| 16 | |
| 17 | If your project's URL is '''http://a.b.c/test''', |
| 18 | then the URL of the admin web interface is '''http://a.b.c/test_ops'''. |
| 19 | The directory containing the admin pages is '''~/projects/test/html/ops/'''. |
| 20 | |
| 21 | Because the admin interface lets you do things like |
| 22 | see user email addresses, it's extremely important that it be secure. |
| 23 | There are two levels of protection: |
| 24 | |
| 25 | == Protection by .htaccess == |
| 26 | |
| 27 | When a project is created, a file '''html/ops/.htaccess''' is created |
| 28 | that disallows access to the admin web interface. |
| 29 | You can use '''htpasswd''' to create a '''.htpasswd''' file containing |
| 30 | credentials for yourself. |
| 31 | |
| 32 | == Project-defined protection policy == |
| 33 | |
| 34 | The project-specific config file '''html/project/project.inc''' |
| 35 | contains a function '''auth_ops()''' that defines |
| 36 | a project-specific policy for protecting the admin interface. |
| 37 | By default, no access is allowed; |
| 38 | you'll need to edit this function to specify your project's policy. |
| 39 | |
| 40 | Existing projects: look at '''html/project.sample/project.inc''', |
| 41 | copy the '''auto_ops()''' function into your project.inc file, |
| 42 | and edit it to specify your project's policy. |