CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[solved] Private page is visible when the URL is pasted into browser

https://forum.cmsmadesimple.org/viewtopic.php?t=21996

Page 1 of 1

[solved] Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 4:16 pm
by cnymike
I had what I thought was a properly designed login to a private page which contained a link to a file. It has come to my attention that Google has indexed the page and file that was supposed to be private.

So I Googled the page in question and sure enough there it was. I clicked on the link and was taken directly to the page that supposedly needs a login before the information is visible.

So obviously my coding is incorrect, or there is a security issue somewhere beyond my comprehension.

My login page is coded like this...

Code: Select all

{if $ccuser-'LoggedIn()'} Welcome {$customcontent_loginname}

<p>Download TheFile  <a href="http://my domain/uploads/file/TheFile.doc">here</a>.</p>

{FrontEndUsers} {else} You are not authorized to view this data {/if}
If I put the URL into the browser that Google has indexed, it takes me to the Login page, but the page also displays the link to the file that was supposed to be protected by virtue of it being on a private page.

What have I done wrong?

As an added note, I have also placed a "Disallow: /file/" directive in the robots.txt file to hopefully get rid of Bots indexing that directory in the future. What else should I do to ensure the protection of people or bots gaining access to this file which should be protected?

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 5:39 pm
by Pierre M.
Seems a typo : what about {if $ccuser-[red]>[/red]loggedin()} ?

Pierre M.

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:22 pm
by cnymike
Pierre,

This issue has cropped up before, that of the missing ">". When I insert the "missing" ">" I then get a parsing error on the page.

Code: Select all

Parse error: syntax error, unexpected '>' in /usr/www/users/myuser/client/tmp/templates_c/71^%%70^707^707A8977%%content%3Acontent_en.php on line 5
By removing the ">" the page loads normally without the error. I don't recall the reason this occurs and I'm sure calguy responded to this at one point in time. But I can't recall.

In any case, leaving the ">" lets the page load without the error, so I'm thinking that the issue must be something else.

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:23 pm
by calguy1000
Simple, shut off the wysiwyg

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:32 pm
by cnymike
Not simple.

I turned off wysiwig, put the following code in and the error still occurs...
{if $ccuser-> 'LoggedIn()'} Welcome {$customcontent_loginname} Download the Troop  Committee Roster (Word Doc) here. {FrontEndUsers} {else} You are not authorized to view this data {/if}

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:36 pm
by calguy1000
again, you've got the syntax wrong:

{if $ccuser->loggedin()} 

not

{if $ccuser->'loggedin()'}

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:43 pm
by cnymike
I'll give that a try. By the way,  here is the thread where we discussed all this before...

http://forum.cmsmadesimple.org/index.php/topic,17014.msg84157.html#msg84157

Wish my memory were better.

Re: Private page is visible when the URL is pasted into browser

Posted: Wed May 14, 2008 6:48 pm
by cnymike
Yes Calguy, that syntax error was the problem. Will mark as solved.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited