Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#301 2007-01-03 19:50:06
Re: ign_password_protect
IDEA: Client Section of a Website
I’m building a client section on my design site. It would rely on asy_wondertag working in tandem with a working <txp:ign_logged_user>
tag in this plugin.
The desired behaviour is as follows;
- A Client is given a specific url (http://domain.com/clients-/clientName-) and a user/password
- The client logs in using a user account name that matches the name of article, image and file categories
- The client is then presented with a screen on which
- extracts of past articles with project progress reports appear on main area of page. Clicking on a “read more” link would bring up the whole article via a permalink
- a sidebar containing upcoming deadlines (this client only) and…
- a list of links to galleries (this client only)
I think that the following code should do it (fingers crossed, regarding wondertag). But I still have to try it out. Just waiting on the ign_logged_user functionality.
<txp:ign_if_logged_in> <div class=“twoThirds story”> <h3>Project Updates</h3> <txp:asy_wondertag> <txp:article_custom category=”<txp:ign_logged_user />” form=“article-clients” /> </txp:asy_wondertag> </div>
<div class=“right side”> <h3>Upcoming Deadlines</h3>
<txp:asy_wondertag> <txp:article_custom category=”<txp:ign_logged_user />” time=“future” form=“archive” limit=“999” /> </txp:asy_wondertag>
<h3>Project Images</h3> <txp:asy_wondertag> <txp:stw_category_tree start=”<txp:ign_logged_user />” onclass=“selected” type=“image” section=“clients”/></txp:asy_wondertag> </div>
<txp:else /> <txp:ign_show_login login_msg=“login message” />
</txp:ign_if_logged_in>I’ll let you know how it goes, and in the meantime, feel free to offer input…
Last edited by mrdale (2007-01-04 20:20:42)
Offline
#302 2007-01-15 23:46:39
- RussLipton
- Member
- From: Spokane, WA
- Registered: 2005-02-17
- Posts: 36
Re: ign_password_protect
I have wrapped the default page template in password_protect tag tags. Works as desired to require login to website. Can I associate those tags with a page template or form so the screen doesn’t look so plain and nasty? If not, can I redirect from a default page template if log-in is required to a separate login page or popup a login dialog window? I suspect I’m requesting a Textpattern usage tip rather than trying to locate an existing feature for this plugin …
Offline
#303 2007-01-16 01:28:05
- igner
- Plugin Author
- Registered: 2004-06-03
- Posts: 337
Re: ign_password_protect
Russ – you have a few options:
1) use the plugin in page-protect mode – this’ll fire of the browser’s authentication dialog (like is typical for .htaccess protected pages)
2) alternatively, only wrap the content that actually needs protecting (i.e. just the txp:article tag, etc.) so you still have all the page styling
3) (coupled with 2), use txp:ign_if_logged_in coupled with txp:else to present alternate content for users that aren’t logged in, and completely decouple the login form (or present the login form in the else context.
No reasn that you have to present bare bones for non-logged-in users.
And then my dog ate my badger, and the love was lost.
Offline
#304 2007-01-16 10:49:31
Re: ign_password_protect
So if I want to password-protect a couple of blog entries, I’ll just wrap the content that needs protecting?
Will said content appear in the search results of my site?
Offline
#305 2007-01-16 14:24:10
- igner
- Plugin Author
- Registered: 2004-06-03
- Posts: 337
Re: ign_password_protect
Mr Dale – didn’t get the notification of your posts, so sorry about that. Yes, ign_logged_user is broken in the current download. I’ve got a new beta with some pretty significant changes (the most significant one being a migration to form support for rendered elements). For the more daring, a beta with horribly incomplete documentation can be downloaded here.
Here’s a quick explanation of the form support:
ign_password_protect and ign_show_login now take a ‘form’ attribute, for example <txp:ign_show_login form=‘my login form’ />. If no form attribute is given, the plugin looks for a form called ‘login_form’. If there isn’t a valid form in the database, the plugin generates a simple form structure; this default form looks like the following:
<div class=‘login’> <p><span class=‘error’><txp:ign_error_msg >There was a problem logging in.</txp:ign_error_msg></span></p> <p><label>Name:<br /> <txp:ign_user_field /> </label><br /> <label>Password:<br /> <txp:ign_pass_field /> </label><br /> <label>Remember Me? <txp:ign_checkbox name=‘stay’ value=‘1’ /></label> <txp:ign_submit_field name=‘login’ value=‘Login’/></p>
</div>Probably the only piece above that needs explaining, is the ign_error_message tag, which does allow for sending different error messages depending on the type of error. For instance, one could use the following structure to give different errors for insufficient privileges and bad username / password:
<div id=“alert>
<txp:ign_error_msg error=“privs’>Sorry, you do not have sufficient privileges to view this section.</txp:ign_error_msg>
<txp:ign_error_msg error=“auth”>Username and/or password were incorrect, please verify your username and password and try again.</txp:ign_error_msg>
</div>
Give it a shot, post feedback here or email me directly (igner at igneramos dot com). Maybe having it out there will provide the necessary incentive to finish writing the documentation.
