Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2010-02-25 12:03:37

gavnosis
Member
From: Milton Keynes, UK
Registered: 2005-03-12
Posts: 137
Website

Password protect: latest thinking?

I’ve just read of the potential 4.2 issues for ign_password_protect – I’ve previously used this successfully for a small number users on an ancient release of TXP, a long time ago…

What I’d really like to know is what the latest Textpattern thinking is… Maybe someone has already done the sort of thing I’m after:

I have a single section of a site I’ve been asked to restrict to people who have registered (Not sure how automated this needs to be, and don’t know if mem-self-register is overkill!).
I think this is known in the industry as a squeeze page
i.e. User visits section and gains additional access once they’ve signed up for a newsletter (I’ve seen this sort of thing with commercial products such as Constant Contact).

Is this sort of thing possible (for me!) in Textpattern?

Thank you, in advance : )

G.

Offline

#2 2010-02-25 12:26:19

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,488
Website

Re: Password protect: latest thinking?

It depends how secure it needs to be, i.e. whether it depends on inputting a password or just having fulfilled some certain task such as registering for a newsletter, and perhaps also whether it needs to be accessible in the long term.

For example, a very simple option would be to set a cookie on the signup success screen (that shows only after signing up) and using chs_cookie on the additional info page to check existence and validity of the cookie. That’s very straightforward but they lose access once their cookie expires or is deleted.
To allow them to view again, you’d have to ask for their email address again (still, that’s easier than a password). You could present the newsletter signup form again (or make it look different) and allow your success/error page to set the cookie even if it returns that a duplicate email address was entered.


TXP Builders – finely-crafted code, design and txp

Offline

#3 2010-02-25 13:07:01

gavnosis
Member
From: Milton Keynes, UK
Registered: 2005-03-12
Posts: 137
Website

Re: Password protect: latest thinking?

Thanks Jakob,

Es klingt gut! It doesn’t have to be super-secure, and does just depend on the signup, so this should be fine.

So do I just build a registration form which sets a cookie? (I think I know how to do this…) And then chs_cookie checks that this is set? (Presumambly works as a Textpattern conditional check).

I’ll try and build this and see if I can get it to work.

Gavnosis

Offline

#4 2010-02-25 13:20:05

philwareham
Core designer
From: Farnham, Surrey, UK
Registered: 2009-06-11
Posts: 3,196
Website

Re: Password protect: latest thinking?

Yep, use any good off-the-shelf login system that gives you a cookie, then you can harness that cookie in textpattern to allow access to restricted sections. Although cookies can be deleted by users (or set to expire by you) it can be set up to direct users back to a login/register screen if the cookie is missing or does not match. Once logged in again another cookie will be created.

You can embed that system into your textpattern pages/forms if it allows, or pull textpattern forms into the login system’s own templates if not using rah_external_output. That’s exactly what I do on my site.

Last edited by philwareham (2010-02-25 13:21:35)

Offline

#5 2010-02-25 16:24:05

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,488
Website

Re: Password protect: latest thinking?

use any good off-the-shelf login system…

Obviously, it depends on your specific needs, but in my example above I wasn’t even thinking of a full login system. If that was the case you could use mem_self_register/ ign_password_protect if you want it working with txp as that offers <txp:ign_if_logged_in> ... <txp:else /> ... constructions.

If it’s really just a case of “your email address for access to the special content”, then you may not need password access at all. I’d just set the cookie on the screen that comes after the form has been successfully processed, for example the following:

  • case: successful : “thank you for signing up for our newsletter” + “special content” page / link + set cookie
  • case: email previously submitted : “you have already signed up” (or similar) message + “special content” page / link + set cookie
  • case: wrong email / spam (e.g. if you add a honeypot trap): “sorry, something went wrong” message + no cookie

The second case enables people to re-access that page at a later date simply by submitting their email address again – no new infos to submit, no password to remember, no accounts to look after.

Last edited by jakob (2010-02-25 16:24:55)


TXP Builders – finely-crafted code, design and txp

Offline

#6 2010-02-25 20:34:38

gavnosis
Member
From: Milton Keynes, UK
Registered: 2005-03-12
Posts: 137
Website

Re: Password protect: latest thinking?

Jakob,

I think on balance yours is the route I’d like to take… Now, am I right in assuming I now have to actually write some PHP here? Textpattern doesn’t have some slick function to help me here?? Soething like this?

<h1>Please register for goodies</h1>
<form id="form1" name="form1" method="post" action="/goodies/start">
<label>Name
<input type="text" name="userName" id="userName" />
</label>
<label>E mail
<input type="text" name="userEmail" id="userEmail" />
</label>
<input name="submit" type="submit" />
</form>

Then this sort of thing, which loads before the rest of the page when the users hits ‘submit’ and is directed to /goodies/start?

