View Single Post
Old 2009-09-19, 09:59   Link #12
felix
sleepyhead
*Author
 
 
Join Date: Dec 2005
Location: event horizon
Quote:
Originally Posted by GHDpro View Post
- Disable any form of anonymous login or normal (direct-on-wiki) registration
- Make a special page that allows wiki "registration" using your forum login
- Hijack login system to check forum db for password, not wiki db
- Run a script so that various things remain in sync (ie: if user is banned on forum; ban him on wiki)
I'm kinda seeing more editing there then just the registration page if you do it like that; you have to hijack the entire security layer and also by refering dirrectly to the forum user tables you now break the History, Recent changes, Watchlist (essential) features which relied on whatever wikidb table to store the information. Tables which would now be little more then null given you are now using only forum tables for login purposes.

How about,
- Disable annonymous logins (I'm sure there is a localsettings.php variable for it)
- Add a extra verification to the registration page requiring you to have a equivalent account (nick and password at the time) on the forum.
- On registration the userid is stored in a seperate table
- If user with the userid exists (this would be due to namechange etc) registration is canceled

To Ban you make a script that bans the userid from both forum and wiki. This system would thus avoid tampering with anything more then registration.

In any case the following need to be intact:
  • wiki syntax (eg. [[some internal article]])
  • basic (harmless) html codes, that is: <div> <span> <br />, <table>, etc
  • article creation
  • template system
  • "History" feature, this includes undo, comparison etc
  • "Watchlist", essential for maintenance work as well as vandalism deterrent
  • "Recent changes" feature; again maintenance feature
You can break everything else as long as the above are working.
__________________
felix is offline   Reply With Quote