Changes between Version 5 and Version 6 of AccountControl


Ignore:
Timestamp:
Oct 14, 2020, 7:42:22 PM (3 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AccountControl

    v5 v6  
    11= Controlling account creation =
    22
    3 Under normal circumstances BOINC projects are open for participation by anybody who wants to contribute their computer to the project. There may be times, however, when a project needs to limit the creation of new accounts. BOINC offers two alternatives.
     3BOINC has two mechanisms for creating accounts:
     4
     5* RPC-based: The [WebRpc#create_account create_account] RPC.
     6This is used by BOINC Manager and by account managers.
     7
     8* Web-based: the user fills out a web form (join.php or create_account_form.php).
     9This has the advantages that you can use ReCaptcha (to prevent mass account creation by spammers)
     10and you can customize it however you want.
     11
     12By default both mechanisms are enabled.
    413
    514== Disabling account creation == #disabling-account-creation
    615
    7 To disable all account creation, edit the project configuration file [ProjectOptions config.xml] and add to it the element:
     16To disable all account creation, edit [ProjectOptions config.xml] and add
    817{{{
    918<disable_account_creation>1</disable_account_creation>
     
    1221Note: 1 = True, 0 = False
    1322
    14 This disables account creation via any mechanism (the client, the web, or [AccountManagers account managers]). You can momentarily remove this element while you create accounts.
     23To disable RPC-based account creation, add
     24{{{
     25<disable_account_creation_rpc>1</disable_account_creation_rpc>
     26}}}
    1527
    1628== Restricting account creation via 'invitation codes' == #invite-codes
    1729
    18 It is also possible to restrict account creation to only those who present a secret 'invitation code'. In this case an account can only be created via the web pages, not via the client or the [AccountManagers account managers].
     30You can restrict account creation to those who present an 'invitation code'.
    1931
    20 To use this mechanism you need to add to the file `html/project/project.inc` a definition for a PHP constant `INVITE_CODES` containing the allowed invitation codes. A simple example is:
    21 
    22 {{{
    23 define('INVITE_CODES', '/xyzzy/');
    24 }}}
    25 
    26 This allows account creation only if the user enters the invitation code 'xyzzy' (without any quotes). The pattern in INVITE_CODES is compared to the user's input as a [http://php.net/reference.pcre.pattern.syntax Perl-Compatible Regular Expression (PCRE)], so don't forget the enclosing slashes. A more complicated example is:
    27 
     32To do so, add to the file `html/project/project.inc` a definition for a PHP constant `INVITE_CODES`
     33as a [http://php.net/reference.pcre.pattern.syntax Perl-Compatible Regular Expression (PCRE)]
     34for the set of invitation codes.
     35For example:
    2836{{{
    2937define('INVITE_CODES', '/yohoho|blunderbuss|!grog4U/');
    3038}}}
     39This allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'.
    3140
    32 In a PCRE vertical bars separate alternatives, so this pattern just allows someone to create an account if they enter any of the words 'yohoho', 'blunderbuss', or '!grog4U'. More complex pattern matching is possible, though not required.  The security of this mechanism depends on how you distribute the invitation codes. If you write the code on the whiteboard in your lab then only someone with access to that room can use it. If you send it out to a mailing list then only members of that list can use it (until someone shares it with someone else who is not on the list). The goal here is not strict security so much as a way for a new project to limit account creation to a restricted set of users while the project is getting started.
     41INVITE_CODES applies to both web and RPC-based account creation.
     42To restrict only RPC-based account creation, use
     43
     44{{{
     45define('INVITE_CODES_RPC', '/yohoho|blunderbuss|!grog4U/');
     46}}}