RESTRICTING VIEWER ACCESS TO LOGGED IN USERS ONLY - Dec 29th, 2018


If you're using a current version of CMSB (2.51+) Greg Thomas from InteractiveTools explains how to restrict access. He
said:

There is a new getCurrentUserFromCMS function you can use to get the current CMS user, and it works if you're not using
the website membership plugin on a site:

<?php if (!defined('START_SESSION')) { define('START_SESSION', true); }
// load viewer library
$libraryPath = 'cmsAdmin/lib/viewer_functions.php';
$dirsToCheck = array('/path_to_your_server/','','../','../../','../../../');
foreach (
$dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
if (!
function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }

//Get the current CMS users details
$CMS_USER = getCurrentUserFromCMS();

//redirect the browser if no user is currently logged into the back end
if (!@$CMS_USER['num']){
redirectBrowserToUrl("http:/your_site.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']);
exit;
}
?>


*** LOG OUT ISSUES ***

Using this approach, you might discover a log out issue, especially If you're trying to restrict access to Admins only,
or show information a page for users and additional information for admins.

If you do, a possible fix is in a companion recipe called LOG OUT NOT LOGGING OUT IN VER 2.51+ ? at
http://thecmsbcookbook.com/recipedetail.php?475

LEGACY (Version 2.1+)
If you surround your "require once" code with the 2 if statements, the page will be hidden from anyone who is not logged
in to the CMS Interface and all they will see is a notice that says "You must login first".




if (!defined('START_SESSION')) { define('START_SESSION', true); }
require_once "/path_to_your/cmsAdmin/lib/viewer_functions.php";
if (!@$_SESSION['username']) { die("You must login first!"); }



If you want to redirect your users to the login screen, replace the following line:



if (!@$_SESSION['username']) { die("You must login first!"); }



with this one:



if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/admin.php"); exit; }



and replace the URL with the (full) URL to your login screen.

Alternatively, to automatically direct the user back to your "hidden" page, you could use this instead:



if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/admin.php?redirectUrl=" .
$_SERVER['REQUEST_URI']); exit; }



There are some interesting ways to create forms to "hide" the real location of the login screen that can be found on
this post:

http://www.interactivetools.com/forum/gforum.cgi?post=73920



The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service