Reputation: 1102
MediaWiki - Require confirmed emails before allowing read?
I'm trying to setup a MediaWiki for university students. Using the EmailDomainCheck, I prevent anyone except those with a university based email from creating accounts. Using $wgEmailConfirmToEdit, I can require that an email is confirmed before the user can edit files. However, as it is, a user can use a fake email from the correct domain to create an account. With the account they can view all pages (even though they cannot edit them). I do not want to grant them read access unless the email has been confirmed. Is this possible? Note, I want all confirmed emails of the correct domain to be automatically accepted. It should not require manual account creation acceptance.
Upvotes: 2
Views: 223
Answers (2)
Reputation: 305
You could try the following, as outlined in the Documentation
# Disable for everyone.
$wgGroupPermissions['*']['read'] = false;
# Disable for users, too: by default 'user' is allowed to read, even if '*' is not.
$wgGroupPermissions['user']['read'] = false;
# Make it so users with confirmed email addresses are in the group.
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
# Hide group from user list.
$wgImplicitGroups[] = 'emailconfirmed';
# Finally, set it to true for the desired group.
$wgGroupPermissions['emailconfirmed']['read'] = true;
As Jenny Shoars has mentioned, you may wish to whitelist some pages such as:
$wgWhitelistRead = array("Main_Page", "Special:CreateAccount", "Special:ConfirmEmail");
So that non registered users can still create accounts and the like.
Upvotes: 1
Reputation: 28160
In theory,
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['emailconfirmed']['read'] = true;
should work. In practice, MediaWiki almost always used with an "everyone can read" or "you can read iff you are logged in" setup and others are not very well tested, so if that wiki had some highly sensitive private information I wouldn't do this, but I imagine for a university website that's not the case.
Alternatively, it should not be too hard to integrate an email confirmation step into account creation, but you'd have to write the code for that. EmailAuth (which does a similar check during login) might give you an idea of how that would look.
Upvotes: 1
Related Questions
- In MediaWiki installation - How can I set email confirmation to be true for existing users and default the value for new users to true?
- Using MediaWiki ClientLogin For Sign In Verification
- Is it possible to restrict account creation with MediaWiki using an access code?
- MediaWiki: multiple recipients when user changes email
- How can I send confirmation emails from MediaWiki to users?
- Mediawiki: Special:ConfirmEmail denied access
- Get user email addresses in mediawiki
- how to require 'confirm by email' to create an account in mediawiki
- Making registration for media wiki require admin approval?
- MediaWiki: Special "Create an account" behaviour