• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item7481: Admin should be able to add new users even if EnableNewUserRegistration is off

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal New   n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


The configuration setting

is convenient to prevent users from registering themselves. (I recently helped a client by removing approximately 300 "Spam" users from the htpasswd file!).

However, a TWiki Admin should be able to add new users (run the register CGI script) regardless of the setting of this configuration variable.

That is, if someone is logged in to TWiki and their ID has Admin permission, this should override the {Register}{EnableNewUserRegistration} setting.

I expected that it would and was surprised when I got an error that I could not run the script.

Yes, the Admin can go to configure, reset the setting, add the users, reset the setting, but this is brittle. They could forget turn to turn this setting off again. Spammers could access register during the period that Enable is on.

(Personally, one of the things that I do is to protect the register script with Apache's access configuration options, the same way that I protect configure. We could recommend this in the docs.)

FYI: I really like the code in TWikiRegistration that sets a NOREGISTRATION variable to disable the form fields unless context registration_supported. When Admins are allowed to add users at any time, this could be expanded as

   * Set NOREGISTRATION = %IF{"context registration_supported" then="%IF{"'%USERNAME%' ingroup 'TWikiAdminGroup'" then="" else="DISABLED"}%" else="DISABLED"}%

-- TWiki:Main/VickiBrown - 2014-04-05

Summary Admin should be able to add new users even if EnableNewUserRegistration is off
ReportedBy TWiki:Main.VickiBrown
Codebase 6.0.0
SVN Range TWiki-6.0.1-trunk, Sat, 22 Mar 2014, build 27164
AppliesTo Engine

Priority Normal
CurrentState New


TargetRelease n/a

Topic revision: r1 - 2014-04-05 - VickiBrown
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback