From da207639f0bb0702457357ceb9bd3a07a6da1f75 Mon Sep 17 00:00:00 2001 From: Jason Cleeland Date: Sun, 6 Jul 2003 11:17:00 +0000 Subject: [PATCH] Usersecurity help file git-svn-id: file:///Users/Shitiz/Downloads/lssvn/trunk/unstable@452 b72ed6b6-b9f8-46b5-92b4-906544132732 --- admin/lang/english/users.html | 60 +++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 admin/lang/english/users.html diff --git a/admin/lang/english/users.html b/admin/lang/english/users.html new file mode 100644 index 00000000000..4170901c3fb --- /dev/null +++ b/admin/lang/english/users.html @@ -0,0 +1,60 @@ + + +

You are currently viewing the +User Control section of PHPSurveyor.

+ +

From this point you can view and +edit the security settings and user access rights for your script.

+ +

PHPSurveyor security settings +rely on the Apache directory security system. If you are not using the Apache +web surver, you cannot use these security settings and you should initialise +directory security using your servers standard methods.

+ +

Initialising Security
+The first time you run security from PHPSurveyor, it will 'initialise' +the security settings. When it 'initialises', the script finds the Apache "htpasswd" +executable file and creates a 'user' file. It also creates a 'htaccess' file in +your admin directory that restricts access to the admin directory to only those +users in the htpasswd file. The initial username and password are determined by +the 'default' settings in your config.php file. Once you have initialised +security succesfully, your browser will ask for this username and password +before allowing you to continue using the administration scripts of PHPSurveyor.

+ +

Adding Users
+Once you have initialised security and 'logged in', you will be able to view the +existing users on your system, add new users, delete users or modify users. This +is fairly straight forward. In the list of users that displays, click on the +"edit" button to modify an entry, or the "del" button to delete it. If there is +only one entry in the user table you will not be able to delete that.

+ +

+ +Turning Off Security
+To turn off PHPSurveyors +security settings, click on the "Turn Off Security" button. This will delete the +htpasswd, htaccess file and all user information from the directories.

+ +

Limitations of PHPSurveyor +Security
+Until a more flexible security system is implemented, it should be remembered +that the PHPSurveyor security settings are an 'all-or-nothing' affair. Users +either have access to ALL administration functions, or they have none. +Eventually a system is planned that allows you to set levels of access. Note +especially that the user security feature is accessible to all users, including +the PLAIN-TEXT PASSWORDS.

+ +

Troubleshooting
+If you are having trouble setting up security:

+
    +
  1. Make sure you have read/write + permissions in the admin directory. PHPSurveyor needs to be able to create a .htpasswd + and .htaccess file here.
    2. +
  2. Make sure you have access to + the htpasswd executable file. On windows servers in particular, a copy of this + will almost certainly need to be placed in the /phpsurveyor/admin directory + along with the other scripts. On Linux servers, the script will attempt to + find the htpasswd executable using "find".
    3. +
+ +