ign_password_protect

june · 2005-08-22 14:19:29

thanks igner! I look forward to seeing version 0.4. :)

-june

abacus7 · 2005-08-22 17:42:31

June – don’t know whether this will help or not, but I had to do something similar for my site. I worked around it by having a category ‘unsecure’ and one ‘secure’. By using conditionals to test for the category you can have content to show when a user is logged in, and content to show when they’re not.

Basically, I’ve done this:

<txp:if_article_category name=“secure” number=“1”>
<txp:ign_password_protect remember=“1”>
<txp:body />
</txp:ign_password_protect>
<txp:else />
<txp:body />
</txp:if_article_category>

june · 2005-08-22 19:46:52

I can’t see your code, if you could try reposting it, that would be great.

thanks for your help.

june

igner · 2005-08-23 16:42:18

@abacus7 – that’s a rather clever solution

@june – here’s the code abacus7 posted (you can see it if you view source):

OK – given the interest, I put in some time last night to get this stable enough to draft some testers. If you’re interested in testing the 0.4 release, contact me off-list.

Included in the beta are the following:

modifications to the output of existing plugins
admin side control to select whether to use the inbuilt txp_users database, or an alternate user database (created by the plugin – no need to create the table yourself)
two new tags: ign_if_not_logged_in (as requested) and ign_self_edit (front-facing password change form for logged-in users, will ultimately expand to allow users to edit their own profiles down the road, but today ~~I am still just a bill~~ it’s just for changing passwords)

Again, if you’re interested in being a ~~lab rat~~ beta tester, click that new-fangled e-mail link to the left (or shoot me a note if you already have my address).

creativesplash · 2005-08-23 16:54:18

You Rock Jeremy!!! You Rock!!! This news has made my day!!

igner · 2005-08-23 19:49:06

@creativesplash – thanks for that. (the check’s in the mail ;)

By the way, a word of caution when using this (or frankly, any of the password protection options out there): using the password protection at the page level (i.e. section level) can potentially lead to the security being circumvented. This is due to the fact that some URL schemes allow the user to alter the section by modifying the URL (either by changing the section in the URL or by appending a properly formatted query string. In addition, article_custom returns results without regard to section, so be careful when using that in conjunction with password protection. I haven’t done enough testing to determine conclusively which URL schemes are vulnerable (I know that messy URLs and /section/id/title are vulnerable, /section/title and /year/month/day/title do not seem to be vulnerable, nor, for some reason, does /id/title appear to be vulnerable).

Note that these issues apply to the in-built tag as well as this plug-in. Also note that tags are not currently parsed in the RSS and Atom feeds, so bear that in mind as well when thinking about the content you are looking to protect.

bmangold · 2005-08-30 21:15:27

Great plugin!

I have noticed that if I have a login on two different template pages then the ‘logout’ fails to work.

I wanted this so that the login wasn’t on every page, but a user was still able to logout.

Is there any way to just use the “txp:ign_password_protect” AND “/txp:ign_password_protect” – but have a ‘logout’ published when they are logged in ??

This would get around the problem.

Thanks

igner · 2005-09-02 18:04:46

@bmangold – Thanks! Not sure what might be going on with the logout failing – are you seeing ?logout=1 on the URL when you try to logout?

If I understand the question – the answer is yes. It’s as simple as including <a href="?logout=1">Logout</a>, preferably within the password protected content (so it’s hidden if they’re not logged in).

Just FYI – A significantly revised version of the plugin is in the hands of testers right now, and I’m hoping to let it loose in the wild very shortly, which includes a number of improvements to the plugin’s functionality.

creativesplash · 2005-09-02 18:38:08

This is just fantastic! I tested it out and it does look very promising! Hear me everybody? This plugin is ultra super cool!!

Keep up the great job Jeremy!

Regards,
Vasanth

Last edited by creativesplash (2005-09-02 18:38:52)

variaas · 2005-09-03 01:29:12

Hey igner…amazing job! This is definitely looking like something I can use. I am having a slight problem with this plugin though. I hide the login form but show it to the side of the page, I’m using TXP4 and when I log in it shows this message (just the first time – if I refresh it goes away):

<code>

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249

Notice: Undefined variable: u_privs in /home/…/public_html/textpattern/lib/txplib_misc.php(429) : eval()’d code on line 249
</code>

any idea what’s causing this?

igner · 2005-09-03 02:07:00

Technically, you can ignore this — this is just coming up because the plugin it testing the value of a variable that isn’t set on first run.

You can make that message go away by setting Admin->Preferences->Production Status to Live.

And you can upgrade to the next version when I roll it out next week :)

aslsw66 · 2005-09-03 02:18:02

Igner,

I know you are still working on improving this, but one of your suggestions for a future version has tweaked my interest.

You say that th plugin will “will ultimately expand to allow users to edit their own profiles down the road”. Does this mean we can define additional fields for each user that can be collected from or even set (eg. by an administrator) for individual users?

In my case, I want to set up a site for a small community organisation (volunteer firefighters). I want most of the site to be password protected so we can share info about training, operational procedures, etc. At the same time, I would like to get info from members on things like their financial status, training status, various competencies, etc. Some of this info would come from the member, some from the training officer, some from the brigade captain.

Is this the sort of thing your ‘ultimate’ version of the plugin will allow? Or would I be better off using you plugin as a wrapper for some more PHP functionality to record and update this extra information?

Obviously, I would prefer a single table to store members’ details, with one plugin managing recording and storing info…

Thanks for the great plugin.

Textpattern CMS

Textpattern CMS support forum

#61 2005-08-22 14:19:29

Re: ign_password_protect

#62 2005-08-22 17:42:31

Re: ign_password_protect

#63 2005-08-22 19:46:52

Re: ign_password_protect

#64 2005-08-23 16:42:18

Re: ign_password_protect

#65 2005-08-23 16:54:18

Re: ign_password_protect

#66 2005-08-23 19:49:06

Re: ign_password_protect

#67 2005-08-30 21:15:27

Re: ign_password_protect

#68 2005-09-02 18:04:46

Re: ign_password_protect

#69 2005-09-02 18:38:08

Re: ign_password_protect

#70 2005-09-03 01:29:12

Re: ign_password_protect

#71 2005-09-03 02:07:00

Re: ign_password_protect

#72 2005-09-03 02:18:02

Re: ign_password_protect

Board footer