[solved] Private page is visible when the URL is pasted into browser

[cnymike]

I had what I thought was a properly designed login to a private page which contained a link to a file. It has come to my attention that Google has indexed the page and file that was supposed to be private.

So I Googled the page in question and sure enough there it was. I clicked on the link and was taken directly to the page that supposedly needs a login before the information is visible.

So obviously my coding is incorrect, or there is a security issue somewhere beyond my comprehension.

My login page is coded like this...

Code: Select all

{if $ccuser-'LoggedIn()'} Welcome {$customcontent_loginname}

<p>Download TheFile  <a href="http://my domain/uploads/file/TheFile.doc">here</a>.</p>

{FrontEndUsers} {else} You are not authorized to view this data {/if}

If I put the URL into the browser that Google has indexed, it takes me to the Login page, but the page also displays the link to the file that was supposed to be protected by virtue of it being on a private page.

What have I done wrong?

As an added note, I have also placed a "Disallow: /file/" directive in the robots.txt file to hopefully get rid of Bots indexing that directory in the future. What else should I do to ensure the protection of people or bots gaining access to this file which should be protected?

[Pierre M.]

Seems a typo : what about {if $ccuser-[red]>[/red]loggedin()} ?

Pierre M.

[cnymike]

Pierre,

This issue has cropped up before, that of the missing ">". When I insert the "missing" ">" I then get a parsing error on the page.

Code: Select all

Parse error: syntax error, unexpected '>' in /usr/www/users/myuser/client/tmp/templates_c/71^%%70^707^707A8977%%content%3Acontent_en.php on line 5

By removing the ">" the page loads normally without the error. I don't recall the reason this occurs and I'm sure calguy responded to this at one point in time. But I can't recall.

In any case, leaving the ">" lets the page load without the error, so I'm thinking that the issue must be something else.

[calguy1000]

Simple, shut off the wysiwyg

[cnymike]

Not simple.

I turned off wysiwig, put the following code in and the error still occurs...

{if $ccuser-> 'LoggedIn()'} Welcome {$customcontent_loginname} Download the Troop  Committee Roster (Word Doc) here. {FrontEndUsers} {else} You are not authorized to view this data {/if}

[calguy1000]

again, you've got the syntax wrong:

{if $ccuser->loggedin()} 

not

{if $ccuser->'loggedin()'}

[cnymike]

I'll give that a try. By the way,  here is the thread where we discussed all this before...

http://forum.cmsmadesimple.org/index.php/topic,17014.msg84157.html#msg84157

Wish my memory were better.

[cnymike]

Yes Calguy, that syntax error was the problem. Will mark as solved.