ign_password_protect

tonyc · 2006-11-28 17:53:03

Algaris wrote:

Something else I thought of. I suppose this is something of a request really. Would or is it possible to use the plug-in with the commenting options, so that when a logged in user goes to comment it automatically fills out their name for them? At the moment it could be feasible for someone to login with their username and then leave a comment using a different name, which is what I want to avoid.

— I’m not sure if you’d found a solution to your problem but here is an idea:

in your “comment_form” run a check whether the user is logged in or not and asign the username as a value for the name input then disable it or you could even make it hidden. You should use html as the <txp:comment_name_input /> doesn’t support atributes

Last edited by tonyc (2006-11-28 17:53:51)

saccade · 2006-12-05 17:57:36

@igner
thank you for the help. Didn’t see the doubly True/false-question :-)

Now I have a how-to-question on plugin-usage:

As I have several scenarios in which I use your plugin and need the function I added as well as the corrected ign_logged_user function now I’m thinking how to proceed:

So far I edited your plugin code directly in the txp-installation.
But of course this is complicated and in danger of errors and it would be better to have an unchanged plugin.
So should I create my extension as a plugin to your plugin (and have both to be installed)?
Or could you imagine to include this function in your plugin and release a corrected/extended version? (That would be the finest! And I hope my function is useful for others too.)
Or should I combine all in a privately used plugin code to ease my work of installation?

best regards
Michael

apsk121 · 2006-12-13 06:44:21

I have a question. I’ve been using ign_password_protect to password protect a part of my website. I recently noticed Google bot spiders on that part of the website where I use ign password protect. DO I need to worry? That part of my website is fairly private and I couldn’t want to to land up in the Google Cache or in search results… What should I do to protect my content?

igner · 2006-12-13 13:52:56

Unless you’re using the plugin in page mode, the pages still exist and are technically accessible. If there are publicly accessible links to the private content, and it’s just the content that’s protected, then yes, google will crawl those pages. HOWEVER, unless a valid user is logged in, the content that is wrapped in the protect tags (either if_logged_in or password_protect) doesn’t ever get rendered to the browser, so would be invisible to google.

The other thing to do is to make sure you’ve got a robots.txt file, and explicitly exclude that directory from crawling. Granted, not every spider will respect that file, but it’ll be a good start.

apsk121 · 2006-12-13 13:55:04

Thanks.

Suppose my section is is /bingo/ what do I need to add to the robots file?

igner · 2006-12-13 14:01:32

This should do the trick:

User-agent: * # all user agents
Disallow: /bingo/
Disallow: /textpattern/ # no reason to let them into the admin section, either

apsk121 · 2006-12-13 14:03:48

Thanks a lot for your prompt help!
Let’s see if this does it. :)

jayrope · 2006-12-14 16:29:28

igner wrote:

The other thing to do is to make sure you’ve got a robots.txt file, and explicitly exclude that directory from crawling. Granted, not every spider will respect that file, but it’ll be a good start.

The evil spiders will crawl directories first, which you explicitly excluded in the robots.txt.
To get rid of these you should aswell build a bot trap.

FireFusion · 2006-12-15 10:58:13

Ok, I found out neither server that the mysql Apache mod installed. I get my sis admin to install but before I do is there any other way I can protect the whole domain using this plug-in?

igner · 2006-12-15 14:12:50

Depends. I could conceivably write some custom functionality to push users out to an .htpasswd file on creation / update (but you’d have to update any existing users, as passwords are stored with a one-way hash in both .htpasswd and mysql. But that wouldn’t happen for a while. You might be able to do something funky with mod_rewite and referrer paths, and only allow access through protected TXP pages. But that’d be a hack at best.

Ultimately, I think the best bet is the mod_mysql install.

apsk121 · 2006-12-24 12:02:21

Hey, I’m running into another small problem, but besides that everything is working perfectly.
I was wondering if I could prevent display of comments of the section I’m protecting with this plugin as well?
I use popup comments so any help would be great.

mrdale · 2007-01-03 00:21:40

OK simple question.

Does <txp:ign_logged_user /> currently return the user name of the logged in user as stated in the documentation?

Textpattern CMS

Textpattern CMS support forum

#289 2006-11-28 17:53:03

Re: ign_password_protect

#290 2006-12-05 17:57:36

Re: ign_password_protect

#291 2006-12-13 06:44:21

Re: ign_password_protect

#292 2006-12-13 13:52:56

Re: ign_password_protect

#293 2006-12-13 13:55:04

Re: ign_password_protect

#294 2006-12-13 14:01:32

Re: ign_password_protect

#295 2006-12-13 14:03:48

Re: ign_password_protect

#296 2006-12-14 16:29:28

Re: ign_password_protect

#297 2006-12-15 10:58:13

Re: ign_password_protect

#298 2006-12-15 14:12:50

Re: ign_password_protect

#299 2006-12-24 12:02:21

Re: ign_password_protect

#300 2007-01-03 00:21:40

Re: ign_password_protect

Board footer