CMSimple.ORG
Support Forum
CMSimple Admin
Sitemap
Print Version
da de es fi fr it nl ru se sk pl
Last update:
August 20. 2010 00:25:39

Valid HTML 4.01 Transitional

Dichos y Refranes Escribir al Reves
CMSimple.ORG > Installer's Manual > WWW-Authenticate

WWW-Authenticate

For better password protection it is advised to use security type wwwaut.

On Linux where PHP is installed as an Apache module (not a CGI), this feature will work just by setting security type to wwwaut under the configuration settings of CMSimple.

With CMSimple 2.7 it is also possible to make wwwaut work on:

  • When PHP is installed as CGI/FastCGI and RewriteEngine is on
  • On Microsoft Internet Information Services (IIS) when PHP > 4.3.3, only "Anonymous access" is set and "Custom Errors" is set to Default. (Also cgi.rfc2616_headers in php.ini must be deafult).

The username may be set in the file ./CMSimple/config.php:

$cf['security']['username']="admin";

(Optional and not included by default from version 2.8)

The username is only used for security type wwwaut - if not set, the default username defined in login.php is admin

When $cf['security']['username'] is added to config.php the username may be changed by using the "Edit configuration" form which is found under the menu item "SETTINGS" (only visible when logged in).

How to check Server API

You can check that PHP is installed as an Apache module, by looking at phpinfo. Download phpinfo.php or create a php-file with this content:

<?php echo phpinfo(); ?>

Run the file over the webserver, by calling ie. http://www.yourdomain.com/phpinfo.php

The line "Server API" in the resulting page must look like this:

Server API Apache

Wwwaut when Apache module

Set security type to wwwaut under the configuration settings of CMSimple and save. You'll need to login again afterwards, using both the defined username and password.

The same thing may be achieved by setting $cf['security']['type']="wwwaut"; (before version 2.8: $cf['security']['wwwaut']="true";) in cmsimple/config.php.

Wwwaut when CGI/FastCGI

In the CMSimple basefolder, you should create a .htaccess file with this content:

RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Set wwwaut to 'true' under the configuration settings or by setting $cf['security']['wwwaut']="true"; in cmsimple/config.php.

If it gives an error on the website or it does not allow you to login, you are probably not allowed to use .htaccess files and/or the RewriteEngine at your webhotel.

Wwwaut when ISS

1. In webserver admin goto Web Site Properties -> File/Directory Security -> Anonymous Access dialog box - check the "Anonymous access" checkbox and uncheck any other checkboxes (uncheck "Basic authentication," "Integrated Windows authentication," and "Digest")

2. In webserver admin under "Custom Errors" select the range of "401;1" through "401;5" and select "Set to Default".

3. Set security type to wwwaut under the configuration settings of CMSimple and save.

If it does not work, check that PHP > 4.3.3 and in php.ini that "cgi.rfc2616_headers = 0"
 
< TOP >
Powered by CMSimple