Restricted Web Site Section / Members-only Area

[ds236]

I'm trying to build a web site in which much of the content is to be viewed only by those who are logged in. I've set up Custom Content and Front End Users. At this point I've run a number of experiments using the example code given in the help files, and mostly not gotten things to do anything remotely close to useful.

What I really want to do is have the template for the protected pages contain the necessary bits to prevent users from visiting. Beyond that, I'd like any access attempts to protected areas to redirect to the top page for the protected area for login, rather than offering the login form and bracketing the content of each and every page with access control statements within the text of the page itself.

I'm probably missing something basic, since this is something I'm sure lots of folks have done previously.

Anyone able to shed some light on a reasonable way to accomplish this set of goals? Any examples out there?

Thanks,

Dan

[leledumbo]

go to this page : http://forum.cmsmadesimple.org/index.ph ... 689.0.html
it's been a great help for me 

[ds236]

While there is SOME help buried in that thread, it goes off in a lot of different directions. And there are items that just plain don't work. It's useful to see the genesis from people discussing a solution, but often such threads lack a definitiive conclusion. That's the case here, IMO, and the documentation for the FrontEndUsers module lacks the information I need to debug at this stage.

Specifically, I cannot find documentation that explains what variables are present in FrontEndUsers to test whether someone is actually logged in.

I am trying the following in a template (this template will be ONLY for pages that are in the area requiring users to log in):

  {if $customcontent_loggedin > 0 }
    {cms_module module=FrontEndUsers form=logout}
    {search}
  {else}
    {cms_module module=FrontEndUsers form=login}
  {/if}

I got the example of using $customcontent_loggedin from one of the items in the thread you pointed me at. It doesn't work.

What happens is I log in, with a valid front-end account. I get the page back with the login form still showing (should have seen the logout form). If I try to log in again, I get told the user is already logged in. Clearly I'm not testing for logged-in-ness properly. If I can get a valid test for being logged in, then I can see about protecting the rest of the page content.

So if anyone can explain how to determine such informatoin about modules as the list of variables that one can use to test state, that would probably be an immense help.

[ds236]

OK, chasing down the issue further, it appears caching must be disabled for pages that I protect. This seems quite reasonable.

Now I'm trying to find the magic setting to make caching OFF by default, either in settings in CMSMS directly, or an incantation that can be placed in a template.