Admin Panel



1. Configuration

1.1. Create a Recovery-Password


  1. to login define the recovery_password in the config/config.php file first
    1. Call the {{admin_recovery}} action as Admin and generate the password hash for your recovery_password
    2. Add the password hash: 'recovery_password' => 'add hash here',
  2. Don't forget to delete the _cache/config/config.php afterwards. (manually or via the admincache action)
  3. Call yourwiki/admin.php
  4. Enter your recovery password

1.1.1. Example

Add action {{admin_recovery}}
WackoWiki configure Admin panel access step 1: via action {{admin_recovery}}


Create password hash
Screenshot: WackoWiki configure Admin panel access step 2: create password hash


Edit config/config.php
Screenshot: WackoWiki R6.1 configure Admin panel access step 3: edit config/config.php


Clear config cache with {{admincache}} action
action admincache

1.2. The administrative password is not specified!

When you see this message, please see instructions above. This password must be set independently from your account password.


If you've already defined the recovery_password and still get this message, you probably forgot the delete the old config cache.

The administrative password is not specified!

Note: The absence of an administrative password is threat to security! Enter your password in the configuration file and run the program again.	

1.3. Mode


There are two Mode (config/constants.php)
  1. const RECOVERY_MODE					= 0;	
    • you must already be logged in as member of the Admin group to access the Panel (default)
  2. const RECOVERY_MODE					= 1;	
    • to restore or repair the database, no database access is required, only a subset of modules are available
    • ensure that the database you provided in the config file is already created
    • After successful recovery, reset the RECOVERY_MODE back to 0.

2. Login


  1. Login as Admin in the Wiki
  2. Call https://wiki.example.com/admin.php (without mode_rewrite /?page=admin.php)
  3. Enter the recovery password you've previously created.

admin panel login


attachment settings module
Review the Preferences sections to make sure that the default settings values are acceptable to you; change what is not appropriate for you.


One of the wisest security principles says that what is unused should be disabled. So the first questions is: Are you really going to use it? Do you need it to be enabled?

3. Protect your Admin panel

Follow this security policy to protect your site from hackers and security breaches.


  1. Choose a secure password
  2. Limit Login Attempts
  3. Require HTTPS/TLS for all pages with logins
  4. Don't use your Admin panel password for anything else
  5. Use a custom admin path
  6. Restrict admin access to only approved IP addresses

3.1. Admin Panel Lock

The site is temporarily unavailable due to system maintenance. Please try again later.

If your Admin panel gets locked reset config/lock_ap from 1 to 0.
The lock occurs when the password has been repeatedly entered incorrectly and is a measure to mitigate attempts to gain unauthorized access.


config/lock_ap

 0	

3.2. Site Lock

In addition, you may receive this message if you have locked your site and forgot to unlock it again in the Admin panel.
To unlock your site reset config/lock from 1 to 0.


config/lock

 0	

Comments

  1. Admin Panel Lock Issues

    State 1: The recovery_password in config.php is empty.


    message:
    The administrative password is not specified!
    Note: The absence of an administrative password is threat to security!
    Enter your password in the configuration file and run the program again.


    solution:
    (a) generate the recovery_password with the {{admin_recovery}} action as Admin
    and set it in config.php

    AND

    (b) purge the old config cache via the {{admincache}} action

    State 2: Admin Panel login available


    Admin Panel login screen
    admin panel login

    State 3: The Admin Panel Lock is active.


    message:
    The site is temporarily unavailable due to system maintenance. Please try
    again later.


    cause 1:
    The Admin Panel Lock is active.

    Wrong password threshold reached

    solution:
    reset config/lock_ap from 1 to 0


    cause 2.1 -> the entered generated password didn’t match

    cause 2.2 -> typo or wrong hash

    solution:
    regenerate password hash and compare or reset the current one in config.php

    cause 3 -> _cache/config/config.php holds the old value

    solution:
    purge the old config cache via the {{admincache}} action
    • WikiAdmin
    • 27.10.2019 18:53 edited