Security-Talk

Q How do I, in config.php, add, or remove, an edit password for a group (or single page)?

You cannot, go to the Group.GroupAttributes?action=attr or Page?action=attr.

Q How do I only allow authors to post if they have a Profile??

Add this to your local/config.php below include_once(“$FarmD/scripts/author.php”); line:

This is a possible solution, but be warned: author can’t edit their wiki page in Profiles? group too. Add if($group!=‘Profiles’) above ;-)

Q I am having trouble with password-protecting the read action on certain groups. I’d like a user to be able to login on the main page of that group with [[Internal.HomePage?action=login | Login]], but I end up with the page loading up the password prompt recursively. On the other hand, it worked on a different installation, where I read-protected the Main.HomePage. In my opinion, even if I try to access a certain page out of a read-protected group, I should at least be able to get the password prompt without ending up in a recursive loop. Any ideas? ~Jonas April 23, 2009, at 03:15 AM

This seems like a problem with sessions, either client-side cookies (check your browser, proxy) or server-side (the directory where PHP writes session data should exist and be read-writable). On some hostings you need to create a “/.sessions” directory at the document root, or use in config.php session_save_path(“{$_SERVER[‘DOCUMENT_ROOT’]}/.sessions”);. It is imperative that this directory is not accessible via http://yoursite/.sessions — check with your hosting provider docs. —Petko? May 07, 2009, at 06:16 PM