rebecca,

I am bringing this conversation back to the phpwiki-talk list, because I
am interested in others comments about my response, and I think
(especially about deletes) some other members of this list might have
better answers.

You'll want to set=20
ALLOW_ANON_USER=3Dtrue
ALLOW_ANON_EDIT=3Dfalse
ALLOW_BOGO_LOGIN=3Dfalse
ALLOW_USER_PASSWORDS=3Dtrue

If you ALLOW_BOGO_LOGIN=3Dtrue, users will still have to log in, but the
password checking routines are disabled - they can use any or no
password.  That might defeat bots.

> It's not really favorable to me. Is there a way to maybe protect only
> one page?

You could try using .htaccess and some fancy URL-matching rules to use
apache authentication only for certain pages.  I don't really know if it
would work, since phpwiki uses index.php/foo as its path, but adding the
following to the .htaccess file in the root of your wiki installation
might work:

<Files index.php/MyRestrictedFile>
	AuthType Basic
	AuthName "My Restricted Wiki File"
	AuthUserFile /path/to/phpwiki/root/.htpasswd
	Require valid-user
</Files>

You can also use wildcards in the <Files> directive, so you might be
able to use <Files index.php/*Secret*>, and then any page in which you
include the word 'Secret' would require authentication.

Again, I don't know if this will work.  The Files directive might need
to match a physical file instead of the funkiness of passing a /foo to
index.php.  But you might be able to do something like that.

I am also interested in selective page protection, but I would rather
use the phpwiki authentication to define classes of users that can
access certain pages.  No idea how to do so, if it is even possible. =20

> Also, is there a way to delete pages?

I don't know.  I think you might be able to muck with the DB directly to
delete pages, or you can just remove the links and so orphan them...

-ben

--=20
Ben Hartshorne
email: be...@ha...
http://ben.hartshorne.net