Use Adminer
Adminer is a lightweight database management tool seamlessly integrated into Raydium. It allows superadmin users to access and manage the database from a web interface. However, for security reasons, Adminer must be properly enabled and configured in several places:
kiosk.jsonfor user roles and privileges.configs/app.php(specifically thedbadminsection) for site-wide Adminer settings.
This guide walks you through each step to ensure a secure and efficient Adminer setup.
1. Overview of Adminer Access
Adminer is accessed via a unique URL that follows this pattern:
http://example.com/wp/wp-admin/{uriID}By default, Adminer is not accessible for security reasons (you’ll see a 404 error if you try). You must enable it and ensure the user accessing it has the superadmin role.
2. Prerequisites
Superadmin Privileges
The user must have"role": "superadmin"in thekiosk.jsonfile.Matching WordPress User
A corresponding WordPress user with the same username must exist, remain active, and have sufficient permissions in WordPress (e.g., Administrator-level capability).Application Mode
Adminer may be unavailable in “secure” environments if the application is running with the secure flag set, regardless of other settings.
3. Step-by-Step Configuration in kiosk.json
3.1 Open kiosk.json
Locate the kiosk.json file (or create it) in your configuration directory. Inside, you will find a users section like:
"users": {
"alice": {
"id": "23566",
"username": "alice",
"email": "alice.johnson@example.com",
"role": "admin",
"permissions": [
"read",
"write",
"deploy",
"manage_kiosk"
],
"active": true
}
}3.2 Update the User Role
Change "role": "admin" to "role": "superadmin":
"role": "admin",becomes:
"role": "superadmin",Save your changes.
3.3 Verify User Alignment
- Ensure there is an active WordPress user with the exact username, such as
"alice". - Confirm this user can log in to WordPress normally and has full site permissions.
4. Additional Adminer Configuration in configs/app.php
Alongside kiosk.json, Adminer access is controlled by the dbadmin section in configs/app.php. Below is an example configuration:
/*
* Configuration settings for the Adminer database administrator interface.
*
* Note: If the application is running with the `secure` flag set,
* Adminer will never be accessible, regardless of these settings.
*/
'dbadmin' => [
/*
* Whether or not to enable the Adminer interface.
* @var bool $enabled Default true.
*/
'enabled' => true,
/*
* The URI path for accessing the Adminer interface.
* The resulting URL will be `example.com/wp/wp-admin/{uri}`.
* @var string $uri Must be a valid string. Default is 'dbadmin'.
*/
'uri' => 'dbadmin',
/*
* Whether to validate that the WordPress user is authenticated.
* Only users in the `kiosk` list with the `manage_database` capability will be allowed.
* @var bool $validate Default false.
*/
'validate' => true,
/*
* Whether to enable autologin for the Adminer interface.
* @var bool $autologin Default true (based on ADMINER_ALLOW_AUTOLOGIN constant).
*/
'autologin' => ADMINER_ALLOW_AUTOLOGIN,
/*
* Optional passkey for generating signed access URLs.
* Allows the creation of signed URLs that bypass authentication under specific conditions.
* @var string|null $secret Default null.
*/
'secret' => [
'key' => env('ADMINER_SECRET', null),
'type' => 'jwt',
],
],4.1 Key Settings Explanation
enabled: Controls whether Adminer is globally enabled.uri: Defines the path segment for Adminer. For instance, if set to'dbadmin', your Adminer URL becomeshttp://example.com/wp/wp-admin/dbadmin.validate: Iftrue, WordPress user authentication is strictly enforced, requiring users to be logged in and have themanage_databasecapability.autologin: Iftrue, bypasses the Adminer login screen.- Use with caution, as it can allow anyone with the URL to access Adminer.
- It relies on the
ADMINER_ALLOW_AUTOLOGINconstant, which can be overridden inwp-config.php.
secret:- When set, you can create signed Adminer URLs that bypass normal authentication for debugging or temporary access.
- The key is validated before granting Adminer access.
Important: In highly secure environments (if the app runs with the
secureflag), Adminer remains inaccessible regardless of the above settings.
5. Applying Your Changes
Restart or Reload
After modifyingkiosk.jsonandconfigs/app.php, restart or reload the application to apply the updated settings.Access the Adminer URL
- If
uriis set todbadmin, visit:http://example.com/wp/wp-admin/dbadmin - Or, if you have a custom
urilikedf78cd0d37a143dd, it becomes:http://example.com/wp/wp-admin/df78cd0d37a143dd
- If
6. Troubleshooting
6.1 404 Errors
- Check
dbadmin.enabled: Confirm that'enabled' => true. - Superadmin Role: The WordPress user must have the
superadminrole inkiosk.json. secureFlag: Ensure your application is not in a mode that automatically disables Adminer.
6.2 Authentication Failure
dbadmin.validate: Iftrue, you must be logged in as a user who has themanage_databasecapability.- WordPress Credentials: Verify the username and password match the active WordPress user.
6.3 kiosk.json Updates Not Applied
- Restart/Reload: Always restart or reload your application after making changes.
7. Security Best Practices
Restrict Access to Trusted Users
Grant superadmin privileges only to those who genuinely require database-level access.Keep the URL Private
Ifautologinis true, anyone with the URL can access your database interface.Use Signed URLs Carefully
If you enablesecret.key, treat generated URLs as highly sensitive.Secure Environments
If your environment is running with thesecureflag, Adminer will remain inaccessible for an added layer of protection.
By following these steps and properly configuring both kiosk.json and configs/app.php, you can safely enable and use Adminer in the Raydium WPFramework for easy, web-based database management.