<?php
setcookie ("cookieLogin", "user is logged in");
?>

I’ve read the php manual but can sense I’m getting into deep water here…

Any more pointers?

G.

Offline

#7 2010-02-25 21:49:32

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,488
Website

Re: Password protect: latest thinking?

I suspect you’ll want to save the names and emails that people provide so I presume you have some collection mechanism in mind – either a third-party newsletter script or you could use mem_postmaster. Try attaching the set cookie bit to the success/reply mechanism of whatever newsletter script you are using.

If you’re using mem_postmaster, you can use zem_contact_reborn to make a subscribe form. zem_contact_reborn allows you to specify your own success_form and in that you can use chs_set_cookie (part of the above plugin) to set your cookie. I’m not sure what mem_postmaster does about duplicate entries, so you’ll have to try and see what happens.

Then use chs_if_cookie to detect the cookie’s value on the page with your special content…

EDIT: if you’re having problems understanding chs_cookie, here’s a version with the help text cleaned up and corrected so that it’s readable:

YToxMTp7czo0OiJuYW1lIjtzOjEwOiJjaHNfY29va2llIjtzOjY6ImF1dGhvciI7czoxMToiTm9hbSBTYW11ZWwiO3M6MTA6ImF1dGhvcl91cmkiO3M6MjE6Imh0dHA6Ly9jaGlnaC5vcmcvbm9hbSI7czo3OiJ2ZXJzaW9uIjtzOjM6IjAuMSI7czoxMToiZGVzY3JpcHRpb24iO3M6NzY6IldpbGwgZW5hYmxlIHlvdSB0byBtYWtlIGNlcnRhaW4gYXJlYXMgY29uZGl0aW9uYWwgYmFzZWQgb24gY29va2llcyB2YXJpYWJsZXMiO3M6NDoiaGVscCI7czoxNTUxOiIJPGgxPlVzYWdlPC9oMT4KCgk8aDM+Y2hzX2lmX2Nvb2tpZTwvaDM+Cgo8cHJlPjxjb2RlPiZsdDt0eHA6Y2hzX2lmX2Nvb2tpZSBjb29raWU9JnF1b3Q7Z2VuZXJpY0Nvb2tpZSZxdW90OyB2YWx1ZT0mcXVvdDtnZW5lcmljVmFsdWUmcXVvdDsmZ3Q7CglUaGlzIHRleHQgd2lsbCBhcHBlYXIgb25seSBpZiB0aGUgY29va2llICZxdW90O2dlbmVyaWNDb29raWUmcXVvdDsKCWhhcyB0aGUgdmFsdWUgJnF1b3Q7Z2VuZXJpY1ZhbHVlJnF1b3Q7LgombHQ7L3R4cDpjaHNfaWZfY29va2llJmd0Owo8L2NvZGU+PC9wcmU+CgoJPGgzPmNoc19jb29raWVfZXhpc3RzPC9oMz4KCjxwcmU+PGNvZGU+Jmx0O3R4cDpjaHNfY29va2llX2V4aXN0cyBjb29raWU9JnF1b3Q7Z2VuZXJpY0Nvb2tpZSZxdW90OyZndDsKCXRoaXMgdGV4dCB3aWxsIGFwcGVhciBvbmx5IGlmIHRoZSBjb29raWUgJnF1b3Q7Z2VuZXJpY0Nvb2tpZSZxdW90OwoJZXhpc3RzICh0aGlzIGRvZXMgbm90IGNvdW50IGNvb2tpZXMgdGhhdCB3ZXJlIHNldCBieQoJY2hzX3NldF9jb29raWUgZHVyaW5nIHRoZSBzYW1lIHJlcXVlc3QpLgombHQ7L3R4cDpjaHNfY29va2llX2V4aXN0cyZndDsKPC9jb2RlPjwvcHJlPgoKCTxoMz5jaHNfY29va2llX2RlZmF1bHQ8L2gzPgoKPHByZT48Y29kZT4mbHQ7dHhwOmNoc19jb29raWVfZGVmYXVsdCBjb29raWU9JnF1b3Q7Z2VuZXJpY0Nvb2tpZSZxdW90OyZndDsKCXRoaXMgdGV4dCB3aWxsIGFwcGVhciBvbmx5IGlmIHRoZSBjb29raWUgJnF1b3Q7Z2VuZXJpY0Nvb2tpZSZxdW90OwoJZG9lcyBub3QgZXhpc3QgKHRoaXMgZG9lcyBub3QgY291bnQgY29va2llcyB0aGF0IHdlcmUKCXNldCBieSBjaHNfc2V0X2Nvb2tpZSBkdXJpbmcgdGhlIHNhbWUgcmVxdWVzdCkuCiAmbHQ7L3R4cDpjaHNfY29va2llX2RlZmF1bHQmZ3Q7CjwvY29kZT48L3ByZT4KCgk8aDM+Y2hzX2VjaG9fY29va2llPC9oMz4KCgk8cD5UaGlzIHdpbGwgYmUgdGhlIHZhbHVlIG9mIHRoZSBjb29raWUgJiM4MjIwO2dlbmVyaWNDb29raWUmIzgyMjE7IGJlZm9yZSB0aGUgcGFnZSB3YXMgcmVxdWVzdGVkOjwvcD4KCjxwcmU+PGNvZGU+Jmx0O3R4cDpjaHNfZWNob19jb29raWUgY29va2llPSZxdW90O2dlbmVyaWNDb29raWUmcXVvdDsgLyZndDsKPC9jb2RlPjwvcHJlPgoKCTxoMz5jaHNfc2V0X2Nvb2tpZTwvaDM+CgoJPHA+VGhlIGZvbGxvd2luZyAodG8gYmUgdXNlZCBvbmx5IGF0IHRvcCBvZiBkb2N1bWVudCkgd2lsbCBzZXQgdGhlIGNvb2tpZSBnZW5lcmljQ29va2llIHRvIGdlbmVyaWNWYWx1ZTo8L3A+Cgo8cHJlPjxjb2RlPiZsdDt0eHA6Y2hzX3NldF9jb29raWUgY29va2llPSZxdW90O2dlbmVyaWNDb29raWUmcXVvdDsgdmFsdWU9JnF1b3Q7Z2VuZXJpY1ZhbHVlJnF1b3Q7IC8mZ3Q7CjwvY29kZT48L3ByZT4KPCEtLSAqKiogQkVHSU4gUExVR0lOIENTUyAqKiogLS0+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmgxIHtmb250LXdlaWdodDpib2xkO30KY29kZSB7Y29sb3I6Izg2NDgwMH0KPC9zdHlsZT4KPCEtLSAqKiogRU5EIFBMVUdJTiBDU1MgKioqIC0tPgoiO3M6NDoiY29kZSI7czoxMjY1OiJnbG9iYWwgJGNvb2tpZXVuc2V0Ow0KJGNvb2tpZXVuc2V0ID0gYXJyYXkoKTsNCmdsb2JhbCAkY29va2llYnZhbHVlOw0KJGNvb2tpZWJ2YWx1ZT0gYXJyYXkoKTsNCg0KDQpmdW5jdGlvbiBjaHNfaWZfY29va2llKCRhdHRzLCR0aGluZykgew0KICAgICAgICAgICAgICAgIGdsb2JhbCAkY29va2lldW5zZXQ7DQoJCSR0aGV2YXIgPSAoJGF0dHNbImNvb2tpZSJdKSA/ICRhdHRzWyJjb29raWUiXSA6ICJ0aGluZ2llIjsNCgkJcmV0dXJuICgkX0NPT0tJRVskdGhldmFyXSA9PSAkYXR0c1sidmFsdWUiXSAmJiAhJGNvb2tpZXVuc2V0WyR0aGV2YXJdKSA/IHBhcnNlKCR0aGluZykgOiAiIjsNCn0NCg0KZnVuY3Rpb24gY2hzX2Nvb2tpZV9kZWZhdWx0KCRhdHRzLCR0aGluZykgew0KICAgICAgICAgICAgICAgZ2xvYmFsICRjb29raWV1bnNldDsNCgkJJHRoZXZhciA9ICgkYXR0c1siY29va2llIl0pID8gJGF0dHNbImNvb2tpZSJdIDogInRoaW5naWUiOw0KCQlyZXR1cm4gKCRfQ09PS0lFWyR0aGV2YXJdIHx8ICRjb29raWV1bnNldFskdGhldmFyXSkgPyAiIiA6IHBhcnNlKCR0aGluZyk7DQp9DQoNCg0KZnVuY3Rpb24gY2hzX2Nvb2tpZV9leGlzdHMoJGF0dHMsJHRoaW5nKSB7DQogICAgICAgICAgICAgICBnbG9iYWwgJGNvb2tpZXVuc2V0Ow0KCSAJJHRoZXZhciA9ICgkYXR0c1siY29va2llIl0pID8gJGF0dHNbImNvb2tpZSJdIDogInRoaW5naWUiOw0KCQlyZXR1cm4gKCRfQ09PS0lFWyR0aGV2YXJdKSA/IHBhcnNlKCR0aGluZykgOiAiIjsNCn0NCg0KZnVuY3Rpb24gY2hzX2VjaG9fY29va2llICgkYXR0cykgew0KICAgICAgICBnbG9iYWwgJGNvb2tpZXVuc2V0Ow0KCSR0aGV2YXIgPSAoJGF0dHNbImNvb2tpZSJdKSA/ICRhdHRzWyJjb29raWUiXSA6ICJ0aGluZ2llIjsNCglyZXR1cm4gKCRjb29raWVidmFsdWVbJHRoZXZhcl0pID8gJGNvb2tpZWJ2YWx1ZVskdGhldmFyXSA6ICRfQ09PS0lFWyR0aGV2YXJdOw0KfQ0KDQpmdW5jdGlvbiBjaHNfc2V0X2Nvb2tpZSAoJGF0dHMpIHsNCgkkdGhldmFyID0gKCRhdHRzWyJjb29raWUiXSkgPyAkYXR0c1siY29va2llIl0gOiAidGhpbmdpZSI7DQogICAgICAgIGlmICghJGNvb2tpZXVuc2V0WyR0aGV2YXJdKSAkY29va2llYnZhbHVlID0gJF9DT09LSUVbJHRoZXZhcl07DQogICAgICAgIGlmICgkX0NPT0tJRVskdGhldmFyXSkgJGNvb2tpZXVuc2V0WyR0aGV2YXJdPXRydWU7DQoNCglzZXRjb29raWUoJHRoZXZhciwgJGF0dHNbJ3ZhbHVlJ10pOw0KCXJldHVybiAiIjsNCn0NCiI7czo0OiJ0eXBlIjtzOjE6IjAiO3M6NToib3JkZXIiO3M6MToiNSI7czo1OiJmbGFncyI7czoxOiIwIjtzOjM6Im1kNSI7czozMjoiZDUwY2U1MDlhNWFmMDJkMDM5ZDMyYzMxNzQ0NWFjMjYiO30=

