Password Protecting Content using CustomContent and FrontEndUsers Question

[mkaishar]

Hello,

First post here, installed and using CMSMS for about 2 weeks now...all I can say that it is great! Learning it slowly but surely.

My background...IT consultant focused more on networking and administration, not a web person but can easily pick things up if pointed in the right direction.

Here's my problem, wondering if CMSMS is the solution?

I need a secured environment to publish internal company info, etc... for clients, this data will be on a public facing server (I can secure the file system, but I need help in how to go about using CMSMS.

There will be a mix of public data and private data, the private data pages should not be visible unless they login and from there they will be able to see the content.

Do I need to use htpassword for example if within the secured content I have links to downloadable files, or will CC and FEU work to protect those files, I would presume a conjunction of both?

Not sure if I am stating clearing what I am looking for...any pointers would greatly appreciated.

[datoupee]

I'm not sure if CMSMS has a plugin for password protected content but there are many PHP scripts you can add to make something like this work.

All you need to do is add the following code to the top of pages that are to be secure...

";
$acc_denied = "Access Denied".$back; # you could add a link to where users can login here...
if (!isset($_COOKIE["verified"])) { die($acc_denied); }

?>

With the following login on the main page...


Username:  
  Password:  



Then use a reader script PHP page to verify a set username and password.

Incorrect Password !Sorry but you have entered an incorrect password.Click here to try and log in again.-----------------------------------------------------------------------------Request a Password:-----------------------------------------------------------------------------Please click here if you would like to request a password.");
}
?>

Hope that helps.

[calguy1000]

The customconten and frontend users modules can handle hiding private data, and even mixing public and private data on the same page.

to make private pages invisible, you'll need to group your private pages together, and put them in a separate {menu} call, that has the customcontent code around it so that it doesn't show up to public users.

Protecting downloaded files is relatively simple, use the Uploads module.  Then you can wrap this code in customcontent code and protect the access to these files.  With the Uploads module, the links to the files are also obfuscated so that people won't know exactly how to download the files.

[mkaishar]

Thank you both for the response, I will work on it and report back.

Mark

[mkaishar]

to make private pages invisible, you'll need to group your private pages together, and put them in a separate {menu} call, that has the customcontent code around it so that it doesn't show up to public users.

I am using the CSSMenu top + 2 columns template and I was able to find more info on the forum by searching and reading from other posts but I am confused here.

I was able to use CC & FEU to make content private, thank you for the pointer and I was able to find out more info on the forum by reading previous posts...but I am confused about the "{menu}" call.

Do I uncheck "Show in Menu:" for each page? And put {menu} in my template?


 

     
     
        {content block='Sidebar'}
     
     

     
{cms_module module=FrontEndUsers}
{cms_module module=CustomContent} 
Welcome, you are entitled to see private information.

     
        {print showbutton=true script=true}
        {title}
        {content}


{menu items='documentation, docs-page-1'}

       


{anchor anchor='main' text='^ Top'}

       
            {cms_selflink dir="previous" label="Previous page: "}

            {cms_selflink dir="next"}
       
       

     
     
 


 

 




If I do that then it shows me a generic bulleted menu list, I would like to put it in the CSS drop down clean look and not as generic bullet items

I am willing to pay for someone to create me a framework using CSSMenu top + 2 columns template  public and private pages working together, uploads module, customcontent, frontendusers.

If anyone is interested please PM me and let me know roughly how much...time is money and I am willing to pay for those services.

Although I am technical, I am not a developer and I would rather focus on my networking and administration.

Thanks,
Mark

[mkaishar]

Well tried for a week now with no success, I can secure content based on whether a user is logged in or not, but i can't figure out how to hide pages and only have them visible once a user is logged in...anyone willing to spend a half hour to show me some working example code?  I am willing to pay for the time and info.

Let me know...

I think this forum should have a section where people like me who do not have PHP experience are willing to pay for example and info for people's time. I really don't need a complete site, I just need some help here and there and I just like everyone else believe that time is worth money.

Thanks,

Mark

[calguy1000]

hiding private pages is relatively simple, once you see it, but not easy to see.
There are a few ways to do this, but the steps illustrated below are the easiest

Step 1.  Organize all of your private pages under one 'Section Header Parent'.
            The 'Section Header Parent', should be marked as 'not shown in menu'
           

Step 2.  Add syntax similar to the following in to an appropriate spot in your template
{if $customcontent_loggedin}
  {cms_module module=menumanager template='whatever' startelement='' showrootsiblings='1'}
{/if}

[Pierre M.]

Hello,

Although FrontEndUser and CustomContent modules are a smart and flexible way of doing it, you may have a look at a more basic option inside the webserver :
http://forum.cmsmadesimple.org/index.ph ... 630.0.html
Hope it helps too.

Pierre M.

[slloyd]

Oh, oh, oh, datoupee, this is exactly what I've been looking for!!!! And since I can't seem to be able to install any modules, I'd like to get the detailed instructions for using this code.

Where EXACTLY do I place each code? You mentioned "at the top of the page". Do you mean in the Head?

And the next code goes in the Body, correct?

So the reader script PHP page goes in a file I name passwordreader.php? Is that correct?

TIA for help!

[Pierre M.]

(snip)
if (!isset($_COOKIE["verified"])) { die($acc_denied); }
(snip)
if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass)
{
setcookie ("verified", true);
header ("Location:main_page.php");
}
else
(snip)

Humm... your cookie is not related to a random, server generated, transient session cookie. So it is easyly forgeable. Anybody can come to your site via an HTTP request with a cookie called "verified" @ "yoursite.com".

I think that people with PHP knowledge should join the dev team to improve existing modules (frontendusers, customcontent...) rather than reinvent the wheel (and introducing weaknesses). And regular users don't have to write a single line of PHP to make CMSms work, as they can rely on the dev team and its coordinated good work.

Pierre M.