Admin Panel
1. Configuration
1.1. Create a Recovery-Password
- to login define the
recovery_password
in the config/config.php file first- Call the
{{admin_recovery}}
action as Admin and generate the password hash for your recovery_password - Add the password hash:
'recovery_password' => 'add hash here',
- Call the
- Don't forget to delete the _cache/config/config.php afterwards. (manually or via the
admincache
action) - Call yourwiki/admin.php
- Enter your recovery password
1.1.1. Example
Clear config cache with {{admincache}}
action
1.2. The administrative password is not specified!
When you see this message, please see instructions above. This password must be set independently from your account password.
If you've already defined the recovery_password
and still get this message, you probably forgot the delete the old config cache.
The administrative password is not specified! Note: The absence of an administrative password is threat to security! Enter your password in the configuration file and run the program again.
1.3. Mode
There are two Mode (config/constants.php)
-
const RECOVERY_MODE = 0;
- you must already be logged in as member of the Admin group to access the Panel (default)
-
const RECOVERY_MODE = 1;
- to restore or repair the database, no database access is required, only a subset of modules are available
- ensure that the database you provided in the config file is already created
- After successful recovery, reset the
RECOVERY_MODE
back to0
.
2. Login
- Login as Admin in the Wiki
- Call
https://wiki.example.com/admin.php
(without mode_rewrite/?page=admin.php
) - Enter the recovery password you've previously created.
Review the Preferences sections to make sure that the default settings values are acceptable to you; change what is not appropriate for you.
One of the wisest security principles says that what is unused should be disabled. So the first questions is: Are you really going to use it? Do you need it to be enabled?
3. Protect your Admin panel
Follow this security policy to protect your site from hackers and security breaches.
- Choose a secure password
- Limit Login Attempts
- Require HTTPS/TLS for all pages with logins
- Don't use your Admin panel password for anything else
- Use a custom admin path
- Restrict admin access to only approved IP addresses
3.1. Admin Panel Lock
The site is temporarily unavailable due to system maintenance. Please try again later.
If your Admin panel gets locked reset config/lock_ap from 1
to 0
.
The lock occurs when the password has been repeatedly entered incorrectly and is a measure to mitigate attempts to gain unauthorized access.
config/lock_ap
0
3.2. Site Lock
In addition, you may receive this message if you have locked your site and forgot to unlock it again in the Admin panel.
To unlock your site reset config/lock from 1
to 0
.
config/lock
0
Admin Panel Lock Issues
State 1: The recovery_password in config.php is empty.
message:
solution:
{{admin_recovery}}
action as Adminand set it in config.php
{{admincache}}
actionState 2: Admin Panel login available
Admin Panel login screen
State 3: The Admin Panel Lock is active.
message:
cause 1:
solution:
cause 2.1 -> the entered generated password didn’t match
cause 2.2 -> typo or wrong hash
solution:
cause 3 ->
_cache/config/config.php
holds the old valuesolution:
{{admincache}}
action