|
Cookbook /
DeleteActionSummary: Use a separate password for deleting pages
Version: 2005-08-10
Prerequisites: PmWiki 2.x
Status:
Question answered by this recipeHow can I use a separate password for deleting pages? AnswerThe deletepage.phpΔ script adds an "?action=delete" which can be used to password-protect the removal of pages from the wiki. In addition, the script disables PmWiki's default page deletion mechanism, although this can be restored. DiscussionBy default, pages in PmWiki can be deleted by editing the page and changing the contents to the single word "delete" (controlled by the Note that as with the default page deletion, the pages are not entirely removed from the site's wiki.d/ directory -- the page file is simply renamed to include a timestamp. This is to guard against accidental or malicious page deletions via the PmWiki interface. Deleted pages are not completely removed until a wiki administrator deletes them from the wiki.d directory. The deletepage.phpΔ script is enabled at Test.DeletePage for those who wish to see its effects. (It's not enabled for testing on this page for somewhat obvious reasons. :-) CommentsI just wanted to point something out that may seem obvious to experienced users: I've added the instructions for this into the script directly -- thanks. --Pm
I think it would be great if the delete action could display a confirmation page. That way I would feel more comfortable adding a Delete action link. Right now if somebody accidentally clicks it when they try to click edit or history, they'll wipe the page (I know we can retrieve but it's a bit of a pain). --NoelLlopis Hmm, writing confirmation pages is a bit of a pain too. It's probably a bad idea to have ?action=delete directly in the template or file anyway, as a search engine robot will activate all of your delete links. :-) For the time being I suggest making sure that ?action=delete is always password protected:
This will prevent robots from activating delete links. I'll also see about providing a confirmation capability of some sort. --Pm
Could this be done with JavaScript of some sort? http://www.shiningstar.net/articles/articles/javascript/confirmsubmit.asp?ID=AW (among others) has some examples --Anonymous
Something like <a href=somefile.php?action=delete&delete=yes onClick="return confirm('Are you sure you want to delete this?')"> then if (isset($_GET['delete']) && ($_GET['delete']=="yes")) { delete... --Kab July 15, 2005, at 09:35 AM Well yes, I make a javascript and it works! All you need to do is to put the following lines to your .tmpl file in your skin, and you will get a "delete page" link with confirm function.
<script language="JavaScript">
<!--
function confirmSubmit()
{var agree=confirm("Are you sure you wish to continue?");
if (agree)
return true;
else
return false;
}
-->
</Script>
<a onClick="return confirmSubmit()" href='$PageUrl?action=delete' accesskey='ak_delete'>Delete Page</a>
Starting with version 2.0.beta50, you can password-protect the action with
$HandleAuth['delete'] = 'edit';
or
$HandleAuth['delete'] = 'admin';
to require the edit or admin password respectively. Klonk
I modified this delete link on the .tmpl file, so it would not appear if user not logged in.
<a onClick="return confirmSubmit()" href='$PageUrl?action=delete' accesskey='ak_delete'>$DeleteText</a>
And put the following lines on config.php or farmconfig.php :
if ($LoginName == 'Logout')
{$DeleteText = 'Delete This Page';} else {$DeleteText = '';}
$HandleAuth['delete'] = 'edit';
to make this work. --deelar
Why isn't the delete password shown next to the change delete password box on the Attributes page? All the other attributes show what password they're using (**** for a normal password, and id: or @group for AuthUser passwords) next to the box where you type to change it, but delete doesn't. --Daniel Contributors |