![[Show/Hide Left Column]](styles/strasa/pics/icons/oleftcol.png "[Show/Hide Left Column]"){kind=icon}
![[Show/Hide Right Column]](styles/strasa/pics/icons/orightcol.png "[Show/Hide Right Column]"){kind=icon}
Clicking the Login icon on the Admin Panel (see TikiAdminSettings ) takes you to the Login settings. The login settings screen allows you to configure the that users maintain their identity on your Tiki system. You'll find a description of each setting below.
Contents:
Table of contents
Login Settings
In this section of the admin panel you can setup several settings for your user registration and site security features. The settings are the following ones:| Setting | Description | ||
|---|---|---|---|
| Authentication method: | Tiki supports several different methods of user authentication. Choose between: Just Tiki: Tiki will use its internal user database Web Server: Tiki will user your web server's authentication Tiki and Pear: Tiki will user both its internal user database and Pear::Auth  , which will allow LDAP authentication. Tiki and PAM CAS Shibboleth OpenID and Tiki (introduced in 2.0) The External Authentication page has details on each of these methods. |
||
| Users can register: | If enabled, this will allow users to register, using the webform. The Login module will include a Register link. If disabled, the admin will have to create new users manually on the Admin Users page.
|
||
| but need Admin validation: | If enabled, each user registration must be validated by the adminstrator. After a new user completes the reregistration form, a validation request will be sent to the administrator (defined by the Sender email field on the General Admin page. The administrator must validate the user before the user can login. See the Configuring User Validation page for details on this procedure. |
||
| Create a group for each user | If enabled, Tiki will automatically create a group for the user. The group name will be the same as the user name. See Groups Management for more information on using groups. |
||
| Use tracker for more user information | If enabled, Tiki will display a tracker form for the user to complete, as part of the registration process. Use this tracker to store additional information about each user. See User Tracker for details. |
||
| Use tracker for more group information: | Use a tracker to store additional information about each group. See Group Tracker for details. | ||
| Request passcode to register: | If enabled, the user must enter a passcode before they can register. You can create any alphanumeric passcode. You will have to inform users of this passcode before they can register. This can be used in sites where users are invited or they receive a passcode after paying a fee or something like that. Semi-private or semi-public sites may enjoy this feature.
|
||
| Prevent automatic/robot registration: | If enabled, Tiki will display a CAPTCHA on the registration form to prevent spambots from registering. You must have the GD Image Processing library installed on your server.
|
||
| Use login as email: | If enabled, the user's email address will be used as their login. On the registration form, there will be no Username field.
|
||
| Validate users by emails: | If enabled, Tiki will send an email message to the user. The message contains a link that must be clicked to validate the registration. After clicking the link, the user will be validated. You can use this option to limit false registrations or fake email addresses . Note: Your Tiki must have access to the php (@mail) function. to send the registration email. |
||
| Validate users email server: | If enabled, Tiki will attempt to validate the user's email address by examining the syntax of the email address. It must be a string of letters, or digits or _ or . or - follows by a @ follows by a string of letters, or digits or _ or . or -. Tiki will perform a DNS lookup and attempt to open a SMTP session to validate the email server. Note: Some web servers may disable this functionality, thereby disabling this feature. If you are not in in a high security site or if you are on an open users site, do not use this option. |
||
| Remind passwords by email: | If enabled, the I forgot my password will be displayed in the Login module. If a user forgets their password or username, they can reset their account by entering either their username or email address. Tiki will send the user an email with their email or instructions on resetting their password (depending on the setting of the Store plainword passwords setting).  |
||
| Store plaintext passwords | If enabled, the email generated by the Remind passwords by email setting will include the user's passowrd in plaintext. If disabled, the email will include a link that will allow the user to select a new password. | ||
| Crypt password method | Specify how Tiki encrypts passwords in the database. | ||
| Registered Users can change password.: | If this is enabled, registered users can change their password from their User Preferences page. If not, passwords can be changed only by the admin. | ||
| Reg users can change theme | If enabled, registered users can select their own theme from their User Preferences page. Click on Restrict Available Themes to select the themes you want to make available to the user. Note: Tiki determines the available themes by the .CSS files in your ../styles directory. |
||
| Reg users can change language | If enabled, registered users can select their own interface language from their User Preferences page. Click on Restrict Available Languages to select the themes you want to make available to the user. Note: Tiki determines the available languages by the .PHP files in your ../lang directory. |
||
| Minimum and Maximum username length: | The minimum (default = 1) and maximum (default = 50) number of characters for a valid username. | ||
