Getting Started: Admin Functionality
The server supports three different authentication backends - the system that's used is dependent on the parameters passed to the server program. These include shadow authentication, LDAP authentication, and a database system of UserCake. By far the most viable option for future work is UserCake.
Most login code can be found in login.c. The rest (related to 'locking control' and control keys) lies in fastcgi.c.
Shadow authentication essentially uses the Linux /etc/shadow file to look up usernames and passwords. The /etc/shadow file stores the usernames and passwords of all users of the operating system.
While this works, this option is not recommended, as users have to be created by making system accounts in the operating system (e.g useradd).
This method allows the system to authenticate against any LDAP server. It has been trialled (and does work) to authenticate against the Pheme system, but this is only possible when the system is connected to the UWA network. Although a request to use Pheme was submitted, no response was received as of yet.
This method is also not recommended, as LDAP is generally quite difficult to set up.
UserCake is a lightweight PHP based user management system, which uses a MySQL database to store information on users and their passwords. This option was considered to be the best, although it takes a fair bit of setup to get working.
With UserCake managing the creation and deletion of users, the server program authenticates users by looking up the MySQL database itself.
UserCake must be installed first before it can be used.
- Create the database for UserCake. Open a MySQL prompt:
mysql -uroot -p
(Type in the root password at the prompt)
- Create the required database and close the MySQL prompt:
mysql> CREATE DATABASE users;
Query OK, 1 row affected (0.00 sec)
- While we're at it, create a MySQL user specifically for UserCake:
create user 'usercake'@'localhost' identified by 'my-password';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on users.* to 'usercake'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
- There is an installation folder that's not present, but is needed for initialisation of UserCake. If using MCTXWeb, there should be a
usersfolder underpublic_html - Download UserCake and extract the
installfolder into theusersfolder - There is a db-settings.php configuration file that needs to be configured with the correct MySQL username and password. From our example user created above, it should look like:
...
$db_name = "users"; //Name of Database
$db_user = "usercake"; //Name of database user
Definitely do not use the root user.
To set the password, create a new text file in the same folder, called mysql_password, where its contents is the relevant MySQL user password.
- Ensure that the web server has been set to show the content in
public_html. Open a web browser and go to the address of the system (e.g 192.168.1.10):
http://192.168.1.10/users
- UserCake should show with some installation message, or an install button. If the button appears, click it. If you get a database error number, check that the db-settings.php file is configured correctly.
- Once installed, you must register a user - the first user registered is automatically an admin for UserCake.
- Go to http://192.168.1.10/users/register.php and complete the registration form.
- Ensure the server is correctly configured to use UserCake. In the parameters file, enure the auth_uri variable is set to:
auth_uri="mysql://localhost#usercake,$(cat mysql_password)"
## OPTIONS TO BE PASSED TO SERVER; DO NOT EDIT
parameters="-v $verbosity -p $pin_test" -A $auth_uri"
(Create a file called mysql_password with the password used (in our example, my-password).
Assuming the IP address of the system is 192.168.1.10, when you navigate to http://192.168.1.10/users, you should be presented with the login screen, if you have installed UserCake properly:
Login with your registered username and password.
Once logged in, you should see something like this:
UserCake allows you to set the visibility of pages, although right now this is limited to only the visibility of the admin pages. You should double check that the visibilities are correctly set - you may find that you have to make some pages private. Essentially all the pages should be privated, except for login.php, forgot-password.php, and user_change_details.php.
register.php should be made private after registering, to prevent anyone from joining the system.
The user page list should look like so:
From the page visibility list, click on one of the pages to change. You should see a page similar to this:
It should be pretty self-explanatory what the options do. Just make sure that the Administrator group 'has access', before making it private (if it doesn't just check the 'swap' column)
The user list allows you to delete users and also change user details, if necessary. Be careful - you can delete yourself, and the only way to fix this is
Users can be uploaded from a list of comma separated values. The user upload interface looks like this:
As shown, pressing the upload button will create a user with username test, full name test user and email address test@user.com. It will also give the user the title test-users. The title may be used to group users, e.g students, misc-users etc.
On success, you should see the result similar to below:
Remember to save the temporary password somewhere, and remind all users to change this password as soon as possible.
Using the purge option will delete all non-admins, and in turn upload the requested users. Use with care - there is no confirmation for this option!