Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » ign_password_protect

#61 2005-08-22 14:19:29

june
Member
Registered: 2005-06-02
Posts: 47

Re: ign_password_protect

thanks igner! I look forward to seeing version 0.4. :)

-june

Offline

#62 2005-08-22 17:42:31

abacus7
New Member
From: UK
Registered: 2004-11-11
Posts: 9

Re: ign_password_protect

June – don’t know whether this will help or not, but I had to do something similar for my site. I worked around it by having a category ‘unsecure’ and one ‘secure’. By using conditionals to test for the category you can have content to show when a user is logged in, and content to show when they’re not.

Basically, I’ve done this:

<txp:if_article_category name=“secure” number=“1”>
<txp:ign_password_protect remember=“1”>
<txp:body />
</txp:ign_password_protect>
<txp:else />
<txp:body />
</txp:if_article_category>

Offline

#63 2005-08-22 19:46:52

june
Member
Registered: 2005-06-02
Posts: 47

Re: ign_password_protect

I can’t see your code, if you could try reposting it, that would be great.

thanks for your help.

june

Offline

#64 2005-08-23 16:42:18

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

@abacus7 – that’s a rather clever solution

@june – here’s the code abacus7 posted (you can see it if you view source):

<code>
<txp:if_article_category name=“secure” number=“1”>
<txp:ign_password_protect remember=“1”>
<txp:body />
</txp:ign_password_protect> <txp:else /> <txp:body />
</txp:if_article_category>
</code>

OK – given the interest, I put in some time last night to get this stable enough to draft some testers. If you’re interested in testing the 0.4 release, contact me off-list.

Included in the beta are the following:

  • modifications to the output of existing plugins
  • admin side control to select whether to use the inbuilt txp_users database, or an alternate user database (created by the plugin – no need to create the table yourself)
  • two new tags: ign_if_not_logged_in (as requested) and ign_self_edit (front-facing password change form for logged-in users, will ultimately expand to allow users to edit their own profiles down the road, but today I am still just a bill it’s just for changing passwords)

Again, if you’re interested in being a lab rat beta tester, click that new-fangled e-mail link to the left (or shoot me a note if you already have my address).


And then my dog ate my badger, and the love was lost.

Offline

#65 2005-08-23 16:54:18

creativesplash
Member
From: Coimbatore, India
Registered: 2005-01-19
Posts: 283
Website

Re: ign_password_protect

You Rock Jeremy!!! You Rock!!! This news has made my day!!


“Take a point, stretch it into a line, curl it into a circle, twist it into a sphere, and punch through the sphere.”

— Albert Einstein

Offline

#66 2005-08-23 19:49:06

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

@creativesplash – thanks for that. (the check’s in the mail ;)

By the way, a word of caution when using this (or frankly, any of the password protection options out there): using the password protection at the page level (i.e. section level) can potentially lead to the security being circumvented. This is due to the fact that some URL schemes allow the user to alter the section by modifying the URL (either by changing the section in the URL or by appending a properly formatted query string. In addition, article_custom returns results without regard to section, so be careful when using that in conjunction with password protection. I haven’t done enough testing to determine conclusively which URL schemes are vulnerable (I know that messy URLs and /section/id/title are vulnerable, /section/title and /year/month/day/title do not seem to be vulnerable, nor, for some reason, does /id/title appear to be vulnerable).

Note that these issues apply to the in-built tag as well as this plug-in. Also note that tags are not currently parsed in the RSS and Atom feeds, so bear that in mind as well when thinking about the content you are looking to protect.


And then my dog ate my badger, and the love was lost.

Offline

#67 2005-08-30 21:15:27

bmangold
New Member
Registered: 2005-02-12
Posts: 3

Re: ign_password_protect

Great plugin!

I have noticed that if I have a login on two different template pages then the ‘logout’ fails to work.

I wanted this so that the login wasn’t on every page, but a user was still able to logout.

Is there any way to just use the “txp:ign_password_protect” AND “/txp:ign_password_protect” – but have a ‘logout’ published when they are logged in ??

This would get around the problem.

Thanks

Offline

#68 2005-09-02 18:04:46

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

@bmangold – Thanks! Not sure what might be going on with the logout failing – are you seeing ?logout=1 on the URL when you try to logout?

If I understand the question – the answer is yes. It’s as simple as including <a href="?logout=1">Logout</a>, preferably within the password protected content (so it’s hidden if they’re not logged in).

Just FYI – A significantly revised version of the plugin is in the hands of testers right now, and I’m hoping to let it loose in the wild very shortly, which includes a number of improvements to the plugin’s functionality.


And then my dog ate my badger, and the love was lost.

Offline

#69 2005-09-02 18:38:08

creativesplash
Member
From: Coimbatore, India
Registered: 2005-01-19
Posts: 283
Website

Re: ign_password_protect

This is just fantastic! I tested it out and it does look very promising! Hear me everybody? This plugin is ultra super cool!!

Keep up the great job Jeremy!

Regards,
Vasanth

Last edited by creativesplash (2005-09-02 18:38:52)


“Take a point, stretch it into a line, curl it into a circle, twist it into a sphere, and punch through the sphere.”

— Albert Einstein

Offline

#70 2005-09-03 01:29:12

variaas
Plugin Author
From: Chicago
Registered: 2005-01-16
Posts: 402
Website

Re: ign_password_protect

Hey igner…amazing job! This is definitely looking like something I can use. I am having a slight problem with this plugin though. I hide the login form but show it to the side of the page, I’m using TXP4 and when I log in it shows this message (just the first time – if I refresh it goes away):

<code>

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249
</code>

any idea what’s causing this?

Offline

#71 2005-09-03 02:07:00

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

Technically, you can ignore this — this is just coming up because the plugin it testing the value of a variable that isn’t set on first run.

You can make that message go away by setting Admin->Preferences->Production Status to Live.

And you can upgrade to the next version when I roll it out next week :)


And then my dog ate my badger, and the love was lost.

Offline

#72 2005-09-03 02:18:02

aslsw66
Member
From: Canberra, Australia
Registered: 2004-08-04
Posts: 342
Website

Re: ign_password_protect

Igner,

I know you are still working on improving this, but one of your suggestions for a future version has tweaked my interest.

You say that th plugin will “will ultimately expand to allow users to edit their own profiles down the road”. Does this mean we can define additional fields for each user that can be collected from or even set (eg. by an administrator) for individual users?

In my case, I want to set up a site for a small community organisation (volunteer firefighters). I want most of the site to be password protected so we can share info about training, operational procedures, etc. At the same time, I would like to get info from members on things like their financial status, training status, various competencies, etc. Some of this info would come from the member, some from the training officer, some from the brigade captain.

Is this the sort of thing your ‘ultimate’ version of the plugin will allow? Or would I be better off using you plugin as a wrapper for some more PHP functionality to record and update this extra information?

Obviously, I would prefer a single table to store members’ details, with one plugin managing recording and storing info…

Thanks for the great plugin.

Offline

  1. Index
  2. » Archives
  3. » ign_password_protect

Board footer

Powered by FluxBB