Extension:PasswordProtectFiles
 Release status: experimental |
|||
|---|---|---|---|
| Implementation | User rights, Page action | ||
| Description | This allows files protection using password | ||
| Author(s) | Piotr Stawiński (PStTalk) | ||
| Last version | 0.01 (2009-03-14) | ||
| MediaWiki | 1.13 | ||
| License | No license specified | ||
| Download | [1] | ||
| Example | look at the bottom | ||
|
|||
|
Check usage (experimental) |
|||
Contents |
[edit] What can this extension do?
This is a pretty simple implementation of file protection. It allows to limit access to chosen files by demanding logging in or typing a password. It is mostly a couple of ideas, easy to adjust while needed.
[edit] Usage
While You send a file You can choose if it should be either no protected, available for logged users only or available under the password.
[edit] Installation
Installation is quite complicated, it demands editing img_auth.php, unfortunately. This is output of command
diff img_auth.php.oryginalInMW13.4 img_auth.php
12a13,14
>
> * Changes by Piotr Stawinski
72a75,105
> # --- PS start -----------------------------------------------
>
> // Sprawdz uprawnienia
> require_once(dirname( __FILE__ ) . '/extensions/PasswordProtectFiles/FilePasswdDBOperations.php');
> if ( ! FP_isAnImage($filename) ) { // to nie obraz
> switch(FP_isProtected($name)) {
> case "noprotect" : //nothing to do
> break;
> case "casprotect": // only for logged users
> if( !$wgUser->getId()) {
> wfDebugLog( 'img_auth', "Not logged in and `{$title}` not an image." );
> wfForbidden();
> }
> break;
> case "passwordprotect": //check password if sent already
> if(isset($_POST["haslo"])) {
> if( !FP_authorize($name, $_POST["haslo"]) ) {
> wfForm($name, "Bledne haslo");
> }
> } else {
> wfForm($name);
> }
> break;
> default: // impossible
> die("wrong return value from FP_isProtected");
> break;
> }
> }
> # --- PS stop ------------------------------------------------
>
>
118a152,181
> # --- PS2 start ----------------------------------------------
> function wfForm($name, $msg = "You need to type the password in order to access this file on server.") {
> /* header( 'HTTP/1.0 403 Forbidden' );
> header( 'Vary: Cookie' );
> header( 'Content-Type: text/html; charset=utf-8' ); */
> echo <<<ENDS
> <html>
> <body>
> <table height="100%" width="100%"><tr><td align="center">
> <h2>Access Denied to $name</h2>
> <p>$msg</p>
> <form name="input" method="post">
> Password:
> <input type="password" name="haslo" size="25">
> ENDS;
> echo <<<ENDS
>
> <INPUT TYPE="SUBMIT" NAME="name" VALUE="Zatwierdz">
> </form>
>
> <p>If you don't know the password:<br> press Back in your browser and read carefully the file description.</p>
> </td></tr></table>
> </body>
> </html>
> ENDS;
> wfLogProfilingData();
> exit();
> }
> # --- PS2 stop -----------------------------------------------
You also have to create new table to store passwords: execute this code to your database (add in front of protect_pages your prefix):
CREATE TABLE `file_protect` ( `filename` varbinary(255) NOT NULL, `password` varbinary(255) NOT NULL )
To install this extension, download all files to extensions/PasswordProtectPages and add the following to LocalSettings.php:
$wgUploadPath = "$wgScriptPath/img_auth.php"; $wgGroupPermissions['user']['reupload'] = false; # nie mozesz innym nadpisac plikow $wgGroupPermissions['user']['reupload-own'] = true; # mozesz nadpisac swoje pliki require_once( "$IP/extensions/PasswordProtectFiles/PasswordProtectFiles.php");
[edit] Problems
It does not protect image files, it's easy to turn it of. Some text is in Polish, some in English. This is gonna change.
[edit] Wiki using this extension
This extension is used on Biology Department of Warsaw Uniwersity wiki, one can try to download file: password protected file.