| Force lowercase username: | If enabled, Tiki will automatically convert all alphabetic characters in the username to all lowercase letters. For example JohnDoe becomes johndoe. See Case in Usernames? for a discussion of case in the various versions of Tiki. |
||
| Use challenge-response authentication | If enabled and the user's browser supports JavaScript , passwords ARE NOT SENT across the network. Instead, a challenge response algorithm is used. Tiki generates a challenge code and the browser sends a response based on the challenge that Tiki verifies to login the user. Challenge responses cannot be reused. This method, if enabled, strongly enforces the security of your user passwords. If you use this option, you don't need an HTTPs connection for extra security. The drawback to this method is that users will have to enter their email address every time they login — three boxes to fill in not two. | ||
| Force to use chars and numbers in passwords: | If enabled, Tiki will require user passwords to contain both letters and numbers. Use this option to force users to select stronger passwords. | ||
| Minimum Password Length: | Select the minimum number of characters for user passwords. The default 1. Increase this option to force users to select stronger passwords. | ||
| Password Invalid after days: | The number of days after which a password will expire. Days are counted starting with the user's first login. When the password expires, users will be forced to select a new password when logging in. Note: In version 1.9.8.3, use 999 to never expire. In version 2.0 use -1 to never expire. |
||
| Re-validate users by email after days: | The number of days after which an email will be sent to the user with a link to revalidate the account. The user will not be able to login (that is, the account will be invalid), until the user clicks the link. Use this feature to verify that a user's email is still valid. Use -1 to never re-validate users. This feature was introduced in release 2.0. |
||
| Re-validate user by email after unsuccessful logins: | The number of unsuccessful login attempts after which Tiki will "lock" the account and attempt to re-validate the user by email. Use this feature to protect user accounts against brute-force attacks. Use -1 to disable this feature. This feature was introduced in release 2.0 |
||
| Generate a password option: | If enabled, Tiki will include a button on the registration form that will automatically generate a very secure password for the user. Note: The generated password may not include any restrictions (such as minimum/maximum length. This feature was introduced in 2.0. In earlier versions, the Generate button was always displayed on the registration form. |
||
| HTTPS Login: | Specify if Tiki supports secure (HTTPS) logins. Choose between: Disabled Allow Encourage Consider always Require If enabled, the Login module will include links for Secure or Standard login.
|
||
| HTTP Port and URL: | If HTTPS is enabled, include the URL and port for your HTTPS server. For example, if you access your site as http://tikiwiki.org:2038 , enter the port here. |
||
| Remember me feature: | Use this option to have Tiki remember users. They will automatically be logged in if they leave, then return to the site. Choose between: Disabled User's choice Always You can define the duration (length of time) that Tiki will "remember" the user. If "User's Choice" the Login module will include a "Remember me" checkbox.
|
||
| Remember me name: | Filename of the cookie placed on users computer. Example: yourdomain | ||
| Remember me domain: | Domain name for the Tiki site. Example: .yourdomain.com | ||
| Remember me path: | Path to your TikiWiki installation, if not in root directory. The path is appended to the domain. Example: / | ||
| Protect against CSRF with a confirmation step: | Enable this option to protect your site against Cross Site scripting (CSRF), a common method of hacking a site. If Tiki detects a possible CSRF attack, a confirmation prompt will be displayed to verify that the action is valid. | ||
| Protect against CSRF with a ticket: | What is this setting used for? | ||
| Highlight Group: | Help What is this setting used for? | ||
| User can choose their group at registration time: | Use this feature to allow a new user to select a group to join, as part of the registration process. The groups you select here will be displayed on the registration form. This feature was introduced in release 2.0 |
||
| Display user's contribution in the user page: | If enabled, the user's User Information page will display a list of all objects (such as wiki pages, image galleries, etc.) that the user has edited. | ||
| Display Tracker Information on User page: | If enabled, displays UserTracker informations in user information page. Format: trackerId,fieldId1,fireldId2,...: | ||
| Deactivate login autocomplete | Use to desctivate the autocomplete in the login box. The autocomplete features can be optionally set in the user's browser to remember the form input and proposes the remember the password. If enabled, the user login and password can not be remembered. You should enable this feature for highly secure sites. This feature was introduced in release 2.0. |
||
| On permission denied, display login box: | If an anonymous visitor attempts to display a page that they do not have permission to view, Tiki will display the Login module. This allows the visitor to login, then display the page. This feature was introduced in release 2.0. |
||
| On permission denied, send to this URL: | If a user attempts to display a page that they do not have permission to view, Tiki will forward the user to the specified URL. This feature was introduced in release 2.0. |
Screenshot
 |
| Administration: Login (2.0) |
Important Notes
Case Sensitivity
- Starting with Release 2.0, the login (username) is case insensitive. Users can complete the Login module or Forgot Password screen using any case. After logging in, the user's login (username) is shown in its original case.
