Password Protection

From GregariusWiki

This document describes some simple steps you should perform to password-protect the Administration section of your Gregarius installation.

Your course of action should depend on how your installation of Gregarius is visible from the Internet:

Contents 1 Your Gregarius installation is accessible from the Internet, and anyone can use it 1.1 Troubleshooting 1.2 Password protection for versions lower than 0.5.2a 2 Your Gregarius installation is accessible on the Internet, but you don’t want other people to use it 3 Your Gregarius installation is not accessible from the Internet (e.g. it runs on your private intranet)

[edit] Your Gregarius installation is accessible from the Internet, and anyone can use it

If you installed Gregarius on your website and anyone can see it, you should password-protect the administration area to prevent someone from deleting your subscribed feeds and messing stuff up.

In versions of Gregarius above 0.5.2a, the user is prompted to enter a username and password the first time the Admin button is clicked.

[edit] Troubleshooting

If password protection suddenly is not working, perhaps after an upgrade, try some of the following solutions:

• • Clear your browser's cookies.
  • If you have an easy access to your database (via phpMyAdmin, for example) just delete the password for the admin user in the users table of your Gregarius database.
  • If you don't feel comfortable playing with your database, you can install the Password reset plugin which will take care of the process for you.
  • Disable all plugins by moving plugin files to another folder

[edit] Password protection for versions lower than 0.5.2a

• If your server is running PHP as an apache module:
  Create a new file called rss_extra.php in your gregarius installation’s root directory and paste in the following code:

   <?php
   define ('ADMIN_USERNAME', 'username' );
   define ('ADMIN_PASSWORD', 'password' );
   ?> 

  Make sure there are no spaces or carriage returns before “<?php” and after “?>” and replace username and password with anything you wish. Your administration area should now be password-protected. Test it and provide the username and password you have specified above when prompted.
• If your server has PHP running in CGI mode: You will need to use a .htaccess file to password protect your Gregarius installation. There are several tutorials available on how to do this. A nice one is here
• CPanel setups. This is another option for some shared hosting servers. Using your CPanel user interface, you can set password protect directories that secure the admin folder, in the same way your CPanel interface is secured. If the "Password Protect Directory" option is not available talk to your hosting provider because it is usually made available to you for free.

[edit] Your Gregarius installation is accessible on the Internet, but you don’t want other people to use it

In this case you should password protect the whole Gregarius installation. Refer to Apache's documentation or read this tutorial to learn how to do this. If you password protect the entire Gregarius installation you can't protect the admin section separately as it will inherit the protection of the main installation.

[edit] Your Gregarius installation is not accessible from the Internet (e.g. it runs on your private intranet)

In this case you don’t need to password protect your admin section as only you can access it.