Context Navigation

Changes between Version 5 and Version 6 of AccountControl

Timestamp:: Oct 14, 2020, 7:42:22 PM (4 years ago)
Author:: davea
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

AccountControl

-                      v5
+                      v6
 = Controlling account creation =
+Under normal circumstances BOINC projects are open for participation by anybody who wants to contribute their computer to the project. There may be times, however, when a project needs to limit the creation of new accounts. BOINC offers two alternatives.
+BOINC has two mechanisms for creating accounts:
+* RPC-based: The [WebRpc#create_account create_account] RPC.
+This is used by BOINC Manager and by account managers.
+* Web-based: the user fills out a web form (join.php or create_account_form.php).
+This has the advantages that you can use ReCaptcha (to prevent mass account creation by spammers)
+and you can customize it however you want.
+By default both mechanisms are enabled.
 == Disabling account creation == #disabling-account-creation
 To disable all account creation, edit the project configuration file [ProjectOptions config.xml] and add to it the element:
+To disable all account creation, edit [ProjectOptions config.xml] and add
 {{{
 <disable_account_creation>1</disable_account_creation>
 …
 Note: 1 = True, 0 = False
+This disables account creation via any mechanism (the client, the web, or [AccountManagers account managers]). You can momentarily remove this element while you create accounts.
+To disable RPC-based account creation, add
+{{{
+<disable_account_creation_rpc>1</disable_account_creation_rpc>
+}}}
 == Restricting account creation via 'invitation codes' == #invite-codes
 It is also possible to restrict account creation to only those who present a secret 'invitation code'. In this case an account can only be created via the web pages, not via the client or the [AccountManagers account managers].
+You can restrict account creation to those who present an 'invitation code'.
+To use this mechanism you need to add to the file `html/project/project.inc` a definition for a PHP constant `INVITE_CODES` containing the allowed invitation codes. A simple example is:
+{{{
+define('INVITE_CODES', '/xyzzy/');
+}}}
+This allows account creation only if the user enters the invitation code 'xyzzy' (without any quotes). The pattern in INVITE_CODES is compared to the user's input as a [http://php.net/reference.pcre.pattern.syntax Perl-Compatible Regular Expression (PCRE)], so don't forget the enclosing slashes. A more complicated example is:
+To do so, add to the file `html/project/project.inc` a definition for a PHP constant `INVITE_CODES`
+as a [http://php.net/reference.pcre.pattern.syntax Perl-Compatible Regular Expression (PCRE)]
+for the set of invitation codes.
+For example:
 {{{
 define('INVITE_CODES', '/yohoho|blunderbuss|!grog4U/');
 }}}
+This allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'.
+In a PCRE vertical bars separate alternatives, so this pattern just allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'. More complex pattern matching is possible, though not required.  The security of this mechanism depends on how you distribute the invitation codes. If you write the code on the whiteboard in your lab then only someone with access to that room can use it. If you send it out to a mailing list then only members of that list can use it (until someone shares it with someone else who is not on the list). The goal here is not strict security so much as a way for a new project to limit account creation to a restricted set of users while the project is getting started.
+INVITE_CODES applies to both web and RPC-based account creation.
+To restrict only RPC-based account creation, use
+{{{
+define('INVITE_CODES_RPC', '/yohoho|blunderbuss|!grog4U/');
+}}}