RESTRICTING VIEWER ACCESS TO LOGGED IN USERS ONLY - Dec 29th, 2018
|
If you're using a current version of CMSB (2.51+) Greg Thomas from InteractiveTools explains how to restrict access. He said:
There is a new getCurrentUserFromCMS function you can use to get the current CMS user, and it works if you're not using the website membership plugin on a site:
<?php if (!defined('START_SESSION')) { define('START_SESSION', true); } // load viewer library $libraryPath = 'cmsAdmin/lib/viewer_functions.php'; $dirsToCheck = array('/path_to_your_server/','','../','../../','../../../'); foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }} if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); } //Get the current CMS users details $CMS_USER = getCurrentUserFromCMS(); //redirect the browser if no user is currently logged into the back end if (!@$CMS_USER['num']){ redirectBrowserToUrl("http:/your_site.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']); exit; } ?>
*** LOG OUT ISSUES ***
Using this approach, you might discover a log out issue, especially If you're trying to restrict access to Admins only, or show information a page for users and additional information for admins.
If you do, a possible fix is in a companion recipe called LOG OUT NOT LOGGING OUT IN VER 2.51+ ? at http://thecmsbcookbook.com/recipedetail.php?475 LEGACY (Version 2.1+) If you surround your "require once" code with the 2 if statements, the page will be hidden from anyone who is not logged in to the CMS Interface and all they will see is a notice that says "You must login first".
if (!defined('START_SESSION')) { define('START_SESSION', true); } require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php"; if (!@$_SESSION['username']) { die("You must login first!"); }
If you want to redirect your users to the login screen, replace the following line:
if (!@$_SESSION['username']) { die("You must login first!"); }
with this one:
if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/admin.php"); exit; }
and replace the URL with the (full) URL to your login screen.
Alternatively, to automatically direct the user back to your "hidden" page, you could use this instead:
if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']); exit; }
There are some interesting ways to create forms to "hide" the real location of the login screen that can be found on this post:
http://www.interactivetools.com/forum/gforum.cgi?post=73920
|
The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact
Interactive Tools for information on the downloading of the software or the purchasing of licenses.