Last edited by jakob (2010-02-25 23:42:25)


TXP Builders – finely-crafted code, design and txp

Offline

#8 2010-02-26 10:48:45

gavnosis
Member
From: Milton Keynes, UK
Registered: 2005-03-12
Posts: 137
Website

Re: Password protect: latest thinking?

Thanks Jakob,

And thank you for the chs_cookie. I’m glad you’re thinking ahead for me : of course I want to be able to store the names and emails!
(I’ve just been on another journey with my testing server because XAMPP isn’t available for 64bit Windows 7 yet, so I’ve switched to WampServer)

Anyway, I’ve got the 5 (!) plugins all installed and will have a go using <txp:chs_set_cookie cookie="genericCookie" value="genericValue" /> to actually set the cookie (Much better than me having a go with PHP!). I’ve used zem_contact_reborn before, so quite excited about getting this lot all working together. (I’ll report back when I’m done).

Thank you once again!

Tchüss, Gavnosis

Last edited by gavnosis (2010-03-02 10:24:15)

Offline

#9 2010-03-02 10:25:20

gavnosis
Member
From: Milton Keynes, UK
Registered: 2005-03-12
Posts: 137
Website

Re: Password protect: latest thinking?

The cookie setting using this plugin works just fine with a conditional just like this, and is tied to zem_contact_reborn (So far, so good)

<txp:chs_if_cookie cookie="registeredUser" value="1">
<p>This is content for registered users only. Ta-da!</p>
<txp:article form="dh_single" />
</txp:chs_if_cookie>
<txp:chs_cookie_default cookie="registeredUser">
<p>Please register to access addional content</p>
</txp:chs_cookie_default>

However, this seems to be a cookie for the session only. Is there a way to set the expiry date using this plugin?

…or do I have to dust off my PHP manual??

/*update**********************************************/

Okay, this wasn’t exactly hard to do manually (even for me!), once I’d remembered about txp php tags…

<txp:php>
// set a cookie that expires in 1 year
setcookie("registeredUser",1, time()+3600*24*365);
</txp:php>

Last edited by gavnosis (2010-03-02 10:39:34)

Offline

#10 2010-03-02 10:37:45

philwareham
Core designer
From: Farnham, Surrey, UK
Registered: 2009-06-11
Posts: 3,196
Website

Re: Password protect: latest thinking?

I don’t think there is, the plugin is pretty basic in that respect. Also bear in mind the this is a pretty unsecure method, someone could easily create their own cookie with that name and value and they will be able to enter your secure area.

Hopefully at some point in the future Textpattern will gain some core functionality for dynamic cookies with encrypted values, I’ll raise it in the requested future feature ideas if it is not already been mentioned.

Offline

Board footer

Powered by FluxBB