BTW – clever idea with the wondertag, let me know how it works out.
Last edited by igner (2007-01-19 22:09:59)
And then my dog ate my badger, and the love was lost.
Offline
#306 2007-01-16 15:12:00
- igner
- Plugin Author
- Registered: 2004-06-03
- Posts: 337
Re: ign_password_protect
Saigo wrote:
So if I want to password-protect a couple of blog entries, I’ll just wrap the content that needs protecting?
Will said content appear in the search results of my site?
yes, the blog entries will show up in the search results, unfortunately. Look through this thread, though, there are some decent suggestions for controlling search results for protected content.
And then my dog ate my badger, and the love was lost.
Offline
#307 2007-01-16 16:36:48
Re: ign_password_protect
>igner
BTW – clever idea with the wondertag, let me know how it works out.
Thanks! It works out pretty well. I will make a post with a full description of how to build a client section of your site when it is flawless.
Right now a user logs in, and gets an overview page with all content that pertains to them (via categories) and can then navigate to their stuff.
I still have the security challenge of one user accessing another user’s urls (categories) and getting into stuff that doesn’t belong to them, directly rather via a top level page with navs. I really rather not write rights individually for every user. Any Ideas?
Request
I had to hack the plugin so it would output the username and user login as plain text. If you make this an attribute of the tag <txp:ign_logged_user link="no" />
it would allow greater flexibility (and my project to work on a standard install of your plugin :) ).
Last edited by mrdale (2007-01-16 16:37:49)
Offline
#308 2007-01-16 17:11:43
- igner
- Plugin Author
- Registered: 2004-06-03
- Posts: 337
Re: ign_password_protect
actually, no hacking was necessary (which you might have known, had the original download actually had the work-in-progress docs included…the version now available has better, albeit still not perfect, docs).
There’s a separate tag, ign_user_info, for generating your own logged_user displays. <txp:ign_user_info type="name" />
ought to do what you want.
And then my dog ate my badger, and the love was lost.
Offline
#309 2007-01-16 17:17:19
Re: ign_password_protect
>igner
<txp:ign_user_info/>
Great, thanks! any thoughts on stopping those clients from looking at eachother’s work?
Offline
#310 2007-01-16 17:32:34
- igner
- Plugin Author
- Registered: 2004-06-03
- Posts: 337
Re: ign_password_protect
mrdale wrote:
Great, thanks! any thoughts on stopping those clients from looking at eachother’s work?
Kinda glossed over that one, didn’t I? :) This question comes up time and time again, and I’ve not really been able to come up with a simple solution that doesn’t involve altering the core. I’ll keep mulling it over, though, because it is such a frequently requested concept.
Last edited by igner (2007-01-16 19:07:11)
And then my dog ate my badger, and the love was lost.
Offline
#311 2007-01-16 17:44:24
Re: ign_password_protect
So, I thought about doing the article tag like this (notice my hacked tag to return a user name in text)…
<txp:asy_wondertag>
<txp:article_custom category="<txp:ign_user_name display="name" />" />
</txp:asy_wondertag>
This works to keep other users out, but then it returns the same article list every time for that particular user, even when you specify a permalink to an individual article.
I’m looking at chh_article_custom which will enables recursive descent into subcategories, but I think that will still display a list.
What I need to make this work is an article tag that will let you restrict to a parent category, presenting all child categories and list individual articles and article lists. convoluted? Make sense?
Cheers, though. This has been a fun puzzle.
Last edited by mrdale (2007-01-16 17:44:52)
Offline
#312 2007-01-17 13:10:13
- infusion
- Member
- Registered: 2005-08-04
- Posts: 19
Re: ign_password_protect
I’m currently using this plugin to achieve 2 things. Firstly, I have a distributor area which should only be accessed by users with the “none” privilleges while the retailer area should only be accessible to members with “Freelancer” privilleges. I placed the following codes in separate articles:-
Retailer Shop
<code>
<txp:ign_password_protect privs=“none” login_msg=“LOGIN”>
This is the retailer store. Products are coming soon.
<txp:ign_logged_user /></txp:ign_password_protect>
</code>
Distributor Store
<code>
<txp:ign_password_protect privs=“Freelancer” login_msg=“LOGIN”>
This is the distributor store. Products are coming soon.
<txp:ign_logged_user /></txp:ign_password_protect>
</code>
But it doesn’t work. When I key in the username and passwords, it just flashes me the same login form. But when I remove the privs attribute, it works but now both shops can be accessed by anyone which is not the intention.
Also, I changed my password at the backend but the frontend only accepts my old passwords. Any idea why?
Offline