How to password protect the installation

Basic Apache Password Protection

You can add password protection to your installation using the basic Apache htaccess authentication. Use this method if you are comfortable with it. However this method doesn't support users with different access rights.

Enabling the built-in User Authentication System

Version 2.4+

To enable the built-in user authentication, go the 'Basic App Setup' pane and select the 'Authentication' tab. Specify a super-admin username and password. Click the 'Save Username & Password' button.

The next time you open the application in your browser, you will see a login screen similar to the following.

To add additional users, click the 'User Admin' button in the top toolbar.

If you forget your password

There is no way to obtain the password if you forget it because it is saved to database using a one-way encryption (salted+hashed). The only solution is to open 'config.php' file in the root folder of your installation and specify a new username and password pair. You can then login using the new credentials and change the database password from the interface. Then come back to the config.php file and remove the manually added credentials.

Versions Prior to 2.4

To enable the built-in user authentication in versions older than 2.4, you have to open the "config.php" file in the root folder of your installation using a text editor and scroll down to the section that looks like the following.

$admin_user_name = "admin";
$admin_password = "mysecret";

Specify the two entries for the user-name and password. Make sure that your password is atleast 6 characters long. Save the file and upload it to the server.

More security options

The user authentication system supports use of the Google re-captcha. You will need to obtain the two keys from the recaptcha website and enter them into the config.php file.

You can also lockout the user on multiple incorrect login attempts. Simply specify a maximum login attempt count and the time (in minutes) to block in the config.php or in the 'Authentication' tab of 'Basic App Setup' pane.