Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2012-11-28 17:26:58
- gfdesign
- Member
- From: Argentina
- Registered: 2009-04-20
- Posts: 401
Logout using <txp:password_protect />
Hi everyone
I wonder if it’s possible to create a Log out link when you are watching contents protected by <txp:password_protect /> tag.
I think it should be useful especially when you’re in a public computer (such as cybercafe, school, etc)
I know about ign_password_protect plugins, but I’ll have many protected articles for differents users (one article per user), so I would use <txp:password_protect /> rather than ign_password_protect so, this way, I could put the user & password in the same article using custom_fields.
Any idea?
Thanks in advanced
Offline
Re: Logout using <txp:password_protect />
txtstrap (Textpattern + Twitter Bootstrap + etc…)
Offline
Re: Logout using <txp:password_protect />
I realize this thread is a decade old, but I have the same problem as the gfdesign, and the logout link doesn’t work. Is there a currently working solution?
Offline
Re: Logout using <txp:password_protect />
There seem to be no easy way to unset clients Authorization header used by <txp:password_protect />, but you can replace it by another one on logout. Replace where appropriate
<txp:password_protect login="user" pass="password" />with
<txp:password_protect login="user" pass='password<txp:page_url type="logout" />' />and access this page via a HTML form sending, say, logout=password input. Txp will prompt you to login. Using user and passwordpassword should actually log you out.
This may certainly be naive security-wise, so test if one can easily circumvent it.
Offline
Re: Logout using <txp:password_protect />
Thanks, etc! I’ll look into this. :)
Offline
Re: Logout using <txp:password_protect />
I’ve been asked to provide a “logout” link for a section protected using txp:password_protect to ensure another user on a jointly used computer can’t use a still-open session.
Presumably, I just direct the “logout”-link to another “logout” page with the tag above. If the correct person wants to revisit the “internal” area, will they be reshown the password entry dialog box when they visit the internal area again?
Also, is there a way to detect if a login session is currently active? I’d like to add some site-wide navigation items (i.e. not just in the specific protected section) that are only visible when the credentials have been already been supplied.
TXP Builders – finely-crafted code, design and txp
Offline
Re: Logout using <txp:password_protect />
jakob wrote #338737:
Presumably, I just direct the “logout”-link to another “logout” page with the tag above. If the correct person wants to revisit the “internal” area, will they be reshown the password entry dialog box when they visit the internal area again?
Presumably yes, though I have not tested it extensively. But it does not have to be another page. To logout, the user will need to either submit password{logout} password, where {logout} is the URL logout param value, or (better) click Cancel button.
Also, is there a way to detect if a login session is currently active? I’d like to add some site-wide navigation items (i.e. not just in the specific protected section) that are only visible when the credentials have been already been supplied.
Yes, you can check $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] values, possibly via <txp:if_request /> tag. Note that, since these values are session-wide, you can not simultaneously access two or more pages protected with different credentials (which makes this ‘logout’ hack possible).
Offline
Pages: 1