How to password protect the installation
Basic Apache Password Protection
You can add password protection to your installation using the basic Apache htaccess authentication. Use this method if you are comfortable with it. However this method doesn't support users with different access rights.
Enabling the built-in User Authentication System
To enable the built-in user authentication, click the 'User Admin' button the sidebar menu. Specify a super-admin username and password. Click the 'Save Super Admin' button.
The next time you open the application in your browser, you will see a login screen similar to the following.
To add additional users, click the 'User Admin' button in the top toolbar.
If you forget your password
There is no way to obtain the password if you forget it because it is saved to database using a one-way encryption (salted+hashed). The only solution is to open 'config.php' file in the root folder of your installation and specify a new username and password pair. You can then login using the new credentials and change the database password from the interface. Then come back to the config.php file and remove the manually added credentials.
Any entries you make in the config.php
file will always override any username + password you
add from within the user interface. So, if you forget your password, follow this procedure to reset the password.
- Type in a user name + password combo in config.php so that you are able to login.
- Login and add a new admin password using the interface.
- While still logged in, edit the config.php and remove the username + password combo in it.
- Logout and login using the username + password specified from the User Interface.
More security options
You can also lockout the user on multiple incorrect login attempts. Simply specify a maximum login attempt count and the time (in minutes) to block in the 'Authentication' tab of 'App Settings' panel.