PmWiki has built-in support for password-protecting various areas of the wiki site. Passwords can be applied to individual pages, to WikiGroups, or to the entire wiki site. Note that the password protection mechanisms described here are only a small part of overall system (and wiki) security, see PmWiki.Security? for more discussion of this.
Authors can use PmWiki to add passwords to individual pages and WikiGroups as described in PmWiki.Passwords. However, WikiAdministrators can also set passwords in local customization files as described below.
PmWiki supports several levels of access to wiki pages:
if uploads are enabled,
Finally, there is an
Pages have their passwords as "page attributes" that are accessed by using ?action=attr at the end of a URL. Group passwords are held in a special page called "GroupAttributes" for each group. Global site-wide passwords are controlled by the $DefaultPasswords array. All passwords are stored in an encrypted format so that other users on the system cannot simply browse the contents of files to determine the passwords.
By default, $DefaultPasswords is set with empty
To set the site-wide admin password to "
$DefaultPasswords['admin'] = crypt('mysecret');
Of course, as written here anyone able to view config.php would immediately know the site's password, so some sites would like it to be encrypted in the config.php file as well. Add
(it may be different on your system). This string can then be put directly into config.php as:
$DefaultPasswords['admin'] = '$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1';
Note that in the encrypted form the crypt keyword and parentheses are removed, since the password is already encrypted. Also, the encrypted password must be
in single quotes. In this example the password is still "
Similarly, you can set
To remove a site password entirely, such as the default locked password for uploads, just set it to empty:
$DefaultPasswords['uploads'] = '';
In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the admin password always allows access. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki.
You can also use the special password "nopass" (defined by the $AllowPassword variable) via