- In earlier releases, the login (username) is case sensitive.
- For backwards compatibility, if two users have identical logins with different cases, they must always log in using their case sensitive login.
- The password is always case sensitive.
Remember Me
- When enabled, you can manage the amount of time that the system "remembers" a user, keeping the user logged in. Without a rememberme cookie, the session finishes when the php session end. A session can finish because the idle time has been reached or the user closes their browser (or tab in the browser, depending on the browser).
- The session length is set by the session.gc_maxlifetime setting in the php.ini file. If allowed by your host, you can overwrite this by using the Session Lifetime in Minutes field.
Be careful: Sometimes other application running on the same server can redefine the session length and if your session saves the session files in the same place than tikiwiki, you can have interference) - With a remember me cookie, you can extend the time the system remembers a user (if the user allows cookies and does not limit the cookie to the session time). This time is set in admin->login. When a user checks remember me checkbox, the browser creates a cookie with a name beginning with 'tiki-user-' followed by the rememberme name you gave in admin->login.
- The rememberme feature allows you also to be able to close the browser and to be still logged in when you reopen the browser (if the timeout is not reached)
- In Release 2.0, this cookieis secure. The value does not contain the username or password. The value is a value saved in the database that is matched to find out the user name when the php session has expired. The cookie is deleted when you log-out. In tikiwiki >= 1.10, the remember me can be always activated (admin->login)
- If the user changes their IP or browser, the Remember Me feature will fail.
CustomFields
A rudimentary capability exists to add additional text fields to the User Preferences page. This might be used for fields like:- ))Home_Phone((
- AIM (or other IM handles)
- Address
- ))Professional_Certs((
insert into tiki_user_preferences values('CustomFields','Home_Phone',NULL);The values of the 3 fields are:
- must be 'CustomFields'
- descriptive label - this is what shows on screen as the field label
- default value - NULL means no default, a string here will put that value in the field for the user to edit.
- At this time, there is no web page to create the actual field definitions, you must use the SQL statement shown above.
- No spaces are allowed in the label, an underscore can be used instead.
- There is no support for anything other than plain text fields
- Possible security issue - if a user registers with the name 'CustomFields', they could possibly change the default values, or cause other problems. Possible workaround - create your own user with that name and don't use it for anything.
- The created fields are informational only, they don't hook into anything useful inside Tiki.
Authentication Methods
See:
Contributors to this page: KaiiaK
,
xavi
,
jh
,
mlpvolt
,
ulfthemoose
,
dthacker
,
sylvie
,
ricks99
and
marclaporte
.
Page last modified on Thursday 28 May, 2009 09:30:51 UTC by KaiiaK .
Sidebar
Doc Menu
![[toggle]](pics/icons/module.png "[toggle]")
![[toggle]](javascript:icntoggle('mod-DocUserMenul2','module.png'); "[toggle]"){kind=small}
New in version...Featured links
Last changes
Freetags editor
Sidebar
To register
To have an account at this site, please register at Tikiwiki.org, and then use that user name and password to log in here.
, and then use that user name and password to log in here.Find by Page Name
Powered by TikiWiki CMS/Groupware |
Theme: Strasa
[ Execution time: 0.42 secs ] [ Memory usage: 6.21MB ] [ 104 database queries used in 0.0 secs ] [ Server load: 0.07 ]
Last update from SVN(4.2): Thursday 11 March, 2010 22:34:33 UTC
- REV 26071