Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

RequireAuthor

Summary: Require author names when saving pages
Version:
Prerequisites: pmwiki-2.1.0
Status: Documentation
Maintainer:
Categories: Administration, Security

Questions answered by this recipe

  • How can I require authors to provide a name when they edit pages?
  • Can I force PmWiki to use an authenticated login name as the author name?

Answer

Add the line 

    $EnablePostAuthorRequired = 1;

to your local customization file. If no Author name is provided when an edit form is submitted, this will cause the edit form to be redisplayed with a message that "An author name is required". The text of the message can be changed via the $AuthorRequiredFmt variable.

Automatically Setting the Author Name

For sites with authenticated users (e.g., via AuthUser), PmWiki will fill in the Author field with the login name. However, authors will still have the ability to set a different Author name in the edit form.

It's possible to force the author name to match the login name, such that anything an author places in the Author field of the edit form is ignored. (The Author field can be removed from the edit form by editing the Site.EditForm page.)

For sites using PmWiki's authuser.php script, use the following: 

    # Force author name to match login name
    include_once("scripts/authuser.php");
    if (@$AuthId) $Author = $AuthId;

Note: setting "$Author = $AuthId;" must occur after "include_once("scripts/authuser.php");" and not before it.

For sites using HTTP authentication: 

    # Enforce author tracking based on HTTP authentication
    if (@$_SERVER['REMOTE_USER'])  $Author = $_SERVER['REMOTE_USER'];

Or, the more severe: 

    ## Enforce Author tracking based on the HTTP-Auth
    ## authenticated user.  Exit if no user is authenticated.
    if (@$_SERVER['REMOTE_USER']) {
      $Author=$_SERVER['REMOTE_USER'];
    } else { exit('Security Violation'); }

Notes

Authenticated Name Versus Author Name

It's helpful to recognize that the Author name and the authenticated user name are separate in PmWiki. From an email message by Pm: 

  $AuthId = verified author identity  (stored in $_SESSION['authid'])
  $Author = author's name             (stored in $_COOKIE['author'])

-Hagan

See Also

Contributors

Comments

The script will not allow me to edit a page when the Author field is blank, but I do not receive the notification message. Where should the "An author name is required" message be displayed? I am using Simple Skin with PmWiki v2.0 beta 54

~Ampa

It's a skin-related issue. The Simple skin defines its own Edit Form in skin.php with code that looks like the following: 
$PageEditFmt = <<< EOT
[...]
EOT;
The form doesn't appear to include the (:messages:) directive -- or its equivalent ($EditMessageFmt?) since the form is not a wikipage. The form also lacks a Change Summary input area, so it probably just needs some updating for improved compatibility with PmWiki 2.0.

How do we force the author to be the authenticated user under UserAuth rather than AuthUser? ~Nate

In versions 2.1.beta26 and later, this may happen automatically (untested). Perhaps ask the question on the UserAuth page.

Edit - History - Print - Recent Changes - Search
Page last modified on May 18, 2007, at 05:46 PM